我目前正在编写一个小型Python 3.6脚本,该脚本接收一个CSV文件,并提取一个CVE和受影响的主机将其存储在一个列表中,如下所示。
CVE-2009-1234
10.11.1.1:80
10.11.1.3:80
10.11.1.4:80
10.11.1.2:80
10.11.1.22:80
10.11.1.2:80
10.11.1.27:80
10.11.1.23:80
10.11.1.29:80
10.11.1.228:80
CVE-2015-1234
10.11.1.224:443
10.11.1.224:80
10.11.1.74:8080
CVE-2015-1235
10.11.1.22
CVE-2017-1234
10.11.1.22:443
10.11.1.22:80
10.11.1.73:8080
CVE-2009-1235
10.11.1.22:443
10.11.1.22:80
但是我无法将此数据写入CSV文件,因此每个CVE及其受影响的主机都在单独的列中,例如:
CVE-2009-1234 | CVE-2015-1234 | ... |
-----------------+--------------------+-----+
10.11.1.1:80 | 10.11.1.224:443 | |
10.11.1.3:80 | 10.11.1.224:80 | |
10.11.1.4:80 | 10.11.1.74:8080 | |
10.11.1.2:80 | | |
10.11.1.22:80 | | |
10.11.1.2:80 | | |
10.11.1.22:80 | | |
10.11.1.23:80 | | |
10.11.1.29:80 | | |
10.11.1.228:80 | | |
我原本以为如果我初始化一个与CVE数相同的列表 - 然后对CVE编号进行索引查找,我可以将每个主机放入新列表中的相应索引中 - 但是当我不得不尝试初始化一个新行,因为前一个点已被填充。
我还研究了CSV库是否具有插入列功能(这显然不是有充分理由的。
我的工作代码如下:
import csv
filename = 'report.csv'
cve = set()
data = []
with open(filename) as csvfile:
reader = csv.reader(csvfile, delimiter=',')
for row in reader:
if ',' in row[11]:
multi_cve = row[11].split(', ')
for entry in multi_cve:
cve.add(entry)
else:
cve.add(row[11])
csvfile.seek(0)
for uniq_cve in cve:
data.append(uniq_cve)
for row in reader:
if row[2] == '':
full_address = row[0]
else:
full_address = row[0] + ':' + row[2]
if ',' in row[11]:
multi_cve = row[11].split(', ')
for entry in multi_cve:
if uniq_cve == entry:
data.append(full_address)
else:
if uniq_cve == row[11]:
data.append(full_address)
csvfile.seek(0)
for entry in data:
print(entry)
忘记添加CSV示例:
IP,Hostname,Port,Port Protocol,CVSS,Severity,Solution Type,NVT Name,Summary,Specific Result,NVT OID,CVEs,Task ID,Task Name,Timestamp,Result ID,Impact,Solution,Affected Software/OS,Vulnerability Insight,Vulnerability Detection Method,Product Detection Result,BIDs,CERTs,Other References
10.11.1.1,,80,tcp,5,Medium,VendorFix,IIS Service Pack - 404,Ensure that the server is running the latest stable Service Pack,The remote IIS server *seems* to be Microsoft IIS 6.0 - w2k3 build 3790,1.3.6.1.4.1.25623.1.0.11874,NOCVE,80e72026-6304-4d23-8cdf-e4789507d231,Scan of all pinged hosts,2017-11-14T05:19:39Z,8a3d71d2-6fa4-4f06-ab7f-b8965667c56b,,"The Patch level (Service Pack) of the remote IIS server appears to be lower
than the current IIS service pack level. As each service pack typically
contains many security patches, the server may be at risk.
Caveat: This test makes assumptions of the remote patch level based on static
return values (Content-Length) within the IIS Servers 404 error message.
As such, the test can not be totally reliable and should be manually confirmed.",,,"
Details:
IIS Service Pack - 404
(OID: 1.3.6.1.4.1.25623.1.0.11874)
Version used: $Revision: 4703 $
",,,,
10.11.1.1,,80,tcp,5,Medium,VendorFix,IIS Service Pack - 404,Ensure that the server is running the latest stable Service Pack,The remote IIS server *seems* to be Microsoft IIS 6.0 - w2k3 build 3790,1.3.6.1.4.1.25623.1.0.11874,NOCVE,80e72026-6304-4d23-8cdf-e4789507d231,Scan of all pinged hosts,2017-11-14T05:19:39Z,2ba7442c-5a46-4628-95d3-a2decae3a57a,,"The Patch level (Service Pack) of the remote IIS server appears to be lower
than the current IIS service pack level. As each service pack typically
contains many security patches, the server may be at risk.
Caveat: This test makes assumptions of the remote patch level based on static
return values (Content-Length) within the IIS Servers 404 error message.
As such, the test can not be totally reliable and should be manually confirmed.",,,"
Details:
IIS Service Pack - 404
(OID: 1.3.6.1.4.1.25623.1.0.11874)
Version used: $Revision: 4703 $
",,,,
10.11.1.1,,80,tcp,4.3,Medium,VendorFix,Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities,Adobe BlazeDS is prone to an XML-injection vulnerability and an XML External Entity injection vulnerability.,Vulnerable url: http://10.11.1.10/flex2gateway/http,1.3.6.1.4.1.25623.1.0.105211,CVE-2009-3960,80e72026-6304-4d23-8cdf-e4789507d231,Scan of all pinged hosts,2017-11-14T05:19:39Z,0a09cb06-7ae6-4234-90f3-bb61f10da46a,Attackers can exploit these issues to obtain sensitive information and carry out other attacks.,"Updates are available, please refer to the linked advisory.","The following applications are affected:
BlazeDS 3.2 and earlier versions
LiveCycle 9.0, 8.2.1, and 8.0.1
LiveCycle Data Services 3.0, 2.6.1, and 2.5.1
Flex Data Services 2.0.1
ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2",,"Send an modificated GET request and check the response
Details:
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
(OID: 1.3.6.1.4.1.25623.1.0.105211)
Version used: $Revision: 7293 $
",,38197,,"http://www.securityfocus.com/bid/38197, http://www.adobe.com/support/security/bulletins/apsb10-05.html"
答案 0 :(得分:0)
我最终得到了一个解决方案。它可能不是最好的解决方案,但它适用于我的目的。我做了什么:
代码如下:
longest_list = len(max(cve_lists,key=len))
rows = []
row = []
# works out the maximum number of iterations we need to get all entries
for count in range(0, (len(cve) * longest_list)):
for entry in cve_lists:
try:
row.append(entry[0])
entry.pop(0)
except IndexError:
# if there is no index, we know there is no data and
# append a blank entry
row.append('')
rows.append(row)
row = []
with open(args.file , 'w') as resultFile:
wr = csv.writer(resultFile, dialect='excel')
wr.writerows(rows)