Last active
November 11, 2021 00:06
-
-
Save slayerlab/8f578d05e94b69385c5d13cd643ddb43 to your computer and use it in GitHub Desktop.
Check the "Common Vulnerability Scoring System" (CVSS) and "Vector Calculation" through National Vulnerability Database (nvd.nist.gov)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #coded by sl4y3r 0wn3r | |
| #uncomment below for debug | |
| #set -x | |
| # + and this to execute line by line (hit enter) | |
| #trap read debug | |
| # Color bash | |
| RED='\033[1;31m' | |
| GREEN='\033[1;32m' | |
| NC='\033[0m' # "No Color" | |
| usage() { | |
| echo "Usage: $0 <option> <CVE-YYYY-ID>" | |
| echo -e "-f,--file:\tGet CVSS by reading CVEs inside file\t[i.g.: $0 -f cves.txt]" | |
| echo -e "-i,--id:\tSingle CVSS Identification\t\t[i.g.: $0 -i 2016-1142]" | |
| echo -e "-v,--vector:\tShow the CVSS v2 calculator CVE\t\t[i.g.: $0 -v 2016-1142]\n" | |
| echo -e "You can use two options at once to get CVS Score and Calculator v2:" | |
| echo -e "Example: $0 -vi 2016-1142" | |
| } | |
| if [[ $# -lt 2 ]]; then | |
| usage | |
| exit 1 | |
| fi | |
| URL="https://web.nvd.nist.gov/view/vuln/detail?vulnId=" | |
| single_cve(){ | |
| CVSS=$(curl -sSL $URL"$CVE" | | |
| # sed -En 's/(Impact Subscore:).*(\ [0-9]+\.?[0-9]?)/\1\2/p') | |
| awk 'f{print;f=0} /vuln-cvssv2-base-score-link/{f=1}' | sed 's/ //g') | |
| echo "[CVE-$CVE]" | |
| echo -e "CVSS Severity (version 2.0): ${GREEN}${CVSS}${NC}\n" | |
| } | |
| multi_cve(){ | |
| while IFS='' read -r line || [[ -n "$line" ]]; do | |
| CVSS=$(curl -sSL $URL"$line" | | |
| # sed -En 's/(Impact Subscore:).*(\ [0-9]+\.?[0-9])/\1\2/p') | |
| awk 'f{print;f=0} /vuln-cvssv2-base-score-link/{f=1}'| sed 's/ //g') | |
| echo "[$line]" | |
| echo -e "${GREEN}${CVSS}${NC}\n" | |
| done <"$FILENAME" | |
| } | |
| vector_2v() { | |
| VECTOR=$(curl -sSL $URL"$CVE" | | |
| # Old platform version: nvd.nist.gov | |
| # awk 'match($0, /v2-calculator.*?\([a-zA-Z\/:]+\)/) { | |
| # print substr($0, RSTART, RLENGTH) | |
| # New platform version | |
| awk '/vuln-metrics\/cvss\/v2-calculator/,/[A-Z:\/]/' | | |
| sed -En 's/^.*?(\([a-zA-Z\/:]+\)).+$/\1/p'|sed '1d') | |
| echo "[CVSS v2.0]" | |
| echo -e "Vector: ${RED}${VECTOR}${NC}\n" | |
| } | |
| while getopts "i:f:v" OPTIONS; do | |
| case "$OPTIONS" in | |
| i) | |
| CVE=$2 | |
| single_cve | |
| ;; | |
| f) | |
| FILENAME=$2 | |
| multi_cve | |
| ;; | |
| v) | |
| CVE=$2 | |
| vector_2v | |
| ;; | |
| \?) | |
| usage | |
| exit 1 | |
| esac | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment