Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Inspiration: https://thecyberbyte.com/nist-bulk-cve-lookup-for-cvss-with-python/
- # This source: https://pastebin.com/edit/GPRkbrut
- #
- # I used a Ubuntu VM (Ubuntu 20.04.3 LTS) and basic text editor (vi) at command line to interactively test
- # code snippets and wrap-up with the results below. I started a weekend run batch retrieval of all NIST NVD CVSS
- # scores that took over 24 hours to complete, required restarting once with a trimmed up CVE list to complete
- # the approx. 20 percent remaining. (perhaps due to NIST website protections with session limit, disconnect).
- #
- # The ability to iterate forward and test ideas and syntax with a barebones CLI approach worked well.
- #
- # Python and its ecosystem are just amazing for my occasional dabbling even without a really good reason to go further
- # or work "full stack" projects so far.
- #
- # I hope this code example helps!
- #
- # Orlando Stevenson
- # https://www.linkedin.com/in/orlandostevenson/
- #
- import sys
- import requests
- import json
- import time
- from bs4 import BeautifulSoup
- Cvss2id = "Cvss2CalculatorAnchor"
- Cvss3id = "Cvss3NistCalculatorAnchor"
- if len(sys.argv) < 2:
- print('Enter File Name (E.g. python3 bulk_cve_lookup.py cve.txt)')
- exit()
- with open(sys.argv[1], "r") as cve_file:
- lines = cve_file.readlines()
- cve_list = []
- for l in lines:
- as_list = l.split(", ")
- cve_list.append(as_list[0].replace("\n", ""))
- print("CVE-ID,","CVSS 3 Base Score,","CVSS 2 Base Score")
- for CVEs in cve_list:
- response = requests.get('https://nvd.nist.gov/vuln/detail/'+str(CVEs))
- soup = BeautifulSoup(response.content, 'html.parser')
- tsC2 = str(soup.find(id=Cvss2id))
- tsC3 = str(soup.find(id=Cvss3id))
- if len(tsC2) > 10:
- fsC2 = tsC2.split(Cvss2id,1)[1]
- VsC2 = fsC2[2:fsC2.find(" ")]
- else:
- VsC2 = ""
- if len(tsC3) > 10:
- fsC3 = tsC3.split(Cvss3id,1)[1]
- VsC3 = fsC3[2:fsC3.find(" ")]
- else:
- VsC3 = ""
- print(CVEs,",",VsC3,",",VsC2)
Add Comment
Please, Sign In to add comment