/// <summary> /// Copyright (C) 2014-2015 Jerome Athias /// Unfinished tool to retrieve OVAL Definitions corresponding to a CPE an XORCISM database /// This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. /// /// This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. /// /// You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA /// </summary> static void Main(string[] args) { //TODO FIX MODELS //Search the CPE fo OVALDEFINITIONs using the CPE list collected from CVE NVD XORCISMEntities model = new XORCISMEntities(); model.Configuration.AutoDetectChangesEnabled = false; model.Configuration.ValidateOnSaveEnabled = false; XOVALEntities oval_model = new XOVALEntities(); oval_model.Configuration.AutoDetectChangesEnabled = false; oval_model.Configuration.ValidateOnSaveEnabled = false; XVULNERABILITYEntities vuln_model = new XVULNERABILITYEntities(); vuln_model.Configuration.AutoDetectChangesEnabled = false; vuln_model.Configuration.ValidateOnSaveEnabled = false; List <OVALDEFINITIONVULNERABILITY> ListOVALDefVulns = oval_model.OVALDEFINITIONVULNERABILITY.ToList(); foreach (OVALDEFINITIONVULNERABILITY oOVALDefVuln in ListOVALDefVulns) { Console.WriteLine("DEBUG ************************************************************"); Console.WriteLine("DEBUG " + oOVALDefVuln.OVALDEFINITION.OVALDefinitionIDPattern); int iVulnerabilityID = (int)oOVALDefVuln.VulnerabilityID; string sVULReferentialID = vuln_model.VULNERABILITY.FirstOrDefault(o => o.VulnerabilityID == oOVALDefVuln.VulnerabilityID).VULReferentialID; //Console.WriteLine("DEBUG " + oOVALDefVuln.VULNERABILITY.VULReferentialID); Console.WriteLine("DEBUG " + sVULReferentialID); //List<VULNERABILITYFORCPE> ListVulnCPEs = vuln_model.VULNERABILITYFORCPE.Where(o => o.VulnerabilityID == oOVALDefVuln.VULNERABILITY.VulnerabilityID).ToList(); List <VULNERABILITYFORCPE> ListVulnCPEs = vuln_model.VULNERABILITYFORCPE.Where(o => o.VulnerabilityID == iVulnerabilityID).ToList(); foreach (VULNERABILITYFORCPE oVulnCPE in ListVulnCPEs) { //Console.WriteLine("DEBUG " + oVulnCPE.CPE.CPEName); string sCPEName = model.CPE.FirstOrDefault(o => o.CPEID == oVulnCPE.CPEID).CPEName; Console.WriteLine("DEBUG " + sCPEName); } } model.Dispose(); }
private void button1_Click_1(object sender, EventArgs e) { //NOTE: OUTDATED Project. See Import_all string filename; //http://www.saintcorporation.com/xml/exploits.xml try { WebClient wc = new WebClient(); wc.DownloadFile("http://www.saintcorporation.com/xml/exploits.xml", "C:/nvdcve/exploits.xml"); //HARDCODED // wc.Dispose(); //MessageBox.Show("Download is completed", "info", MessageBoxButtons.OK, MessageBoxIcon.Question, MessageBoxDefaultButton.Button1); } catch (Exception ex) { MessageBox.Show("Error while downloading exploits.xml\n" + ex.Message, "Erreur", MessageBoxButtons.OK, MessageBoxIcon.Hand, MessageBoxDefaultButton.Button1); } filename = @"C:\nvdcve\exploits.xml"; //HARDCODED XmlDocument doc = new XmlDocument(); doc.Load(filename); string query = "/xml/body/exploits"; XmlNode report; report = doc.SelectSingleNode(query); XORCISMEntities model = new XORCISMEntities(); XVULNERABILITYEntities vuln_model = new XVULNERABILITYEntities(); foreach (XmlNode n in report.ChildNodes) { //if (n.Name.ToUpper() == "exploit".ToUpper() && n.ChildNodes != null && n.ChildNodes.Count > 0) //{ EXPLOIT sploit = new EXPLOIT(); string myRefID = n.Attributes["id"].InnerText; sploit.ExploitRefID = myRefID; sploit.ExploitName = n.Attributes["id"].InnerText; sploit.ExploitReferential = "saint"; sploit.ExploitDescription = HelperGetChildInnerText(n, "description"); //TODO //sploit.saint_id = HelperGetChildInnerText(n, "saint_id"); sploit.ExploitType = HelperGetChildInnerText(n, "type"); //Search the VulnerabilityID string myCVE = HelperGetChildInnerText(n, "cve"); int vulnID = 0; if (myCVE != "") { var syn = from S in vuln_model.VULNERABILITY where S.VULReferential.Equals("cve") && S.VULReferentialID.Equals(myCVE) select S; if (syn.Count() != 0) { vulnID = syn.ToList().First().VulnerabilityID; // MessageBox.Show("VulnerabilityID of " + myCVE + " is:" + vulnID); } else { //MessageBox.Show("Import_saint_exploits CVE not found! " + myCVE); //CANDIDATE VULNERABILITY canCVE = new VULNERABILITY(); canCVE.VULReferential = "cve"; canCVE.VULReferentialID = myCVE; canCVE.VULDescription = "CANDIDATE"; vuln_model.VULNERABILITY.Add(canCVE); vuln_model.SaveChanges(); vulnID = canCVE.VulnerabilityID; // return; } } //Check if the exploit already exists in the database var syna = from S in model.EXPLOIT where S.ExploitReferential.Equals("saint") && S.ExploitRefID.Equals(myRefID) select S; if (syna.Count() == 0) { model.EXPLOIT.Add(sploit); } else { sploit.ExploitID = syna.ToList().First().ExploitID; } try { model.SaveChanges(); } catch (FormatException ex) { MessageBox.Show("FormatException AddToEXPLOIT : " + ex); return; } if (vulnID != 0) { //Check if EXPLOITFORVULNERABILITY already exists in the database var synj = from S in model.EXPLOITFORVULNERABILITY where S.VulnerabilityID.Equals(vulnID) && S.ExploitID.Equals(sploit.ExploitID) select S; if (synj.Count() == 0) { EXPLOITFORVULNERABILITY sploitvuln = new EXPLOITFORVULNERABILITY(); sploitvuln.VulnerabilityID = vulnID; sploitvuln.ExploitID = sploit.ExploitID; try { model.EXPLOITFORVULNERABILITY.Add(sploitvuln); model.SaveChanges(); } catch (FormatException ex) { MessageBox.Show("AddToEXPLOITFORVULNERABILITY : " + ex); } } } //**************************************************************** // OSVDB string myOSVDB = HelperGetChildInnerText(n, "osvdb"); if (myOSVDB != "") { //Check if the OSVDB reference already exists in the database int osvdbID = 0; var syn2 = from S in model.REFERENCE where S.Source.Equals("OSVDB") && S.ReferenceTitle.Equals(myOSVDB) select S; REFERENCE RefJA = new REFERENCE(); if (syn2.Count() != 0) { //UPDATE osvdbID = syn2.ToList().First().ReferenceID; RefJA.ReferenceID = osvdbID; RefJA.ReferenceURL = "http://osvdb.org/" + myOSVDB; model.SaveChanges(); } else { //Add the OSVDB Reference RefJA.Source = "OSVDB"; RefJA.ReferenceTitle = myOSVDB; RefJA.ReferenceURL = "http://osvdb.org/" + myOSVDB; model.REFERENCE.Add(RefJA); model.SaveChanges(); osvdbID = RefJA.ReferenceID; } //Check if the EXPLOITFORREFERENCE already exists in the database var syn3 = from S in model.EXPLOITFORREFERENCE where S.ExploitID.Equals(sploit.ExploitID) && S.ReferenceID.Equals(osvdbID) select S; if (syn3.Count() == 0) { EXPLOITFORREFERENCE sploitref = new EXPLOITFORREFERENCE(); sploitref.ExploitID = sploit.ExploitID; sploitref.ReferenceID = osvdbID; model.EXPLOITFORREFERENCE.Add(sploitref); model.SaveChanges(); } } //**************************************************************** // BID string myBID = HelperGetChildInnerText(n, "bid"); if (myBID != "") { //Check if the BID reference already exists in the database int bidID = 0; var syn2 = from S in model.REFERENCE where S.Source.Equals("BID") && S.ReferenceTitle.Equals(myBID) select S; if (syn2.Count() != 0) { bidID = syn2.ToList().First().ReferenceID; } else { //Add the OSVDB Reference REFERENCE RefJA = new REFERENCE(); RefJA.Source = "BID"; RefJA.ReferenceTitle = myBID; RefJA.ReferenceURL = "http://securityfocus.com/bid/" + myBID; model.REFERENCE.Add(RefJA); model.SaveChanges(); bidID = RefJA.ReferenceID; } //Check if the EXPLOITFORREFERENCE already exists in the database var syn3 = from S in model.EXPLOITFORREFERENCE where S.ExploitID.Equals(sploit.ExploitID) && S.ReferenceID.Equals(bidID) select S; if (syn3.Count() == 0) { EXPLOITFORREFERENCE sploitref = new EXPLOITFORREFERENCE(); sploitref.ExploitID = sploit.ExploitID; sploitref.ReferenceID = bidID; model.EXPLOITFORREFERENCE.Add(sploitref); model.SaveChanges(); } } //} } MessageBox.Show("FINISHED MISTER_X"); }
/// <summary> /// Copyright (C) 2014-2015 Jerome Athias /// TEST/DEBUG ONLY tool to play with an XORCISM database (check the proper import and relationships creation between CVE and OVAL) /// This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. /// /// This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. /// /// You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA /// </summary> static void Main(string[] args) { XORCISMEntities model = new XORCISMEntities(); XOVALEntities oval_model = new XOVALEntities(); XVULNERABILITYEntities vuln_model = new XVULNERABILITYEntities(); string sCVEID = "CVE-2014-3802"; //HARDCODED VULNERABILITY oVulnerability = null; try { oVulnerability = vuln_model.VULNERABILITY.Where(o => o.VULReferentialID == sCVEID).FirstOrDefault(); } catch (Exception ex) { } if (oVulnerability != null) { //Check if we have an OVALDEFINITION for the VULNERABILITY int iOVALDEFINITIONVULNERABILITYID = 0; try { iOVALDEFINITIONVULNERABILITYID = oval_model.OVALDEFINITIONVULNERABILITY.Where(o => o.VulnerabilityID == oVulnerability.VulnerabilityID).Select(o => o.OVALDefinitionVulnerabilityID).FirstOrDefault(); } catch (Exception ex) { } if (iOVALDEFINITIONVULNERABILITYID > 0) { Console.WriteLine("DEBUG: We already have a definition"); } else { //Search a Product in the Vulnerability's Definition foreach (PRODUCT oProduct in model.PRODUCT) { if (oVulnerability.VULDescription.ToLower().Contains(oProduct.ProductName.ToLower())) { Console.WriteLine("DEBUG: Potential Product: " + oProduct.ProductName); //Platform //CPE } } //Search a Filename in the Vulnerability's Definition foreach (FILE oFile in model.FILE) { if (oVulnerability.VULDescription.ToLower().Contains(oFile.FileName.ToLower())) { Console.WriteLine("DEBUG: Potential File: " + oFile.FileName); } } //regex .dll } } else { Console.WriteLine("ERROR: Vulnerability not found"); } }