Last active
July 14, 2020 09:52
-
-
Save timb-machine/aa810dc90634b10a2c9e331361982413 to your computer and use it in GitHub Desktop.
cvss-to-kill-chain-phase.pl
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl -w | |
| use strict; | |
| use Data::Dumper; | |
| my %killchainmodel; | |
| my $cvssmetric; | |
| my $metricname; | |
| my $metricscore; | |
| my $phasename; | |
| my %vulnerabilitymodel; | |
| my $cvssscore; | |
| # Attack vector (presumes up to exploitation is network, and post-exploitation is local) | |
| $killchainmodel{'AV'}{'N'}{'Reconnaisance'} = 0.2; | |
| $killchainmodel{'AV'}{'N'}{'Weaponisation'} = 0.2; | |
| $killchainmodel{'AV'}{'N'}{'Delivery'} = 0.2; | |
| $killchainmodel{'AV'}{'N'}{'Exploitation'} = 0.2; | |
| $killchainmodel{'AV'}{'N'}{'Installation'} = 0; | |
| $killchainmodel{'AV'}{'N'}{'Command & Control'} = 0.2; | |
| $killchainmodel{'AV'}{'N'}{'Actions on Objectives'} = 0; | |
| $killchainmodel{'AV'}{'A'}{'Reconnaisance'} = $killchainmodel{'AV'}{'N'}{'Reconnaisance'} * 0.75; | |
| $killchainmodel{'AV'}{'A'}{'Weaponisation'} = $killchainmodel{'AV'}{'N'}{'Weaponisation'} * 0.75; | |
| $killchainmodel{'AV'}{'A'}{'Delivery'} = $killchainmodel{'AV'}{'N'}{'Delivery'} * 0.75; | |
| $killchainmodel{'AV'}{'A'}{'Exploitation'} = $killchainmodel{'AV'}{'N'}{'Exploitation'} * 0.75; | |
| $killchainmodel{'AV'}{'A'}{'Installation'} = $killchainmodel{'AV'}{'N'}{'Installation'} * 0.75; | |
| $killchainmodel{'AV'}{'A'}{'Command & Control'} = $killchainmodel{'AV'}{'N'}{'Command & Control'} * 0.75; | |
| $killchainmodel{'AV'}{'A'}{'Actions on Objectives'} = $killchainmodel{'AV'}{'N'}{'Actions on Objectives'} * 0.75; | |
| $killchainmodel{'AV'}{'L'}{'Reconnaisance'} = 0; | |
| $killchainmodel{'AV'}{'L'}{'Weaponisation'} = 0; | |
| $killchainmodel{'AV'}{'L'}{'Delivery'} = 0; | |
| $killchainmodel{'AV'}{'L'}{'Exploitation'} = 0; | |
| $killchainmodel{'AV'}{'L'}{'Installation'} = 0.4; | |
| $killchainmodel{'AV'}{'L'}{'Command & Control'} = 0.2; | |
| $killchainmodel{'AV'}{'L'}{'Actions on Objectives'} = 0.4; | |
| $killchainmodel{'AV'}{'P'}{'Reconnaisance'} = $killchainmodel{'AV'}{'L'}{'Reconnaisance'} * 0.75; | |
| $killchainmodel{'AV'}{'P'}{'Weaponisation'} = $killchainmodel{'AV'}{'L'}{'Weaponisation'} * 0.75; | |
| $killchainmodel{'AV'}{'P'}{'Delivery'} = $killchainmodel{'AV'}{'L'}{'Delivery'} * 0.75; | |
| $killchainmodel{'AV'}{'P'}{'Exploitation'} = $killchainmodel{'AV'}{'L'}{'Exploitation'} * 0.75; | |
| $killchainmodel{'AV'}{'P'}{'Installation'} = $killchainmodel{'AV'}{'L'}{'Installation'} * 0.75; | |
| $killchainmodel{'AV'}{'P'}{'Command & Control'} = $killchainmodel{'AV'}{'L'}{'Command & Control'} * 0.75; | |
| $killchainmodel{'AV'}{'P'}{'Actions on Objectives'} = $killchainmodel{'AV'}{'L'}{'Actions on Objectives'} * 0.75; | |
| # Attack complexity (presumes vulnerabilities don't really help for post-installation) | |
| $killchainmodel{'AC'}{'L'}{'Reconnaisance'} = 0.2; | |
| $killchainmodel{'AC'}{'L'}{'Weaponisation'} = 0.2; | |
| $killchainmodel{'AC'}{'L'}{'Delivery'} = 0.2; | |
| $killchainmodel{'AC'}{'L'}{'Exploitation'} = 0.2; | |
| $killchainmodel{'AC'}{'L'}{'Installation'} = 0.2; | |
| $killchainmodel{'AC'}{'L'}{'Command & Control'} = 0; | |
| $killchainmodel{'AC'}{'L'}{'Actions on Objectives'} = 0; | |
| $killchainmodel{'AC'}{'H'}{'Reconnaisance'} = $killchainmodel{'AC'}{'L'}{'Reconnaisance'} * 0.5; | |
| $killchainmodel{'AC'}{'H'}{'Weaponisation'} = $killchainmodel{'AC'}{'L'}{'Weaponisation'} * 0.5; | |
| $killchainmodel{'AC'}{'H'}{'Delivery'} = $killchainmodel{'AC'}{'L'}{'Delivery'} * 0.5; | |
| $killchainmodel{'AC'}{'H'}{'Exploitation'} = $killchainmodel{'AC'}{'L'}{'Exploitation'} * 0.5; | |
| $killchainmodel{'AC'}{'H'}{'Installation'} = $killchainmodel{'AC'}{'L'}{'Installation'} * 0.5; | |
| $killchainmodel{'AC'}{'H'}{'Command & Control'} = $killchainmodel{'AC'}{'L'}{'Command & Control'} * 0.5; | |
| $killchainmodel{'AC'}{'H'}{'Actions on Objectives'} = $killchainmodel{'AC'}{'L'}{'Actions on Objectives'} * 0.5; | |
| # Privileges required (presumes that weaponisation and delivery are largely off-target activities) | |
| $killchainmodel{'PR'}{'N'}{'Reconnaisance'} = 0.2; | |
| $killchainmodel{'PR'}{'N'}{'Weaponisation'} = 0; | |
| $killchainmodel{'PR'}{'N'}{'Delivery'} = 0; | |
| $killchainmodel{'PR'}{'N'}{'Exploitation'} = 0.2; | |
| $killchainmodel{'PR'}{'N'}{'Installation'} = 0.2; | |
| $killchainmodel{'PR'}{'N'}{'Command & Control'} = 0.2; | |
| $killchainmodel{'PR'}{'N'}{'Actions on Objectives'} = 0.2; | |
| $killchainmodel{'PR'}{'L'}{'Reconnaisance'} = $killchainmodel{'PR'}{'N'}{'Reconnaisance'} * 0.5; | |
| $killchainmodel{'PR'}{'L'}{'Weaponisation'} = $killchainmodel{'PR'}{'N'}{'Weaponisation'} * 0.5; | |
| $killchainmodel{'PR'}{'L'}{'Delivery'} = $killchainmodel{'PR'}{'N'}{'Delivery'} * 0.5; | |
| $killchainmodel{'PR'}{'L'}{'Exploitation'} = $killchainmodel{'PR'}{'N'}{'Exploitation'} * 0.5; | |
| $killchainmodel{'PR'}{'L'}{'Installation'} = $killchainmodel{'PR'}{'N'}{'Installation'} * 0.5; | |
| $killchainmodel{'PR'}{'L'}{'Command & Control'} = $killchainmodel{'PR'}{'N'}{'Command & Control'} * 0.5; | |
| $killchainmodel{'PR'}{'L'}{'Actions on Objectives'} = $killchainmodel{'PR'}{'N'}{'Actions on Objectives'} * 0.5; | |
| $killchainmodel{'PR'}{'H'}{'Reconnaisance'} = $killchainmodel{'PR'}{'N'}{'Reconnaisance'} * 0.25; | |
| $killchainmodel{'PR'}{'H'}{'Weaponisation'} = $killchainmodel{'PR'}{'N'}{'Weaponisation'} * 0.25; | |
| $killchainmodel{'PR'}{'H'}{'Delivery'} = $killchainmodel{'PR'}{'N'}{'Delivery'} * 0.25; | |
| $killchainmodel{'PR'}{'H'}{'Exploitation'} = $killchainmodel{'PR'}{'N'}{'Exploitation'} * 0.25; | |
| $killchainmodel{'PR'}{'H'}{'Installation'} = $killchainmodel{'PR'}{'N'}{'Installation'} * 0.25; | |
| $killchainmodel{'PR'}{'H'}{'Command & Control'} = $killchainmodel{'PR'}{'N'}{'Command & Control'} * 0.25; | |
| $killchainmodel{'PR'}{'H'}{'Actions on Objectives'} = $killchainmodel{'PR'}{'N'}{'Actions on Objectives'} * 0.25; | |
| # User interaction (presumes attackers don't generally require help for command and control and rarely require help for actions on objectives) | |
| $killchainmodel{'UI'}{'N'}{'Reconnaisance'} = 0.3; | |
| $killchainmodel{'UI'}{'N'}{'Weaponisation'} = 0; | |
| $killchainmodel{'UI'}{'N'}{'Delivery'} = 0.3; | |
| $killchainmodel{'UI'}{'N'}{'Exploitation'} = 0.3; | |
| $killchainmodel{'UI'}{'N'}{'Installation'} = 0.3; | |
| $killchainmodel{'UI'}{'N'}{'Command & Control'} = 0; | |
| $killchainmodel{'UI'}{'N'}{'Actions on Objectives'} = 0.1; | |
| $killchainmodel{'UI'}{'R'}{'Reconnaisance'} = $killchainmodel{'UI'}{'N'}{'Reconnaisance'} * 0.5; | |
| $killchainmodel{'UI'}{'R'}{'Weaponisation'} = $killchainmodel{'UI'}{'N'}{'Weaponisation'} * 0.5; | |
| $killchainmodel{'UI'}{'R'}{'Delivery'} = $killchainmodel{'UI'}{'N'}{'Delivery'} * 0.5; | |
| $killchainmodel{'UI'}{'R'}{'Exploitation'} = $killchainmodel{'UI'}{'N'}{'Exploitation'} * 0.5; | |
| $killchainmodel{'UI'}{'R'}{'Installation'} = $killchainmodel{'UI'}{'N'}{'Installation'} * 0.5; | |
| $killchainmodel{'UI'}{'R'}{'Command & Control'} = $killchainmodel{'UI'}{'N'}{'Command & Control'} * 0.5; | |
| $killchainmodel{'UI'}{'R'}{'Actions on Objectives'} = $killchainmodel{'UI'}{'N'}{'Actions on Objectives'} * 0.5; | |
| # Scope (presumes that weaponisation and delivery are largely off-target activities and that command & control doesn't usually involve popping other orgs - sometimes it does!) | |
| $killchainmodel{'S'}{'U'}{'Reconnaisance'} = 0.1; | |
| $killchainmodel{'S'}{'U'}{'Weaponisation'} = 0; | |
| $killchainmodel{'S'}{'U'}{'Delivery'} = 0; | |
| $killchainmodel{'S'}{'U'}{'Exploitation'} = 0.2; | |
| $killchainmodel{'S'}{'U'}{'Installation'} = 0.1; | |
| $killchainmodel{'S'}{'U'}{'Command & Control'} = 0.05; | |
| $killchainmodel{'S'}{'U'}{'Actions on Objectives'} = 0.1; | |
| $killchainmodel{'S'}{'C'}{'Reconnaisance'} = $killchainmodel{'S'}{'U'}{'Reconnaisance'} * 2; | |
| $killchainmodel{'S'}{'C'}{'Weaponisation'} = $killchainmodel{'S'}{'U'}{'Weaponisation'} * 2; | |
| $killchainmodel{'S'}{'C'}{'Delivery'} = $killchainmodel{'S'}{'U'}{'Delivery'} * 2; | |
| $killchainmodel{'S'}{'C'}{'Exploitation'} = $killchainmodel{'S'}{'U'}{'Exploitation'} * 2; | |
| $killchainmodel{'S'}{'C'}{'Installation'} = $killchainmodel{'S'}{'U'}{'Installation'} * 2; | |
| $killchainmodel{'S'}{'C'}{'Command & Control'} = $killchainmodel{'S'}{'U'}{'Command & Control'} * 2; | |
| $killchainmodel{'S'}{'C'}{'Actions on Objectives'} = $killchainmodel{'S'}{'U'}{'Actions on Objectives'} * 2; | |
| # Confidentiality (presumes confidentiality mostly matters when performing reconnaisance and actions on objectives) | |
| $killchainmodel{'C'}{'N'}{'Reconnaisance'} = 0; | |
| $killchainmodel{'C'}{'N'}{'Weaponisation'} = 0; | |
| $killchainmodel{'C'}{'N'}{'Delivery'} = 0; | |
| $killchainmodel{'C'}{'N'}{'Exploitation'} = 0; | |
| $killchainmodel{'C'}{'N'}{'Installation'} = 0; | |
| $killchainmodel{'C'}{'N'}{'Command & Control'} = 0; | |
| $killchainmodel{'C'}{'N'}{'Actions on Objectives'} = 0; | |
| $killchainmodel{'C'}{'L'}{'Reconnaisance'} = 0.25; | |
| $killchainmodel{'C'}{'L'}{'Weaponisation'} = 0; | |
| $killchainmodel{'C'}{'L'}{'Delivery'} = 0; | |
| $killchainmodel{'C'}{'L'}{'Exploitation'} = 0; | |
| $killchainmodel{'C'}{'L'}{'Installation'} = 0; | |
| $killchainmodel{'C'}{'L'}{'Command & Control'} = 0; | |
| $killchainmodel{'C'}{'L'}{'Actions on Objectives'} = 0.25; | |
| $killchainmodel{'C'}{'H'}{'Reconnaisance'} = $killchainmodel{'C'}{'L'}{'Reconnaisance'} * 2; | |
| $killchainmodel{'C'}{'H'}{'Weaponisation'} = $killchainmodel{'C'}{'L'}{'Weaponisation'} * 2; | |
| $killchainmodel{'C'}{'H'}{'Delivery'} = $killchainmodel{'C'}{'L'}{'Delivery'} * 2; | |
| $killchainmodel{'C'}{'H'}{'Exploitation'} = $killchainmodel{'C'}{'L'}{'Exploitation'} * 2; | |
| $killchainmodel{'C'}{'H'}{'Installation'} = $killchainmodel{'C'}{'L'}{'Installation'} * 2; | |
| $killchainmodel{'C'}{'H'}{'Command & Control'} = $killchainmodel{'C'}{'L'}{'Command & Control'} * 2; | |
| $killchainmodel{'C'}{'H'}{'Actions on Objectives'} = $killchainmodel{'C'}{'L'}{'Actions on Objectives'} * 2; | |
| # Integrity (presumes that weaponisation and delivery are largely off-target activities) | |
| $killchainmodel{'I'}{'N'}{'Reconnaisance'} = 0; | |
| $killchainmodel{'I'}{'N'}{'Weaponisation'} = 0 ; | |
| $killchainmodel{'I'}{'N'}{'Delivery'} = 0; | |
| $killchainmodel{'I'}{'N'}{'Exploitation'} = 0; | |
| $killchainmodel{'I'}{'N'}{'Installation'} = 0; | |
| $killchainmodel{'I'}{'N'}{'Command & Control'} = 0; | |
| $killchainmodel{'I'}{'N'}{'Actions on Objectives'} = 0; | |
| $killchainmodel{'I'}{'L'}{'Reconnaisance'} = 0.1; | |
| $killchainmodel{'I'}{'L'}{'Weaponisation'} = 0; | |
| $killchainmodel{'I'}{'L'}{'Delivery'} = 0; | |
| $killchainmodel{'I'}{'L'}{'Exploitation'} = 0.1; | |
| $killchainmodel{'I'}{'L'}{'Installation'} = 0.1; | |
| $killchainmodel{'I'}{'L'}{'Command & Control'} = 0.1; | |
| $killchainmodel{'I'}{'L'}{'Actions on Objectives'} = 0.1; | |
| $killchainmodel{'I'}{'H'}{'Reconnaisance'} = $killchainmodel{'I'}{'L'}{'Reconnaisance'} * 2; | |
| $killchainmodel{'I'}{'H'}{'Weaponisation'} = $killchainmodel{'I'}{'L'}{'Weaponisation'} * 2; | |
| $killchainmodel{'I'}{'H'}{'Delivery'} = $killchainmodel{'I'}{'L'}{'Delivery'} * 2; | |
| $killchainmodel{'I'}{'H'}{'Exploitation'} = $killchainmodel{'I'}{'L'}{'Exploitation'} * 2; | |
| $killchainmodel{'I'}{'H'}{'Installation'} = $killchainmodel{'I'}{'L'}{'Installation'} * 2; | |
| $killchainmodel{'I'}{'H'}{'Command & Control'} = $killchainmodel{'I'}{'L'}{'Command & Control'} * 2; | |
| $killchainmodel{'I'}{'H'}{'Actions on Objectives'} = $killchainmodel{'I'}{'L'}{'Actions on Objectives'} * 2; | |
| # Availability (presumes availability mostly matters when performing actions on objectives) | |
| $killchainmodel{'A'}{'N'}{'Reconnaisance'} = 0; | |
| $killchainmodel{'A'}{'N'}{'Weaponisation'} = 0; | |
| $killchainmodel{'A'}{'N'}{'Delivery'} = 0; | |
| $killchainmodel{'A'}{'N'}{'Exploitation'} = 0; | |
| $killchainmodel{'A'}{'N'}{'Installation'} = 0; | |
| $killchainmodel{'A'}{'N'}{'Command & Control'} = 0; | |
| $killchainmodel{'A'}{'N'}{'Actions on Objectives'} = 0; | |
| $killchainmodel{'A'}{'N'}{'Weaponisation'} = 0; | |
| $killchainmodel{'A'}{'L'}{'Reconnaisance'} = 0; | |
| $killchainmodel{'A'}{'L'}{'Weaponisation'} = 0; | |
| $killchainmodel{'A'}{'L'}{'Delivery'} = 0; | |
| $killchainmodel{'A'}{'L'}{'Exploitation'} = 0; | |
| $killchainmodel{'A'}{'L'}{'Installation'} = 0; | |
| $killchainmodel{'A'}{'L'}{'Command & Control'} = 0; | |
| $killchainmodel{'A'}{'L'}{'Actions on Objectives'} = 0.5; | |
| $killchainmodel{'A'}{'H'}{'Reconnaisance'} = $killchainmodel{'A'}{'L'}{'Reconnaisance'} * 2; | |
| $killchainmodel{'A'}{'H'}{'Weaponisation'} = $killchainmodel{'A'}{'L'}{'Weaponisation'} * 2; | |
| $killchainmodel{'A'}{'H'}{'Delivery'} = $killchainmodel{'A'}{'L'}{'Delivery'} * 2; | |
| $killchainmodel{'A'}{'H'}{'Exploitation'} = $killchainmodel{'A'}{'L'}{'Exploitation'} * 2; | |
| $killchainmodel{'A'}{'H'}{'Installation'} = $killchainmodel{'A'}{'L'}{'Installation'} * 2; | |
| $killchainmodel{'A'}{'H'}{'Command & Control'} = $killchainmodel{'A'}{'L'}{'Command & Control'} * 2; | |
| $killchainmodel{'A'}{'H'}{'Actions on Objectives'} = $killchainmodel{'A'}{'L'}{'Actions on Objectives'} * 2; | |
| while (<>) { | |
| $vulnerabilitymodel{'Reconnaisance'} = 0; | |
| $vulnerabilitymodel{'Weaponisation'} = 0; | |
| $vulnerabilitymodel{'Delivery'} = 0; | |
| $vulnerabilitymodel{'Exploitation'} = 0; | |
| $vulnerabilitymodel{'Installation'} = 0; | |
| $vulnerabilitymodel{'Command & Control'} = 0; | |
| $vulnerabilitymodel{'Actions on Objectives'} = 0; | |
| if ($_ =~ /CVSS:3\.[0-9]\/(.*)/) { | |
| $cvssscore = $1; | |
| foreach $cvssmetric (split(/\//, $cvssscore)) { | |
| if ($cvssmetric =~ /(.*):(.*)/) { | |
| $metricname = $1; | |
| $metricscore = $2; | |
| if ($killchainmodel{$metricname}) { | |
| if ($killchainmodel{$metricname}{$metricscore}) { | |
| foreach $phasename (keys %{$killchainmodel{$metricname}{$metricscore}}) { | |
| if (!$vulnerabilitymodel{$phasename}) { | |
| $vulnerabilitymodel{$phasename} = 0; | |
| } | |
| $vulnerabilitymodel{$phasename} += $killchainmodel{$metricname}{$metricscore}{$phasename}; | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| foreach $phasename (keys %vulnerabilitymodel) { | |
| if ($vulnerabilitymodel{$phasename} > 1) { | |
| print $phasename . "\n"; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment