search

andreafioraldi / cve_searchsploit

Search an exploit in the local exploitdb database by its CVE
MIT License
168 stars 52 forks source link

Issue with CVEs longer then 13 characters #5

Closed cRyanStephan closed 4 years ago

cRyanStephan commented 4 years ago

Love the project, super helpful! I noticed that is has problems with extracting CVE #s with more then 13 characters in them (ie CVE-2019-12345). It will only capture the first 13 characters and drop what remains. The issue comes from the main.py script lines 120 and 127, where a CVE of length 13 is hard coded. I fixed this in my instance by creating a function that checks every following character to see if it is still a digit, although, there is probably a more efficient way to do it.

def tillEnd(string, index): out = index + 1 while (string[out].isdigit()): out += 1 return out

print ("Refreshing EDBID-CVE mapping")
with progressbar.ProgressBar(max_value=csv_len) as bar:
    for i in range(csv_len):
        edb = tuple(reader[i])[0]
        if edb in data:
            #print "Skipping edb id " + edb
            pass
        else:
            #print "Downloading https://www.exploit-db.com/exploits/" + edb
            content = ""
            while True:
                try:
                    r = requests.get("https://www.exploit-db.com/exploits/" + edb, headers=get_header)
                    content = r.text
                except Exception:
                    time.sleep(10)
                    continue
                finally:
                    break
            used = []
            indexes = locations_of_substring(content, 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-')
            for pos in indexes:
                  cve = r.text[pos + len('https://cve.mitre.org/cgi-bin/cvename.cgi?name='): tillEnd(r.text, pos + len('https://cve.mitre.org/cgi-bin/cvename.cgi?name=') + 9)].upper()
                  if cve in used: continue
                  used.append(cve)
                  print ("Found: edbid " + edb + " <---> " + cve)
            data[edb] = used
            indexes = locations_of_substring(content, 'https://nvd.nist.gov/vuln/detail/CVE-')
            for pos in indexes:
                  cve = r.text[pos + len('https://nvd.nist.gov/vuln/detail/'): tillEnd(r.text, pos + len('https://nvd.nist.gov/vuln/detail/') + 9)].upper()

Just wanted to let you know

andreafioraldi commented 4 years ago

I'll push a fix and restore the mappings ASAP. ty