Tag Archives: python

Downloading and analyzing NVD CVE feed

In previous post “New National Vulnerability Database visualizations and feeds” I mentioned JSON NVD feed.

NVD JSON feed parse python

Let’s see what data it contains, how to download and analyse it. First of all, we need to download all files with CVEs from NVD database and save them to some directory.

nvd feed json download

Unfortunately, there is no way to download all the content at once. Only one year archives. We need to get urls first. Url looks like this: https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2017.json.zip. Then we will download them all.

Continue reading

Automating Opera browser with Selenium WebDriver and Python

The right way to automate a web application is, certainly, to understand how this application works, by using burp (see “Burp Suite Free Edition and NTLM authentication in ASP.net applications“) for example, retrieve all necessary requests and learn how to use them.

However, this is sometimes so difficult and confusing, especially when the site owners are actively fighting with automation attempts. In this case, you may want to automate somehow the work on the highest level, with the graphical elements of the site. You can view them as some pictures, as SikuliX does (“SikuliX: the last chance for automation“, or as some elements of code, as Selenium IDE does (“Selenium, SikuliX and Facebook posting“).

But it would much better to control the browser itself from the Python scripts. And this can be done with Selenium WebDriver.

Selenium WebDriver, Python and Opera browser

Guys from Guru99 have wrote me a letter about their free course about Selenium.

This course looks pretty good. In the first part you can find a detailed description of Selenium components and the project history. After reading this, I finally decided that the Selenium WebDriver suited me best. Examples of WebDriver usage are written in Java, and I wanted to use Python. But since the calls are the same, lessons of this course are still more than useful.

And despite the fact that Selenium is usually used with Firefox, I tried to use it with Chromium-based Opera. This browser is very popular in Russia because of some unique features. 😉

Continue reading

Sending and receiving emails automatically in Python

There are different situations, when you may want to process email messages automatically. I will give some examples related to Vulnerability Management:

  • Send a message to your colleagues that you are going to start a network  vulnerability  scan or WAS scan. It is much better than investigating performance problems in a hurry.
  • Send the results of vulnerability scanning to colleagues or a responsible employee. Many patch management and configuration issues can be delegated to the end user directly without bothering IT department.
  • Process the response (if any) on your message. If it is not, you can send another message or escalate the problem.
  • Send a report with the current security status in the organization to your colleagues and boss.
  • Some systems you can integrate by email only. They will send messages to some email address and you will process them automatically.
  • Maybe you do not like existing email clients and you want to write your own? 😉

Gmail Python IMAP SMTP

In any case, the ability to send e-mails can be very useful. How to do this in python? Let’s assume that your IT team has granted you access to smtp and imap servers.

Continue reading

SSH, SFTP, public key authentication and python

SFTP is a simple and fairly reliable way to share the information within the organization. Let’s look at the situation when you need to pick up some files from a remote host with authorization by public key. And after that, let’s see how to use it with in python.

ssh sftp python

Moreover, let’s see how to work with SSH using python and execute any commands on the remote host. For example. if we need it to collect versions of installed packages and a version Linux distribution for further vulnerability analysis (see “Vulnerability Assessment without Vulnerability Scanner“). 😉

Continue reading

Great OpenVAS news: delay in plugin feed will be dropped, new GVM-Tools for remote management released

Jan Oliver Wagner, CEO of Greenbone and OpenVAS Community leader sent recently several messages to community email list with the great news.

First of all, Greenbone decided to drop two weeks delay in a free plugin feed, that was implemented in June 2017 and made some OpenVAS users pretty nervous.

I wrote about it in “GSM Community Edition and lagging OpenVAS Plugin Feed“. The good thing is that, it has increased interest in NASL scripting among OpenVAS users. I also made some steps in this way in “Adding third party nasl plugins to OpenVAS“. I don’t now why Greenbone finally decided to drop this delay, but I am very glad for this decision. Wise move!

The feed will stay delayed until September 4th, 2017. To demonstrate the current state I used some data from Vulners.com collections. Let’s see the nasl vulnerability detection plugins for CentOS in Nessus and OpenVAS. I know that Windows would be much more clear, but Microsoft released latest MS17-023 bulletin in March, so now there is no much difference there.

CentOS Nessus Openvas 2 week delay

As you can see, no OpenVAS plugins since 2017-08-16, literally two weeks. And I hope this will change very soon.

Don’t forget that NVT will be called now GCF (Greenbone Community Feed) and some advanced enterprise-level checks will be now released only in paid feed.

Another good news is the recent release of open source GVM-Tools for controlling OpenVAS remotelly. It will replace old console client openvas-cli (omp). Let’s try to download and install it on Debian host with installed OpenVAS (see “Installing OpenVAS 9 from the sources“).

Continue reading