From 3dfbd6b6163b26e5bf38e4aa880d386b809ac504 Mon Sep 17 00:00:00 2001 From: MaineK00n Date: Fri, 25 Mar 2022 20:26:06 +0000 Subject: [PATCH] chore(mod): update go-exploitdb module (#1428) * chore(mod): update go-exploitdb module * docs: add inthewild datasource * Unique because URLs sometimes duplicate on GitHub and InTheWild Co-authored-by: Kota Kanbe --- README.md | 1 + go.mod | 2 +- go.sum | 4 ++-- reporter/util.go | 7 +++++++ tui/tui.go | 7 ++++++- 5 files changed, 17 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 1f74f8b6..2def756a 100644 --- a/README.md +++ b/README.md @@ -82,6 +82,7 @@ Vuls is a tool created to solve the problems listed above. It has the following - [Metasploit-Framework modules](https://www.rapid7.com/db/?q=&type=metasploit) - [qazbnm456/awesome-cve-poc](https://github.com/qazbnm456/awesome-cve-poc) - [nomi-sec/PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub) + - [gmatuz/inthewilddb](https://github.com/gmatuz/inthewilddb) - CERT - [US-CERT](https://www.us-cert.gov/ncas/alerts) diff --git a/go.mod b/go.mod index 342046af..c795b1dd 100644 --- a/go.mod +++ b/go.mod @@ -42,7 +42,7 @@ require ( github.com/sirupsen/logrus v1.8.1 github.com/spf13/cobra v1.4.0 github.com/vulsio/go-cve-dictionary v0.8.2-0.20211028094424-0a854f8e8f85 - github.com/vulsio/go-exploitdb v0.4.2-0.20211028071949-1ebf9c4f6c4d + github.com/vulsio/go-exploitdb v0.4.2 github.com/vulsio/go-kev v0.1.1-0.20220118062020-5f69b364106f github.com/vulsio/go-msfdb v0.2.1-0.20211028071756-4a9759bd9f14 github.com/vulsio/gost v0.4.1-0.20211028071837-7ad032a6ffa8 diff --git a/go.sum b/go.sum index 2a24c7b9..225af655 100644 --- a/go.sum +++ b/go.sum @@ -1793,8 +1793,8 @@ github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgq github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= github.com/vulsio/go-cve-dictionary v0.8.2-0.20211028094424-0a854f8e8f85 h1:nEhaBIAixxDQGeu/3sgHLSjpQpKGqENcUtWHEwkwC4k= github.com/vulsio/go-cve-dictionary v0.8.2-0.20211028094424-0a854f8e8f85/go.mod h1:Ii9TEH35giMSWJM2FwGm1PCPxuBKrbaYhDun2PM7ERo= -github.com/vulsio/go-exploitdb v0.4.2-0.20211028071949-1ebf9c4f6c4d h1:iMXVmz2f1Phor1TAmRKx324mDOuXst0GXGEboVRgysg= -github.com/vulsio/go-exploitdb v0.4.2-0.20211028071949-1ebf9c4f6c4d/go.mod h1:2R5gwySHHjF3DoEt11xqnIWEJLS93CLfCUDPwYH+VdM= +github.com/vulsio/go-exploitdb v0.4.2 h1:eCqyOLWKPwD8hZ0NHGCtT6OG37Sadr5RGMnnHEEy0bI= +github.com/vulsio/go-exploitdb v0.4.2/go.mod h1:2R5gwySHHjF3DoEt11xqnIWEJLS93CLfCUDPwYH+VdM= github.com/vulsio/go-kev v0.1.1-0.20220118062020-5f69b364106f h1:s28XqL35U+N2xkl6bLXPH68IqzmliuqeF37x5pzNLuc= github.com/vulsio/go-kev v0.1.1-0.20220118062020-5f69b364106f/go.mod h1:NrXTTkGG83ZYl7ypHHLqqzx6HvVkWH37qCizU5UoCS8= github.com/vulsio/go-msfdb v0.2.1-0.20211028071756-4a9759bd9f14 h1:2uYZw2gQ0kymwerTS1FXZbNgptnlye+SB7o3QlLDIBo= diff --git a/reporter/util.go b/reporter/util.go index 1cc4b50a..e7a4fd4d 100644 --- a/reporter/util.go +++ b/reporter/util.go @@ -464,9 +464,16 @@ No CVE-IDs are found in updatable packages. for _, url := range cweURLs { data = append(data, []string{"CWE", url}) } + + m := map[string]struct{}{} for _, exploit := range vuln.Exploits { + if _, ok := m[exploit.URL]; ok { + continue + } data = append(data, []string{string(exploit.ExploitType), exploit.URL}) + m[exploit.URL] = struct{}{} } + for _, url := range top10URLs { data = append(data, []string{"OWASP Top10", url}) } diff --git a/tui/tui.go b/tui/tui.go index 4e2feebf..f0d696d1 100644 --- a/tui/tui.go +++ b/tui/tui.go @@ -781,13 +781,18 @@ func setChangelogLayout(g *gocui.Gui) error { lines = append(lines, adv.Format()) } + m := map[string]struct{}{} if len(vinfo.Exploits) != 0 { lines = append(lines, "\n", - "Exploit Codes", + "PoC", "=============", ) for _, exploit := range vinfo.Exploits { + if _, ok := m[exploit.URL]; ok { + continue + } lines = append(lines, fmt.Sprintf("* [%s](%s)", exploit.Description, exploit.URL)) + m[exploit.URL] = struct{}{} } }