jonz-secops · February 2, 2024 07:32
diff --git a/cvemap_wrapper.ps1 b/cvemap_wrapper.ps1
 # Run cvemap with our desired flags and output to json
 # I needed to run this with cvemap version 0.0.2 as 0.0.3 broke the ability to pipe to a file for whatever reason
 .\cvemap.exe -severity=critical -severity=high -es '> 0.01' -poc=true -l 1000 -json > new_vulns.json

 # Paths to the JSON files
 $newJsonFilePath = "new_vulns.json"
 $databaseJsonFilePath = "cve_database.json"

 # Read the newly fetched JSON file
 $newJsonContent = Get-Content -Path $newJsonFilePath | ConvertFrom-Json

 # Read the existing CVE database JSON file
 if (Test-Path $databaseJsonFilePath) {
    $databaseJsonContent = Get-Content -Path $databaseJsonFilePath | ConvertFrom-Json
 }
 else {
    # If it doesn't exist, create an empty database file
    $databaseJsonContent = @()
 }

 # Array to store new vulnerabilities
 $newVulnerabilities = @()

 # Check if each vulnerability is new
 foreach ($vuln in $newJsonContent) {
    $cveId = $vuln.cve_id
    
    # Check if CVE ID already exists in the database
    $existingVuln = $databaseJsonContent | Where-Object { $_.cve_id -eq $cveId }

    if (-not $existingVuln) {
        # Append the new vulnerability to the array
        $newVulnerabilities += $vuln
    }
 }

 # Create a new array to merge the existing database content and new vulnerabilities
 $mergedContent = @()
 $mergedContent += $databaseJsonContent
 $mergedContent += $newVulnerabilities

 # Convert the entire merged content to JSON and write it to file
 $mergedContent | ConvertTo-Json -Depth 100 | Set-Content -Path $databaseJsonFilePath


 # Define the list of vendors and products to ignore
 $ignoreVendors = "bloofox", "vendor2"
 $ignoreProducts = "firmware", "product2"

 # Convert the ignore lists to regular expressions
 $ignoreVendorRegex = ($ignoreVendors | ForEach-Object { [regex]::Escape($_) }) -join "|"
 $ignoreProductRegex = ($ignoreProducts | ForEach-Object { [regex]::Escape($_) }) -join "|"

 # Now let's parse the new data
 # Select relevant fields and filter out entries containing ignored vendors or products
 $filteredData = $newVulnerabilities | Where-Object {
    $_.cpe.vendor -notmatch $ignoreVendorRegex -and $_.cpe.product -notmatch $ignoreProductRegex
 } | ForEach-Object {
    [PSCustomObject]@{
        Vendor          = $_.cpe.vendor
        Product         = $_.cpe.product
        cve_id          = $_.cve_id
        is_exploited    = $_.is_exploited
        age             = $_.age_in_days
        cve_description = $_.cve_description
        cvss_score      = $_.cvss_score
        severity        = $_.severity
        References      = $_.reference -join "`n"  # Join references with newline
        POCs            = $_.poc.url -join "`n"   # Join POCs with newline
        vendor_advisory = $_.vendor_advisory
    }
 }

 # Display the filtered data with dataset labels
 foreach ($dataset in $filteredData) {
    Write-Host -ForegroundColor yellow "##########"
    $dataset 
    Write-Host -ForegroundColor yellow "##########"
    Write-Host ""
 }

 <# # Send messages to Teams channel for new vulnerabilities
 foreach ($newVuln in $newVulnerabilities) {
    $cveId = $newVuln.cve_id
    $vendor = $newvuln.cpe.vendor
    $product = $newvuln.cpe.product
    $teamsWebhookUrl = "<YOUR WEBHOOK URL>"
    
    # Prepare message for Teams
    $teamsMessage = @{
        "@type" = "MessageCard"
        "@context" = "http://schema.org/extensions"
        "summary" = "New Vulnerability Detected: $cveId"
        "themeColor" = "0078D7"
        "sections" = @(
            @{
                "activityTitle" = "New Vulnerability: " + $vendor + " " + $product 
                "activitySubtitle" = "CVE ID: $cveId"
                "facts" = @(
                    @{
                        "name" = "Description"
                        "value" = $newVuln.cve_description
                    },
                    @{
                        "name" = "Severity"
                        "value" = $newVuln.severity
                    },
                    @{
                        "name" = "CVSS Score"
                        "value" = $newVuln.cvss_score
                    }
                    @{
                        "name" = "Vendor Advisory"
                        "value" = $newVuln.vendor_advisory
                    }
                )
            }
        )
        
    }

    $teamsMessageJson = $teamsMessage | ConvertTo-Json -Depth 100
    Invoke-RestMethod -Uri $teamsWebhookUrl -Method Post -Body $teamsMessageJson -ContentType "application/json"
 } #>
	# Run cvemap with our desired flags and output to json
	# I needed to run this with cvemap version 0.0.2 as 0.0.3 broke the ability to pipe to a file for whatever reason
	.\cvemap.exe -severity=critical -severity=high -es '> 0.01' -poc=true -l 1000 -json > new_vulns.json

	# Paths to the JSON files
	$newJsonFilePath = "new_vulns.json"
	$databaseJsonFilePath = "cve_database.json"

	# Read the newly fetched JSON file
	$newJsonContent = Get-Content -Path $newJsonFilePath \| ConvertFrom-Json

	# Read the existing CVE database JSON file
	if (Test-Path $databaseJsonFilePath) {
	$databaseJsonContent = Get-Content -Path $databaseJsonFilePath \| ConvertFrom-Json
	}
	else {
	# If it doesn't exist, create an empty database file
	$databaseJsonContent = @()
	}

	# Array to store new vulnerabilities
	$newVulnerabilities = @()

	# Check if each vulnerability is new
	foreach ($vuln in $newJsonContent) {
	$cveId = $vuln.cve_id

	# Check if CVE ID already exists in the database
	$existingVuln = $databaseJsonContent \| Where-Object { $_.cve_id -eq $cveId }

	if (-not $existingVuln) {
	# Append the new vulnerability to the array
	$newVulnerabilities += $vuln
	}
	}

	# Create a new array to merge the existing database content and new vulnerabilities
	$mergedContent = @()
	$mergedContent += $databaseJsonContent
	$mergedContent += $newVulnerabilities

	# Convert the entire merged content to JSON and write it to file
	$mergedContent \| ConvertTo-Json -Depth 100 \| Set-Content -Path $databaseJsonFilePath


	# Define the list of vendors and products to ignore
	$ignoreVendors = "bloofox", "vendor2"
	$ignoreProducts = "firmware", "product2"

	# Convert the ignore lists to regular expressions
	$ignoreVendorRegex = ($ignoreVendors \| ForEach-Object { [regex]::Escape($_) }) -join "\|"
	$ignoreProductRegex = ($ignoreProducts \| ForEach-Object { [regex]::Escape($_) }) -join "\|"

	# Now let's parse the new data
	# Select relevant fields and filter out entries containing ignored vendors or products
	$filteredData = $newVulnerabilities \| Where-Object {
	$_.cpe.vendor -notmatch $ignoreVendorRegex -and $_.cpe.product -notmatch $ignoreProductRegex
	} \| ForEach-Object {
	[PSCustomObject]@{
	Vendor = $_.cpe.vendor
	Product = $_.cpe.product
	cve_id = $_.cve_id
	is_exploited = $_.is_exploited
	age = $_.age_in_days
	cve_description = $_.cve_description
	cvss_score = $_.cvss_score
	severity = $_.severity
	References = $_.reference -join "`n" # Join references with newline
	POCs = $_.poc.url -join "`n" # Join POCs with newline
	vendor_advisory = $_.vendor_advisory
	}
	}

	# Display the filtered data with dataset labels
	foreach ($dataset in $filteredData) {
	Write-Host -ForegroundColor yellow "##########"
	$dataset
	Write-Host -ForegroundColor yellow "##########"
	Write-Host ""
	}

	<# # Send messages to Teams channel for new vulnerabilities
	foreach ($newVuln in $newVulnerabilities) {
	$cveId = $newVuln.cve_id
	$vendor = $newvuln.cpe.vendor
	$product = $newvuln.cpe.product
	$teamsWebhookUrl = "<YOUR WEBHOOK URL>"

	# Prepare message for Teams
	$teamsMessage = @{
	"@type" = "MessageCard"
	"@context" = "http://schema.org/extensions"
	"summary" = "New Vulnerability Detected: $cveId"
	"themeColor" = "0078D7"
	"sections" = @(
	@{
	"activityTitle" = "New Vulnerability: " + $vendor + " " + $product
	"activitySubtitle" = "CVE ID: $cveId"
	"facts" = @(
	@{
	"name" = "Description"
	"value" = $newVuln.cve_description
	},
	@{
	"name" = "Severity"
	"value" = $newVuln.severity
	},
	@{
	"name" = "CVSS Score"
	"value" = $newVuln.cvss_score
	}
	@{
	"name" = "Vendor Advisory"
	"value" = $newVuln.vendor_advisory
	}
	)
	}
	)

	}

	$teamsMessageJson = $teamsMessage \| ConvertTo-Json -Depth 100
	Invoke-RestMethod -Uri $teamsWebhookUrl -Method Post -Body $teamsMessageJson -ContentType "application/json"
	} #>