Tools to make working the Arch Linux Security Tracker easier

Overview

Arch Linux Security Tracker Tools

This is a collection of Python scripts to make working with the Arch Linux Security Tracker easier.

Features

  • CVE entry parsing from multiple sources (currently NVD, Mozilla and Chromium) into a JSON format consumable by the tracker
  • Automatic batch addition of the parsed CVE entries to the tracker

Dependencies

  • python >= 3.6
  • python-lxml

CVE entry parsing

CVEs from multiple sources can be parsed. All parser scripts take the CVEs to be considered as a list of arguments and write the parsed CVE entries to stdout in JSON form. The JSON format follows the one used by the tracker as part of its API endpoints, e.g. https://security.archlinux.org/CVE-2019-9956.json.

NVD

tracker_get_nvd.py parses CVE entries from the official NVD database. It is used as

./tracker_get_nvd.py CVE...

Description and references are taken verbatim from the NVD CVE entry. Severity and attack vector are derived from the CVSS v3 if present (this usually takes a few day after the CVE has been published). The type of the vulnerability is always set to "Unknown" and needs to be filled by hand by the user.

This is mostly included as an example for working with the JSON format. CVEs obtained from this source often require manual changes to the description and references before they can be used for the tracker.

Mozilla

tracker_get_mozilla.py parses CVEs issued by Mozilla, mostly for Firefox and Thunderbird. It is used as

./tracker_get_nvd.py CVE... MFSA...

where MFSA is an advisory number issued by Mozilla, e.g. mfsa2021-01. If a MFSA is specified, all CVEs included in this advisory will be parsed.

Description, references and severity are taken verbatim from the Mozilla advisory. The attack vector is assumed to be "Remote" by default due to the nature of the Mozilla products. The type of the vulnerability is always set to "Unknown" and needs to be filled by hand by the user.

Chromium

tracker_get_chromium.py parses CVEs issued for Chrome. It is used as

./tracker_get_chromium.py URL...

where URL is the URL of a Chrome release blog post, e.g. https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html.

The description is of the form "A type security issue has been found in the component component of the Chromium browser before version new_version.", where type, component and new_version are parsed from the blog post. The corresponding severity is taken from the blog post as well. The URL of the blog post and the link to the corresponding Chromium bug report as specified in the blog post are used as references. The attack vector is assumed to be "Remote" by default as Chromium is a browser. The type of the vulnerability is always set to "Unknown" and needs to be filled by hand by the user.

CVE upload to the security tracker

tracker_add.py adds CVEs to the Arch Linux Security Tracker. It reads a JSON file generated by one of the parsers from stdin and tries to create a new CVE for each of the items found in there. The necessary login credentials can be supplied using the TRACKER_USERNAME and TRACKER_PASSWORD environment variables, or will otherwise be asked queried on the TTY.

Note that only adding new CVEs is supported at the moment. Trying to add an already existing CVE will try to merge the data according to the upstream tracker logic, which will only partially succeed if the data is conflicting.

The URL to the tracker is set as https://security.archlinux.org by default, but can be changed for debugging purposes by setting the TRACKER_URL environment variable, e.g. to a tracker instance running locally:

TRACKER_URL='http://127.0.0.32:5000' ./tracker_add.py

Example workflow

  1. Download a set of CVEs using one of the parsers to a JSON file, e.g.

    ./tracker_get_mozilla.py mfsa2021-01 > mfsa2021-01.json
  2. Edit the file to check the generated data and add missing information like the vulnerability type:

    $EDITOR mfsa2021-01.json
  3. Upload the CVEs to the tracker:

    ./tracker_add.py < mfsa2021-01.json

If you are feeling brave, you can omit the editing step and directly upload the generated data to the tracker:

./tracker_get_mozilla.py mfsa2021-01 | ./tracker_add.py

Missing or incorrect information can be edited afterwards using the web interface of the tracker. Be careful with this approach, mass-editing messed up CVE entries has not been implemented yet...

TODO

  • Implement more parsers
  • Validation of the generated JSON files, at least in tracker_add.py
  • Better error handling
  • SSO support using Keycloak
  • Batch editing of existing CVEs
Owner
Jonas Witschel
Arch Linux Trusted User, tpm2-software member
Jonas Witschel
Universal Radio Hacker: Investigate Wireless Protocols Like A Boss

The Universal Radio Hacker (URH) is a complete suite for wireless protocol investigation with native support for many common Software Defined Radios.

Dr. Johannes Pohl 9k Jan 03, 2023
A python script to turn Ubuntu Desktop in a one stop security platform. The InfoSec Fortress installs the packages,tools, and resources to make Ubuntu 20.04 capable of both offensive and defensive security work.

infosec-fortress A python script to turn Ubuntu Desktop into a strong DFIR/RE System with some teeth (Purple Team Ops)! This is intended to create a s

James 41 Dec 30, 2022
使用golang重写开源工具wafw00f

GO-WAFW00F 介绍 WAFW00F是一款优秀的web应用防火墙识别开源工具:https://github.com/EnableSecurity/wafw00f 使用Golang重写的原因:Python环境配置不便利,Golang打包生成可执行文件直接运行 目前还在开发阶段,规则解析存在小问题

80 Dec 30, 2021
NS-LOOKUP - A python script for scanning website for getting ip address of a website

NS-LOOKUP A python script for scanning website for getting ip address of a websi

Spider Anongreyhat 5 Aug 02, 2022
Mass Shortlink Bypass Merupakan Tools Yang Akan Bypass Shortlink Ke Tujuan Asli, Dibuat Dengan Python 3

Shortlink-Bypass Mass Shortlink Bypass Merupakan Tools Yang Akan Bypass Shortlink Ke Tujuan Asli, Dibuat Dengan Python 3 Support Shortlink tii.ai/tei.

Wan Naz ID 6 Oct 24, 2022
ProxyShell POC Exploit : Exchange Server RCE (ACL Bypass + EoP + Arbitrary File Write)

ProxyShell Install git clone https://github.com/ktecv2000/ProxyShell cd ProxyShell virtualenv -p $(which python3) venv source venv/bin/activate pip3 i

Poming huang 312 Dec 09, 2022
Obfuscate your Python scripts better, faster.

⚜️ Berserker ⚜️ An unique Python3 obfuscator using Kyrie Eleison's encryption protocol, written in Python3. 📋 Examples 📋 Unobfuscated: input("Hello

Billy 81 Dec 07, 2022
Getting my gitlab commit history into github

🔰 ᵀᴱᴸᴱᴳᴿᴬᴹ ᴴᴬᶜᴷ ᴮᴼᵀ 🔰 The owner would not be responsible for any kind of bans due to the bot. • ⚡ INSTALLING ⚡ • • 🛠️ Lᴀɴɢᴜᴀɢᴇs Aɴᴅ Tᴏᴏʟs 🔰 • If

Santiago Chiesa 1 Dec 24, 2021
LaxrFar Python Obfuscator

LaxrFar Python Obfuscator Usage First do the things from "Upload to Webserver" o

LaxrFar 5 Jul 19, 2022
Argument Injection in Dragonfly Ruby Gem

CVE-2021-33564 PoC Exploit script for CVE-2021-33564 (Argument Injection in Dragonfly Ruby Gem). Usage Arbitrary File Read python3 poc.py -u https://

Michael Tsai 12 Nov 09, 2022
Glass是一款针对资产列表的快速指纹识别工具,通过调用Fofa/ZoomEye/Shodan/360等api接口

Glass是一款针对资产列表的快速指纹识别工具,通过调用Fofa/ZoomEye/Shodan/360等api接口快速查询资产信息并识别重点资产的指纹,也可针对IP/IP段或资产列表进行快速的指纹识别。

s7ck Team 764 Jan 05, 2023
A python script written for lazy people to hack their school systen ;D

F-ck-the-system A python script written for lazy people to hack their school systen ;D Python voice notes writer This is a python script to record you

Sachit 2 Jan 09, 2022
KeyKatcher is a keylogger that records keystrokes made on a computer and sends to the E-Mail.

What is a keylogger? A keylogger is a software application or piece of hardware that monitors and records keystrokes made on a computer keyboard. The

Himank_Jain 7 Sep 19, 2022
CSAW 2021 writeups

CSAW 2021 Writeups Challenge Category Solved by The Magic Modbus ics root2thrill Lazy Leaks Forensics root2thrill Poem Collection warm-up root2thrill

7 Oct 06, 2021
Metasploit Multi Purpose Exploiting Toolkit For Termux

MSF-EXPLOIT MSF-ANDRO is a Metasploit Multi Purpose Exploiting Toolkit For Termux . Only a Basic Script , Still in Development . FEATURES : Install Me

Mr.X 22 Dec 29, 2022
🐎🖥《赛马娘》(ウマ娘: Pretty Derby)辅助脚本

auto-derby 自动化养马 育成结果 Nurturing result 功能 支持客户端 DMM (前台) 实验性 安卓 ADB 连接(后台)开发基于 1080x1920 分辨率 团队赛 (Team race) 有胜利确定奖励时吃帕菲 日常赛 (Daily race) PvP 活动赛 (Cha

NateScarlet 376 Jan 01, 2023
Python Toolkit containing different Cyber Attacks Tools

Helikopter Python Toolkit containing different Cyber Attacks Tools. Tools in Helikopter Toolkit 1. FattyNigger (PYTHON WORM) 2. Taxes (PYTHON PASS EXT

Saqlain Naqvi 22 Dec 04, 2022
Python decompiler for Python 1.5-2.4 (for historical archive)

This preserves the early code of a Python decompiler for Python versions 1.5 to 2.4. I have been able to install this using pyenv using Python 2.3.7 u

R. Bernstein 2 Jan 04, 2022
🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

BhavKaran 1.5k Dec 28, 2022
A Superfast SMS & Call bomber for Linux And Termux !

A Superfast SMS & Call bomber for Linux And Termux !

Anubhav Kashyap 15 Feb 21, 2022