Tools to make working the Arch Linux Security Tracker easier

Related tags

Security related resourcesarch-security-tracker-tools
Overview

Arch Linux Security Tracker Tools

This is a collection of Python scripts to make working with the Arch Linux Security Tracker easier.

Features

  • CVE entry parsing from multiple sources (currently NVD, Mozilla and Chromium) into a JSON format consumable by the tracker
  • Automatic batch addition of the parsed CVE entries to the tracker

Dependencies

  • python >= 3.6
  • python-lxml

CVE entry parsing

CVEs from multiple sources can be parsed. All parser scripts take the CVEs to be considered as a list of arguments and write the parsed CVE entries to stdout in JSON form. The JSON format follows the one used by the tracker as part of its API endpoints, e.g. https://security.archlinux.org/CVE-2019-9956.json.

NVD

tracker_get_nvd.py parses CVE entries from the official NVD database. It is used as

./tracker_get_nvd.py CVE...

Description and references are taken verbatim from the NVD CVE entry. Severity and attack vector are derived from the CVSS v3 if present (this usually takes a few day after the CVE has been published). The type of the vulnerability is always set to "Unknown" and needs to be filled by hand by the user.

This is mostly included as an example for working with the JSON format. CVEs obtained from this source often require manual changes to the description and references before they can be used for the tracker.

Mozilla

tracker_get_mozilla.py parses CVEs issued by Mozilla, mostly for Firefox and Thunderbird. It is used as

./tracker_get_nvd.py CVE... MFSA...

where MFSA is an advisory number issued by Mozilla, e.g. mfsa2021-01. If a MFSA is specified, all CVEs included in this advisory will be parsed.

Description, references and severity are taken verbatim from the Mozilla advisory. The attack vector is assumed to be "Remote" by default due to the nature of the Mozilla products. The type of the vulnerability is always set to "Unknown" and needs to be filled by hand by the user.

Chromium

tracker_get_chromium.py parses CVEs issued for Chrome. It is used as

./tracker_get_chromium.py URL...

where URL is the URL of a Chrome release blog post, e.g. https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html.

The description is of the form "A type security issue has been found in the component component of the Chromium browser before version new_version.", where type, component and new_version are parsed from the blog post. The corresponding severity is taken from the blog post as well. The URL of the blog post and the link to the corresponding Chromium bug report as specified in the blog post are used as references. The attack vector is assumed to be "Remote" by default as Chromium is a browser. The type of the vulnerability is always set to "Unknown" and needs to be filled by hand by the user.

CVE upload to the security tracker

tracker_add.py adds CVEs to the Arch Linux Security Tracker. It reads a JSON file generated by one of the parsers from stdin and tries to create a new CVE for each of the items found in there. The necessary login credentials can be supplied using the TRACKER_USERNAME and TRACKER_PASSWORD environment variables, or will otherwise be asked queried on the TTY.

Note that only adding new CVEs is supported at the moment. Trying to add an already existing CVE will try to merge the data according to the upstream tracker logic, which will only partially succeed if the data is conflicting.

The URL to the tracker is set as https://security.archlinux.org by default, but can be changed for debugging purposes by setting the TRACKER_URL environment variable, e.g. to a tracker instance running locally:

TRACKER_URL='http://127.0.0.32:5000' ./tracker_add.py

Example workflow

  1. Download a set of CVEs using one of the parsers to a JSON file, e.g.

    ./tracker_get_mozilla.py mfsa2021-01 > mfsa2021-01.json

  2. Edit the file to check the generated data and add missing information like the vulnerability type:

    $EDITOR mfsa2021-01.json

  3. Upload the CVEs to the tracker:

    ./tracker_add.py < mfsa2021-01.json

If you are feeling brave, you can omit the editing step and directly upload the generated data to the tracker:

./tracker_get_mozilla.py mfsa2021-01 | ./tracker_add.py

Missing or incorrect information can be edited afterwards using the web interface of the tracker. Be careful with this approach, mass-editing messed up CVE entries has not been implemented yet...

TODO

  • Implement more parsers
  • Validation of the generated JSON files, at least in tracker_add.py
  • Better error handling
  • SSO support using Keycloak
  • Batch editing of existing CVEs
Owner
Jonas Witschel
Arch Linux Trusted User, tpm2-software member
Jonas Witschel
GitHub Repository
Docker is an open platform for developing, shipping, and running applications OS-level virtualization to deliver software in packages called containers However, 'security' is a top request on Docker's public roadmap This project aims at vulnerability check for such docker containers. New contributions are accepted

Docker-Vulnerability-Check Docker is an open platform for developing, shipping, and running applications OS-level virtualization to deliver software i

Team Spark 103 Aug 20, 2022
Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source

Infoga - Email OSINT Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source (search engines, pg

m4ll0k (mallok) 1.8k Jan 04, 2023
the metasploit script(POC/EXP) about CVE-2021-22005 VMware vCenter Server contains an arbitrary file upload vulnerability

CVE-2021-22005-metasploit the metasploit script(POC/EXP) about CVE-2021-22005 VMware vCenter Server contains an arbitrary file upload vulnerability pr

Taroballz 25 Nov 15, 2022
This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

PYTHON-EXPLOITATION This is a repository filled with scripts that were made with Python, and designed to exploit computer systems. Networking tcp_clin

Nathan Galindo 1 Oct 30, 2021
A Radare2 based Python module for Binary Analysis and Reverse Engineering.

Zepu1chr3 A Radare2 based Python module for Binary Analysis and Reverse Engineering. Installation You can simply run this command. pip3 install zepu1c

Mehmet Ali KERİMOĞLU 5 Aug 25, 2022
Tools ini digunakan untuk krekk pacebuk:v

E-Crack By Aang-XD Fitur Login • Login via token facebook • Login via cookie facebook Install On Termux $ pkg update && pkg upgrade $ pkg install pyth

Aang Ardiansyah-XD 2 Dec 24, 2021
CVE-2022-22965 - CVE-2010-1622 redux

CVE-2022-22965 - vulnerable app and PoC Trial & error $ docker rm -f rce; docker build -t rce:latest . && docker run -d -p 8080:8080 --name rce rce:la

Duarte Duarte 20 Aug 25, 2022
vulnerable APIs

vulnerable-apis vulnerable APIs inspired by https://github.com/mattvaldes/vulnerable-api Setup Docker If, Out of the box docker pull kmmanoj/vulnerabl

9 Jun 01, 2022
Better-rtti-parser - IDA script to parse RTTI information in executable

RTTI parser Parses RTTI information from executable. Example HexRays decompiler view Before: After: Functions window Before: After: Structs window Ins

101 Jan 04, 2023
A GitHub action for organizations that enables advanced security code scanning on all new repos

Advanced-Security-Enforcer What this repository does This code is for an active GitHub Action written in Python to check (on a schedule) for new repos

Zack Koppert 30 May 17, 2022
An All-In-One Pure Python PoC for CVE-2021-44228

Python Log4RCE An all-in-one pure Python3 PoC for CVE-2021-44228. Configure Replace the global variables at the top of the script to your configuratio

Alexandre Lavoie 178 Nov 09, 2022
A tool that detects the expensive Carbon Black watchlists.

A tool that detects the "expensive" Carbon Black watchlists.

Oğuzcan Pamuk 8 Aug 04, 2022
This tool ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information that allows them to know in advance if this library complies with processes.

This tool gives developers, researchers and companies the ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information

Telefónica 66 Nov 08, 2022
Deobfuscate Log4Shell payloads with ease

Ox4Shell Deobfuscate Log4Shell payloads with ease. Description Since the release

Oxeye 137 Jan 02, 2023
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.

CVE-2021-21389 BuddyPress 7.2.1 - REST API Privilege Escalation to RCE PoC (Full) Affected version: 5.0.0 to 7.2.0 User requirement: Subscriber user

KIEN HOANG 17 Nov 09, 2022
A decompilation of the Nintendo Switch version of Captain Toad: Treasure Tracker

cttt-decomp A decompilation of the Nintendo Switch version of Captain Toad: Trea

shibbs 14 Aug 17, 2022
A burp-suite plugin that extract all parameter names from in-scope requests

ParamsExtractor A burp-suite plugin that extract all parameters name from in-scope requests. You can run the plugin while you are working on the targe

29 Nov 09, 2022
Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) using standard Impacket.

PrintNightmare Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) using standard Impacket. Installtion $ pip3 install impacket

Oliver Lyak 140 Dec 27, 2022
Log4j exploit catcher, detect Log4Shell exploits and try to get payloads.

log4j_catcher Log4j exploit catcher, detect Log4Shell exploits and try to get payloads. This is a basic python server that listen on a port and logs i

EntropyQueen 17 Dec 20, 2021
Community Repository for Unofficial Saltbox Add-ons

Saltbox Sandbox Repo Community Repository for Unofficial Saltbox Add-ons Requirements Saltbox Documentation Undetermined Roles List of roles can be fo

Salty Organization 31 Dec 19, 2022