Untitled
Guest 222 27th Sep, 2024
#!/usr/bin/env python
import warnings
import requests
import datetime
import pathlib
import json
import os
import yaml
warnings.filterwarnings("ignore", category=DeprecationWarning)
import logging, sys
from os.path import join
from enum import Enum
NVD_API_URL = "https://services.nvd.nist.gov/rest/json/cves/2.0/?"
TEAMS_WEBHOOK_URL = ""
APPLICATIONS = ["Microsoft Windows",
"Google Chrome",
"Mozilla Firefox",
"Adobe Acrobat Reader",
"Adobe Flash Player",
"Apple macOS",
"Apple iOS",
"Microsoft Internet Explorer",
"Edge",
"Linux",
"Android OS",
"Apache HTTP Server",
"Nginx",
"PHP",
"MySQL",
"Oracle Database",
"Microsoft SQL Server",
"Apache Tomcat",
"OpenSSL",
"OpenSSH",
"WordPress",
"Joomla",
"Drupal",
"VMware vSphere/ESXi",
"Cisco IOS",
"SAP NetWeaver",
"IBM WebSphere",
"Cisco ASA",
"Microsoft Exchange Server",
"Citrix ADC",
"Docker"]
# Fetch the CVEs for a specific application
def fetch_cves_for_application(application_name):
# Request parameters for fetching CVEs for the application using keywordSearch
# Get yesterday's date in the required format
today = datetime.date.today()
today_str = today.strftime("%Y-%m-%dT%H:%M:%S")
yesterday = today - datetime.timedelta(days=1)
yesterday_str = yesterday.strftime("%Y-%m-%dT%H:%M:%S")
params = {
"keywordSearch": application_name, # Search for CVEs related to this application
"pubStartDate": yesterday_str, # Fetch CVEs from yesterday
"pubEndDate": today_str,
"cvssV3Severity": "HIGH",
}
# Make the API request
response = requests.get(NVD_API_URL, params=params)
if response.status_code == 200:
cve_data = response.json()
return cve_data.get("vulnerabilities", [])
else:
print(f"Failed to fetch data for {application_name} from NVD API. Status code: {response.status_code}")
return []
# Send a single message with all CVEs for all applications to Microsoft Teams
def send_all_cves_to_teams(cve_summary):
if not cve_summary:
# No CVEs found, send a notification stating no CVEs found
message = {
"text": "No new CVEs found for the specified applications."
}
else:
# Prepare a single message containing all CVEs for all applications
message_text = "\n".join(cve_summary)
message = {
"text": f"Here are the latest CVEs:\n\n{message_text}"
}
# Post the message to the Teams webhook
headers = {
'Content-Type': 'application/json'
}
response = requests.post(TEAMS_WEBHOOK_URL, headers=headers, data=json.dumps(message))
if response.status_code == 200:
print("Message sent to Teams successfully.")
else:
print(f"Failed to send message to Teams. Status code: {response.status_code}")
# Main function to fetch and send CVEs to Teams
def main():
cve_summary = [] # List to accumulate all CVE data
for app in APPLICATIONS:
cves = fetch_cves_for_application(app)
if cves:
# Format CVEs for this application and add them to the summary list
cve_list = "\n\n".join(
["\n\n - --------------------------\n\n"
f"**CVE ID**: {cve['cve']['id']}\n\n"
f"**Description**: {cve['cve']['descriptions'][0]['value']}\n\n"
f"**Severity**: {cve['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseSeverity']}\n\n"
f"**Details**: {cve['cve']['references'][0]['url']}\n\n"
for cve in cves]
)
cve_summary.append("\n\n - --------------------------\n\n"
f"**Application**: {app}\n{cve_list}")
# else:
# cve_summary.append(f"**Application**: {app}\nNo new CVEs found.\n")
# Send the accumulated CVEs to Teams
send_all_cves_to_teams(cve_summary)
if __name__ == "__main__":
main()
To share this paste please copy this url and send to your friends
RAW Paste Data