Merge pull request #31 from TURROKS/enhance/general-improvements

Added support for Nessus and OpenVAS scan results
TURROKS · Nov 3, 2024 · 62d6762 · 62d6762
2 parents e58cb75 + 10cd5f0
commit 62d6762
Show file tree

Hide file tree

Showing 9 changed files with 264 additions and 272 deletions.
diff --git a/README.md b/README.md
@@ -134,6 +134,8 @@ To use CVE_Prioritizer effectively, follow these steps:
    - **Single CVE:** Use the `-c` followed by the CVE ID.
    - **List of CVEs:** Use `-l` followed by a **comma-separated** list of CVEs.
    - **File with CVEs:** Use `-f` to import a file containing CVE IDs (one per line).
+   	   - **Import Vulnerability Reports:** Use the -f flag along with --nessus or --openvas to automatically
+   	   ingest CVEs from Nessus or OpenVAS scan reports.
 4. Tailor the output according to your needs:
    - Use the `-v` or `--verbose` for detailed information.
    - Define custom thresholds with `--cvss` and/or `--epss` to align the results with your organization's

diff --git a/cve_prioritizer.py b/cve_prioritizer.py
@@ -2,7 +2,7 @@
 
 __author__ = "Mario Rojas"
 __license__ = "BSD 3-clause"
-__version__ = "1.7.2"
+__version__ = "1.8.0"
 __maintainer__ = "Mario Rojas"
 __status__ = "Production"
 

diff --git a/cve_prioritizer/__init__.py b/cve_prioritizer/__init__.py
@@ -2,7 +2,7 @@
 
 __author__ = "Mario Rojas"
 __license__ = "BSD 3-clause"
-__version__ = "1.7.2"
+__version__ = "1.8.0"
 __maintainer__ = "Mario Rojas"
 __status__ = "Production"
 

diff --git a/cve_prioritizer/__main__.py b/cve_prioritizer/__main__.py
@@ -2,7 +2,7 @@
 
 __author__ = "Mario Rojas"
 __license__ = "BSD 3-clause"
-__version__ = "1.7.2"
+__version__ = "1.8.0"
 __maintainer__ = "Mario Rojas"
 __status__ = "Production"
 

diff --git a/cve_prioritizer/cve_prioritizer.py b/cve_prioritizer/cve_prioritizer.py
@@ -2,7 +2,7 @@
 
 __author__ = "Mario Rojas"
 __license__ = "BSD 3-clause"
-__version__ = "1.7.2"
+__version__ = "1.8.0"
 __maintainer__ = "Mario Rojas"
 __status__ = "Production"
 
@@ -18,7 +18,7 @@
 from datetime import datetime
 
 from scripts.constants import LOGO, SIMPLE_HEADER, VERBOSE_HEADER
-from scripts.helpers import update_env_file, worker
+from scripts.helpers import parse_report, update_env_file, worker
 
 load_dotenv()
 Throttle_msg = ''
@@ -40,14 +40,17 @@
 @click.option('-sa', '--set-api', is_flag=True, help='Save API keys')
 @click.option('-vc', '--vulncheck', is_flag=True, help='Use NVD++ - Requires VulnCheck API')
 @click.option('-vck', '--vulncheck_kev', is_flag=True, help='Use Vulncheck KEV - Requires VulnCheck API')
+@click.option('--nessus', is_flag=True, help='Parse Nessus file')
+@click.option('--openvas', is_flag=True, help='Parse OpenVAS file')
 def main(api, cve, epss, file, cvss, output, threads, verbose, list, no_color, set_api, vulncheck, vulncheck_kev,
-         json_file):
+         json_file, nessus, openvas):
+
     # Global Arguments
     color_enabled = not no_color
     throttle_msg = ''
 
     # standard args
-    header = SIMPLE_HEADER
+    header = VERBOSE_HEADER if verbose else SIMPLE_HEADER
     epss_threshold = epss
     cvss_threshold = cvss
     sem = Semaphore(threads)
@@ -70,42 +73,30 @@ def main(api, cve, epss, file, cvss, output, threads, verbose, list, no_color, s
         click.echo(f"API key for {service} updated successfully.")
     if verbose:
         header = VERBOSE_HEADER
+
     if cve:
         cve_list.append(cve)
-        if not api:
-            if not os.getenv('NIST_API') and not vulncheck:
-                click.echo(LOGO + 'Warning: Using this tool without specifying a NIST API may result in errors'
-                           + '\n\n' + header)
-            else:
-                click.echo(LOGO + header)
-        else:
-            click.echo(LOGO + header)
     elif list:
         cve_list = list.split(',')
-        if not api:
-            if not os.getenv('NIST_API') and not vulncheck:
-                if len(cve_list) > 75:
-                    throttle_msg = 'Large number of CVEs detected, requests will be throttle to avoid API issues'
-                click.echo(LOGO + throttle_msg + '\n'
-                           + 'Warning: Using this tool without specifying a NIST API may result in errors' + '\n\n'
-                           + header)
-            else:
-                click.echo(LOGO + header)
-        else:
-            click.echo(LOGO + header)
     elif file:
-        cve_list = [line.rstrip() for line in file]
-        if not api:
-            if not os.getenv('NIST_API') and not vulncheck:
-                if len(cve_list) > 75:
-                    throttle_msg = "Large number of CVEs detected, requests will be throttle to avoid API issues"
-                click.echo(LOGO + throttle_msg + '\n'
-                           + 'Warning: Using this tool without specifying a NIST API may result in errors' + '\n\n'
-                           + header)
-            else:
-                click.echo(LOGO + header)
+        if nessus:
+            cve_list = parse_report(file, 'nessus')
+        elif openvas:
+            cve_list = parse_report(file, 'openvas')
+        else:
+            cve_list = [line.rstrip() for line in file]
+
+    if not api and not os.getenv('NIST_API') and not vulncheck:
+        if len(cve_list) > 75:
+            throttle_msg = 'Large number of CVEs detected, requests will be throttle to avoid API issues'
+            click.echo(LOGO + throttle_msg + '\n' +
+                       'Warning: Using this tool without specifying a NIST API may result in errors'
+                       + '\n\n' + header)
         else:
-            click.echo(LOGO + header)
+            click.echo(LOGO + 'Warning: Using this tool without specifying a NIST API may result in errors'
+                       + '\n\n' + header)
+    else:
+        click.echo(LOGO + header)
 
     if output:
         output.write("cve_id,priority,epss,cvss,cvss_version,cvss_severity,kev,ransomware,kev_source,cpe,vendor,"
@@ -126,7 +117,8 @@ def main(api, cve, epss, file, cvss, output, threads, verbose, list, no_color, s
         else:
             sem.acquire()
             t = threading.Thread(target=worker, args=(cve.upper().strip(), cvss_threshold, epss_threshold, verbose,
-                                                      sem, color_enabled, output, api, vulncheck, vulncheck_kev, results))
+                                                      sem, color_enabled, output, api, vulncheck, vulncheck_kev,
+                                                      results))
             threads.append(t)
             t.start()
             time.sleep(throttle)

diff --git a/pyproject.toml b/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "CVE Prioritizer"
-version = "1.7.2"
+version = "1.8.0"
 description = "Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities Prioritize actions based on real-time threat information, gain a competitive advantage, and stay informed about the latest trends."
 readme = "README.md"
 license = { text = "BSD 3-Clause"}

diff --git a/scripts/constants.py b/scripts/constants.py
@@ -2,7 +2,7 @@
 
 __author__ = "Mario Rojas"
 __license__ = "BSD 3-clause"
-__version__ = "1.7.2"
+__version__ = "1.8.0"
 __maintainer__ = "Mario Rojas"
 __status__ = "Production"
 
@@ -26,6 +26,6 @@
 #    / _ \____(_)__  ____(_) /_(_)__ ___ ____
 #   / ___/ __/ / _ \/ __/ / __/ /_ // -_) __/
 #  /_/  /_/ /_/\___/_/ /_/\__/_//__/\__/_/   
-#  v1.7.2                          BY TURROKS
+#  v1.8.0                          BY TURROKS
                                                   
 """""