-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.py
113 lines (97 loc) · 5.21 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
import json
import os
import tkinter.messagebox
import matplotlib.pyplot as plt
from pynotifier import Notification
from ttkthemes import themed_tk as tk
top = tk.ThemedTk()
top.get_themes()
top.set_theme("radiance")
c = 0
flag = dict.fromkeys(["CSRFs", "SQLs", "XFs", "PTs", "XSSs", "DIRs", "SIs"], 0)
totals = 0
sizes = []
sevcheck = dict.fromkeys(["DIRsev", "XSSsev", "CSRFsev", "SQLsev", "XFsev", "PTsev", "SIsev"], 0)
with open('raw.json') as f:
info = json.loads(f.read())
for i in range(0, len(info["components"])):
check = info["components"][i]
if check["securityData"] is not None and check["securityData"]["securityIssues"] != []:
for j in range(0, len(check["securityData"]["securityIssues"])):
if check["securityData"]["securityIssues"][j]["source"] == "cve":
CVE = check["securityData"]["securityIssues"][j]["reference"]
sev = check["securityData"]["securityIssues"][j]["severity"]
url = check["securityData"]["securityIssues"][j]["url"]
os.system('python ./bin/search.py -c' + CVE)
fhandle = open("demofile3.txt")
for line in fhandle:
line = line.strip()
if line.find('directory traversal') >= 0 or line.find('Directory traversal') >= 0:
flag['DIRs'] += 1
sevcheck['DIRsev'] += sev
elif line.find('Cross-site scripting') >= 0 or line.find('XSS') >= 0:
flag['XSSs'] += 1
sevcheck['XSSsev'] += sev
elif line.find('CSRF') >= 0:
flag['CSRFs'] += 1
sevcheck['CSRFsev'] += sev
elif line.find('SQL injection') >= 0 or line.find('SQL Injection') >= 0 or line.find(
'SQL statements') >= 0:
flag['SQLs'] += 1
sevcheck['SQLsev'] += sev
elif line.find('X-Frame-Options') >= 0:
flag['XFs'] += 1
sevcheck['XFsev'] += 1
elif line.find('Parameter tampering') >= 0 or line.find('parameter tampering') >= 0:
flag['PTs'] += 1
sevcheck['PTsev'] += sev
elif line.find('session ID') >= 0 or line.find('Session ID') >= 0:
flag['SIs'] += 1
sevcheck['SIsev'] += sev
else:
break
print("Component: " + info["components"][i]["pathnames"][0])
print("CVE ID: " + CVE)
print("Severity:", sev)
if sev >= 0.1 and sev <= 3.9:
threat = 'LOW'
elif sev >= 4.0 and sev <= 6.9:
threat = 'MEDIUM'
elif sev >= 7.0 and sev <= 8.9:
threat = 'HIGH'
elif sev >= 9.0 and sev <= 10.0:
threat = 'CRITICAL'
Notification(
title='VULNERABILITY ALERT',
description='Vulnerability : ' + CVE + '\n'
'Location : ' +
info["components"][i]["pathnames"][0] + '\n'
'Threat Level : ' + threat + '\n\n'
'More Information : ' + url,
# icon_path='/home/swastik/Downloads/cve-search-master/icon/vulnerability.png',
duration=2,
urgency=Notification.URGENCY_CRITICAL
).send()
print("<-------------------------------------------------------------------------->")
tkinter.messagebox.showinfo('Vulnerablity Report',
'SQL Injection :' + str(flag['SQLs']) +
'\nPath Traversal :' + str(flag['DIRs']) +
'\nParameter Tampering :' + str(flag['PTs']) +
'\nCross Site Scripting :' + str(flag['XSSs']) +
'\nX-Frame-Options Header Not Set :' + str(flag['XFs']) +
'\nAbsence of Anti-CSRF Tokens :' + str(flag['CSRFs']) +
'\nSession ID in URL Rewrite :' + str(flag['SIs']))
top.destroy()
labels = ['Absence of Anti-CSRF Tokens', 'SQL Injection', 'X-Frame-Options Header Not Set', 'Parameter Tampering',
'Cross Site Scripting', 'Path Traversal', 'Session ID in URL Rewrite']
for i in flag:
totals = totals + flag[i]
for j in flag:
temp = (flag[j] / totals * 100)
sizes.append(temp)
colors = ['#003f5c', '#58508d', '#bc5090', '#ff6361', '#ffa600', '#007ED6', '#7CDDDD']
patches, texts = plt.pie(sizes, colors=colors, shadow=True, startangle=90)
plt.legend(patches, labels, loc="best")
plt.axis('equal')
plt.tight_layout()
plt.show()