Last active
October 14, 2021 11:45
-
-
Save ant4g0nist/10c3b12a8cc064b2293aabd9bd02c9eb to your computer and use it in GitHub Desktop.
ZDI Search
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import re | |
| import sys | |
| import json | |
| import argparse | |
| import requests | |
| from bs4 import BeautifulSoup | |
| # requirements: pip3 install requests bs4 --user | |
| # | |
| # ./zdisearch.py | |
| # usage: zdisearch.py [-h] [-y YEAR] [-t TARGET] [-d DETAILED] [-z ZDI_CAN] | |
| # | |
| # ZDI Scraper | |
| # | |
| # optional arguments: | |
| # -h, --help show this help message and exit | |
| # -y YEAR, --year YEAR year | |
| # -t TARGET, --target TARGET | |
| # target | |
| # -d DETAILED, --detailed DETAILED | |
| # fetch vulnerability details? | |
| # -z ZDI_CAN, --zdi_can ZDI_CAN | |
| # ZDI-CAN id | |
| # ./zdisearch.py -y 2020 -t macos | |
| # **************************************************************************************************** | |
| # ZDI-20-960 (Pwn2Own) Apple macOS kextload Time-Of-Check Time-Of-Use Memory Corruption Vulnerability | |
| # **************************************************************************************************** | |
| # ZDI-20-938 Apple macOS ImageIO EXR Parsing Integer Overflow Remote Code Execution Vulnerability | |
| # **************************************************************************************************** | |
| # ZDI-20-910 Apple macOS decodePICT PIC Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | |
| # **************************************************************************************************** | |
| # ZDI-20-908 Apple macOS AudioToolboxCore CAF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | |
| # **************************************************************************************************** | |
| # ZDI-20-823 Apple macOS AudioToolboxCore CAF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | |
| # **************************************************************************************************** | |
| # ZDI-20-701 (0Day) (Pwn2Own) Apple macOS Quarantine Attribute Bypass Vulnerability | |
| # **************************************************************************************************** | |
| # ZDI-20-683 Apple macOS SkyLight Integer Overflow Privilege Escalation Vulnerability | |
| # **************************************************************************************************** | |
| # ZDI-20-681 (Pwn2Own) Apple macOS cfprefsd Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability | |
| # **************************************************************************************************** | |
| # ZDI-20-680 (Pwn2Own) Apple macOS Core Virtual Machine Service Heap-based Buffer Overflow Vulnerability | |
| # **************************************************************************************************** | |
| # ZDI-20-674 Apple macOS AudioToolboxCore CAF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | |
| # **************************************************************************************************** | |
| # ZDI-20-673 Apple macOS libFontParser Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | |
| # **************************************************************************************************** | |
| # | |
| server = "https://www.zerodayinitiative.com/" | |
| headers = { | |
| "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36", | |
| "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9", | |
| "Referer": "https://www.zerodayinitiative.com/advisories/published/", | |
| "Accept-Encoding": "gzip, deflate, br", | |
| "Accept-Language": "en-GB,en-US;q=0.9,en;q=0.8", | |
| } | |
| def FATAL(msg): | |
| print(msg) | |
| exit(1) | |
| def fetch(year): | |
| url = f"{server}/advisories/published/{year}/" | |
| resp = requests.get(url, headers=headers) | |
| if resp.status_code == 200: | |
| return resp.text | |
| FATAL(f"Failed to fetch. status code :{resp.status_code}") | |
| def fetch_zdican(zdi_can, return_detials = False): | |
| url = f"{server}/advisories/{zdi_can}" | |
| resp = requests.get(url, headers=headers) | |
| if resp.status_code == 200: | |
| soup = BeautifulSoup(resp.text,features="html.parser") | |
| div = soup.find("div",{"class":"contentBlock advisories-details"}) | |
| text = div.text | |
| vuln_details = re.search(r"(VULNERABILITY DETAILS)(.*?)(ADDITIONAL DETAILS)", text, flags=re.S) | |
| vuln_details = vuln_details.group(2) | |
| vuln_details = re.sub(r'\n+', '\n', vuln_details).strip() | |
| if return_detials: | |
| return vuln_details | |
| print("Vulnerability details:", vuln_details) | |
| return | |
| FATAL(f"Failed to fetch. status code :{resp.status_code}") | |
| def search(year, target, fetch_vuln_details): | |
| text = fetch(year) | |
| soup = BeautifulSoup(text, features="html.parser") | |
| scripts = soup.find_all("script") | |
| target_script = None | |
| for script in scripts: | |
| if script.contents and "Elm.Main.embed" in script.contents[0]: | |
| target_script = script.contents[0] | |
| # with open('a.html','w') as f: | |
| # f.write(target_script) | |
| case_table_s = target_script.find("""Elm.Main.embed(elmHere, { | |
| cases: """) | |
| case_table_e = target_script.find("""}); | |
| // end_published_cases""") | |
| case_table = target_script[case_table_s+len("""Elm.Main.embed(elmHere, { | |
| cases: """):case_table_e] | |
| case_table = case_table.replace("'",'"') | |
| results = json.loads(case_table) | |
| for res in results: | |
| if target.lower() in res['title'].lower() or target.lower() in res['affectedVendors'].lower(): | |
| if fetch_vuln_details: | |
| details = fetch_zdican(res['zdiId'], return_detials=True) | |
| print("*"*100) | |
| print(f"{res['zdiId']} {res['title']} ") | |
| print(details) | |
| else: | |
| print("*"*100) | |
| print(f"{res['zdiId']} {res['title']} ") | |
| if __name__ == "__main__": | |
| parser = argparse.ArgumentParser(description="ZDI Scraper") | |
| parser.add_argument("-y","--year", help="year") | |
| parser.add_argument("-t","--target", help="target") | |
| parser.add_argument("-d","--detailed", help="fetch vulnerability details?", default=False) | |
| parser.add_argument("-z","--zdi_can", help="ZDI-CAN id") | |
| args = parser.parse_args() | |
| fetch_vuln_details = args.detailed | |
| if args.year and args.target: | |
| search(args.year, args.target, fetch_vuln_details) | |
| elif args.zdi_can: | |
| fetch_zdican(args.zdi_can) | |
| else: | |
| parser.print_help(sys.stderr) | |
| exit(1) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment