Display exploit codes information for each detected CVE-IDs (#729)

* add exploit * bug fix while loading config in TUI, display in format-full-text * fix readme
2018-11-03 16:36:59 +09:00
parent 678e72a8b6
commit 9865eab2c0
16 changed files with 568 additions and 24 deletions
--- a/models/scanresults.go
+++ b/models/scanresults.go
@@ -309,12 +309,13 @@ func (r ScanResult) FormatTextReportHeadedr() string {
 		buf.WriteString("=")
 	}

-	return fmt.Sprintf("%s\n%s\n%s, %s, %s\n",
+	return fmt.Sprintf("%s\n%s\n%s, %s, %s, %s\n",
 		r.ServerInfo(),
 		buf.String(),
 		r.ScannedCves.FormatCveSummary(),
 		r.ScannedCves.FormatFixedStatus(r.Packages),
 		r.FormatUpdatablePacksSummary(),
+		r.FormatExploitCveSummary(),
 	)
 }

@@ -338,6 +339,17 @@ func (r ScanResult) FormatUpdatablePacksSummary() string {
 		nUpdatable)
 }

+// FormatExploitCveSummary returns a summary of exploit cve
+func (r ScanResult) FormatExploitCveSummary() string {
+	nExploitCve := 0
+	for _, vuln := range r.ScannedCves {
+		if 0 < len(vuln.Exploits) {
+			nExploitCve++
+		}
+	}
+	return fmt.Sprintf("%d cves with exploit", nExploitCve)
+}
+
 func (r ScanResult) isDisplayUpdatableNum() bool {
 	var mode config.ScanMode
 	s, _ := config.Conf.Servers[r.ServerName]
--- a/models/vulninfos.go
+++ b/models/vulninfos.go
@@ -166,6 +166,7 @@ type VulnInfo struct {
 	DistroAdvisories []DistroAdvisory `json:"distroAdvisories,omitempty"` // for Aamazon, RHEL, FreeBSD
 	CpeURIs          []string         `json:"cpeURIs,omitempty"`          // CpeURIs related to this CVE defined in config.toml
 	CveContents      CveContents      `json:"cveContents"`
+	Exploits         []Exploit        `json:"exploits"`
 }

 // Titles returns tilte (TUI)
@@ -713,6 +714,26 @@ func (p DistroAdvisory) Format() string {
 	return strings.Join(buf, "\n")
 }

+// ExploitType is exploit type
+type ExploitType string
+
+const (
+	// ExploitDB : https://www.exploit-db.com/
+	ExploitDB ExploitType = "exploitdb"
+)
+
+// Exploit :
+type Exploit struct {
+	ExploitType  ExploitType `json:"exploitType"`
+	ID           string      `json:"id"`
+	URL          string      `json:"url"`
+	Description  string      `json:"description"`
+	DocumentURL  *string     `json:"documentURL,omitempty"`
+	PaperURL     *string     `json:"paperURL,omitempty"`
+	ShellCodeURL *string     `json:"shellCodeURL,omitempty"`
+	BinaryURL    *string     `json:"binaryURL,omitempty"`
+}
+
 // Confidences is a list of Confidence
 type Confidences []Confidence