#!/usr/bin/env python import warnings import requests import datetime import pathlib import json import os import yaml warnings.filterwarnings("ignore", category=DeprecationWarning) import logging, sys from os.path import join from enum import Enum NVD_API_URL = "https://services.nvd.nist.gov/rest/json/cves/2.0/?" TEAMS_WEBHOOK_URL = "" APPLICATIONS = ["Microsoft Windows", "Google Chrome", "Mozilla Firefox", "Adobe Acrobat Reader", "Adobe Flash Player", "Apple macOS", "Apple iOS", "Microsoft Internet Explorer", "Edge", "Linux", "Android OS", "Apache HTTP Server", "Nginx", "PHP", "MySQL", "Oracle Database", "Microsoft SQL Server", "Apache Tomcat", "OpenSSL", "OpenSSH", "WordPress", "Joomla", "Drupal", "VMware vSphere/ESXi", "Cisco IOS", "SAP NetWeaver", "IBM WebSphere", "Cisco ASA", "Microsoft Exchange Server", "Citrix ADC", "Docker"] # Fetch the CVEs for a specific application def fetch_cves_for_application(application_name): # Request parameters for fetching CVEs for the application using keywordSearch # Get yesterday's date in the required format today = datetime.date.today() today_str = today.strftime("%Y-%m-%dT%H:%M:%S") yesterday = today - datetime.timedelta(days=1) yesterday_str = yesterday.strftime("%Y-%m-%dT%H:%M:%S") params = { "keywordSearch": application_name, # Search for CVEs related to this application "pubStartDate": yesterday_str, # Fetch CVEs from yesterday "pubEndDate": today_str, "cvssV3Severity": "HIGH", } # Make the API request response = requests.get(NVD_API_URL, params=params) if response.status_code == 200: cve_data = response.json() return cve_data.get("vulnerabilities", []) else: print(f"Failed to fetch data for {application_name} from NVD API. Status code: {response.status_code}") return [] # Send a single message with all CVEs for all applications to Microsoft Teams def send_all_cves_to_teams(cve_summary): if not cve_summary: # No CVEs found, send a notification stating no CVEs found message = { "text": "No new CVEs found for the specified applications." } else: # Prepare a single message containing all CVEs for all applications message_text = "\n".join(cve_summary) message = { "text": f"Here are the latest CVEs:\n\n{message_text}" } # Post the message to the Teams webhook headers = { 'Content-Type': 'application/json' } response = requests.post(TEAMS_WEBHOOK_URL, headers=headers, data=json.dumps(message)) if response.status_code == 200: print("Message sent to Teams successfully.") else: print(f"Failed to send message to Teams. Status code: {response.status_code}") # Main function to fetch and send CVEs to Teams def main(): cve_summary = [] # List to accumulate all CVE data for app in APPLICATIONS: cves = fetch_cves_for_application(app) if cves: # Format CVEs for this application and add them to the summary list cve_list = "\n\n".join( ["\n\n - --------------------------\n\n" f"**CVE ID**: {cve['cve']['id']}\n\n" f"**Description**: {cve['cve']['descriptions'][0]['value']}\n\n" f"**Severity**: {cve['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseSeverity']}\n\n" f"**Details**: {cve['cve']['references'][0]['url']}\n\n" for cve in cves] ) cve_summary.append("\n\n - --------------------------\n\n" f"**Application**: {app}\n{cve_list}") # else: # cve_summary.append(f"**Application**: {app}\nNo new CVEs found.\n") # Send the accumulated CVEs to Teams send_all_cves_to_teams(cve_summary) if __name__ == "__main__": main()