v0.10

xaitax · xaitax · commit d0d9e732d483 · 2024-06-26T21:55:30.000+02:00
diff --git a/README.md b/README.md
@@ -27,10 +27,11 @@ SploitScan is a powerful and user-friendly tool designed to streamline the proce
 - **EPSS Integration**: Includes Exploit Prediction Scoring System (EPSS) data, offering a probability score for the likelihood of CVE exploitation, aiding in prioritization.
 - **Public Exploits Aggregation**: Gathers publicly available exploits, enhancing the understanding of vulnerabilities.
 - **CISA KEV**: Shows if the CVE has been listed in the Known Exploited Vulnerabilities (KEV) of CISA.
+- **AI-Powered Risk Assessment**: Leverages OpenAI to provide detailed risk assessments, potential attack scenarios, mitigation recommendations, and executive summaries.
+- **HackerOne Reports**: Shows if the CVE was used within HackerOne Bug Bounty programs and their total rank overall.
 - **Patching Priority System**: Evaluates and assigns a priority rating for patching based on various factors including public exploits availability.
 - **Multi-CVE Support and Export Options**: Supports multiple CVEs in a single run and allows exporting the results to HTML, JSON and CSV formats.
 - **Vulnerability Scanner Import**: Import vulnerability scans from popular vulnerability scanners and search directly for known exploits.
-- **AI-Powered Risk Assessment**: Leverages OpenAI to provide detailed risk assessments, potential attack scenarios, mitigation recommendations, and executive summaries.
 - **User-Friendly Interface**: Easy to use, providing clear and concise information.
 - **Comprehensive Security Tool**: Ideal for quick security assessments and staying informed about recent vulnerabilities.
 
@@ -98,9 +99,9 @@ $ sploitscan.py -h
 ╚════██║██╔═══╝ ██║     ██║   ██║██║   ██║   ╚════██║██║     ██╔══██║██║╚██╗██║
 ███████║██║     ███████╗╚██████╔╝██║   ██║   ███████║╚██████╗██║  ██║██║ ╚████║
 ╚══════╝╚═╝     ╚══════╝ ╚═════╝ ╚═╝   ╚═╝   ╚══════╝ ╚═════╝╚═╝  ╚═╝╚═╝  ╚═══╝
-v0.9 / Alexander Hagenah / @xaitax / ah@primepage.de
+v0.10 / Alexander Hagenah / @xaitax / ah@primepage.de
 
-usage: sploitscan.py [-h] [-e {json,JSON,csv,CSV,html,HTML}] [-t {nessus,nexpose,openvas,docker}] [-i IMPORT_FILE] [cve_ids ...]
+usage: sploitscan.py [-h] [-e {json,JSON,csv,CSV,html,HTML}] [-t {nessus,nexpose,openvas,docker}] [-i IMPORT_FILE] [-d] [cve_ids ...]
 
 SploitScan: Retrieve and display vulnerability data as well as public exploits for given CVE ID(s).
 
@@ -116,6 +117,7 @@ options:
                         Specify the type of the import file: 'nessus', 'nexpose', 'openvas' or 'docker'.
   -i IMPORT_FILE, --import-file IMPORT_FILE
                         Path to an import file from a vulnerability scanner. If used, CVE IDs can be omitted from the command line arguments.
+  -d, --debug           Enable debug output.
 ```
 
 ### Single CVE Query
@@ -247,6 +249,11 @@ This system assists users in making informed decisions on which vulnerabilities
 
 ## 📆 Changelog
 
+### [26. June 2024] - Version 0.10
+
+- **HackerOne Integration**: Added support for searching through HackerOne and displays if the CVE was used in any Bug Bounty program including its rank.
+- **General Improvements**: Various bug fixes.
+
 ### [24. May 2024] - Version 0.9
 
 - **AI-Powered Risk Assessment**: Integrated OpenAI for detailed risk assessments, potential attack scenarios, mitigation recommendations, and executive summaries (needs OpenAI API key).
@@ -329,12 +336,14 @@ Special thanks to:
 
 ## 📚 References
 
+- [CISA Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
 - [CVE Program](https://github.com/CVEProject/cvelistV5)
+- [ExploitDB](https://www.exploit-db.com/)
 - [FIRST EPSS](https://www.first.org/epss/api)
-- [CISA Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
+- [HackerOne](https://hackerone.com/)
 - [nomi-sec PoC-in-GitHub API](https://poc-in-github.motikan2010.net/)
-- [VulnCheck](https://vulncheck.com/)
-- [ExploitDB](https://www.exploit-db.com/)
-- [ProjectDiscovery Nuclei](https://github.com/projectdiscovery/nuclei-templates)
-- [Packet Storm](https://packetstormsecurity.com/)
 - [OpenAI](https://openai.com/)
+- [Packet Storm](https://packetstormsecurity.com/)
+- [ProjectDiscovery Nuclei](https://github.com/projectdiscovery/nuclei-templates)
+- [VulnCheck](https://vulncheck.com/)
+
diff --git a/pyproject.toml b/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "sploitscan"
-version = "0.9.1"
+version = "0.10.0"
 description = "SploitScan is a sophisticated cybersecurity utility designed to provide detailed information on vulnerabilities and associated exploits."
 authors = [ { name = "Alexander Hagenah", email = "ah@primepage.de" } ]
 license = { file = "LICENSE" }
diff --git a/sploitscan/sploitscan.py b/sploitscan/sploitscan.py
@@ -13,7 +13,7 @@
 from jinja2 import Environment, FileSystemLoader
 
 
-VERSION = "0.9"
+VERSION = "0.10"
 
 BLUE = "\033[94m"
 GREEN = "\033[92m"
@@ -30,6 +30,7 @@
 VULNCHECK_API_URL = "https://api.vulncheck.com/v3/index/vulncheck-kev"
 EXPLOITDB_URL = "https://gitlab.com/exploit-database/exploitdb/-/raw/main/files_exploits.csv?ref_type=heads"
 PACKETSTORM_URL = "https://packetstormsecurity.com/search/?q={cve_id}"
+HACKERONE_URL = "https://hackerone.com/graphql"
 
 CVSS_THRESHOLD = 6.0
 EPSS_THRESHOLD = 0.2
@@ -138,6 +139,40 @@ def fetch_packetstorm_data(cve_id):
         else {}
     ), None
 
+def fetch_hackerone_cve_details(cve_id):
+    headers = {
+        'content-type': 'application/json'
+    }
+    payload = {
+        "operationName": "CveDiscoveryDetailedViewCveEntry",
+        "variables": {
+            "cve_id": cve_id
+        },
+        "query": """
+        query CveDiscoveryDetailedViewCveEntry($cve_id: String!) {
+            cve_entry(cve_id: $cve_id) {
+                rank
+                reports_submitted_count
+                __typename
+            }
+        }
+        """
+    }
+
+    response = requests.post(HACKERONE_URL, headers=headers, json=payload)
+    
+    if response.status_code == 200:
+        try:
+            data = response.json()
+            if 'data' in data and 'cve_entry' in data['data']:
+                return data, None
+            else:
+                return None, "❌ No HackerOne data found for this CVE."
+        except json.JSONDecodeError as e:
+            return None, f"❌ Error parsing JSON data from HackerOne: {e}"
+    else:
+        return None, f"❌ Error fetching data from HackerOne: {response.status_code}: {response.text}"
+
 
 def display_data(title, data, template, error=None):
     print(f"┌───[ {BLUE}{title}{ENDC} ]")
@@ -327,6 +362,26 @@ def template(data):
     display_data("⚛️ Nuclei Template", nuclei_data, template, error)
 
 
+def display_hackerone_data(hackerone_data, error=None):
+    def template(data):
+        if not data or "data" not in data or "cve_entry" not in data["data"]:
+            return ["└ ❌ No data found."]
+
+        cve_entry = data["data"]["cve_entry"]
+        if not cve_entry:
+            return ["└ ❌ No data found."]
+        
+        rank = cve_entry.get("rank", "N/A")
+        reports_submitted_count = cve_entry.get("reports_submitted_count", "N/A")
+        return [
+            f"├ Rank:        {rank}",
+            f"└ Reports:     {reports_submitted_count}",
+        ]
+
+    display_data("🕵️ HackerOne Hacktivity", hackerone_data, template, error)
+
+
+
 def display_cve_references(cve_data, error=None):
     def template(data):
         if not data or "containers" not in data or "cna" not in data["containers"]:
@@ -731,8 +786,7 @@ def main(cve_ids, export_format=None, import_file=None, import_type=None):
         cve_id = cve_id.upper()
         if not is_valid_cve_id(cve_id):
             print(
-                f"❌ Invalid CVE ID format: {
-                    cve_id}. Please use the format CVE-YYYY-NNNNN."
+                f"❌ Invalid CVE ID format: {cve_id}. Please use the format CVE-YYYY-NNNNN."
             )
             continue
 
@@ -742,6 +796,9 @@ def main(cve_ids, export_format=None, import_file=None, import_type=None):
         cve_data, cve_error = fetch_github_cve_data(cve_id)
         display_cve_data(cve_data, cve_error)
 
+        if not cve_data:
+            continue
+
         epss_data, epss_error = fetch_epss_score(cve_id)
         display_epss_score(epss_data, epss_error)
 
@@ -774,18 +831,8 @@ def main(cve_ids, export_format=None, import_file=None, import_type=None):
         nuclei_data, nuclei_error = fetch_nuclei_data(cve_id)
         display_nuclei_data(nuclei_data, nuclei_error)
 
-        priority = calculate_priority(
-            cve_id,
-            cve_data,
-            epss_data,
-            github_data,
-            cisa_data,
-            vulncheck_data,
-            exploitdb_data,
-        )
-        display_priority_rating(cve_id, priority)
-
-        display_cve_references(cve_data, cve_error)
+        hackerone_data, hackerone_error = fetch_hackerone_cve_details(cve_id)
+        display_hackerone_data(hackerone_data, hackerone_error)
 
         published = cve_data["cveMetadata"].get("datePublished", "N/A")
         if published != "N/A":
@@ -840,8 +887,7 @@ def main(cve_ids, export_format=None, import_file=None, import_type=None):
         vulncheck_exploits = (
             "\n".join(
                 [
-                    f"{xdb['date_added']}: {xdb['clone_ssh_url'].replace(
-                        'git@github.com:', 'https://github.com/').replace('.git', '')}"
+                    f"{xdb['date_added']}: {xdb['clone_ssh_url'].replace('git@github.com:', 'https://github.com/').replace('.git', '')}"
                     for item in vulncheck_data.get("data", [])
                     for xdb in item.get("vulncheck_xdb", [])
                 ]
@@ -853,8 +899,7 @@ def main(cve_ids, export_format=None, import_file=None, import_type=None):
         packetstorm_url = packetstorm_data.get("packetstorm_url", "N/A")
 
         nuclei_url = (
-            f"https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/main/{
-                nuclei_data['file_path']}"
+            f"https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/main/{nuclei_data['file_path']}"
             if nuclei_data and "file_path" in nuclei_data
             else "N/A"
         )
@@ -887,6 +932,19 @@ def main(cve_ids, export_format=None, import_file=None, import_type=None):
         risk_assessment = get_risk_assessment(cve_details, cve_data)
         display_ai_risk_assessment(cve_details, cve_data)
 
+        priority = calculate_priority(
+            cve_id,
+            cve_data,
+            epss_data,
+            github_data,
+            cisa_data,
+            vulncheck_data,
+            exploitdb_data,
+        )
+        display_priority_rating(cve_id, priority)
+
+        display_cve_references(cve_data, cve_error)
+
         cve_result.update(
             {
                 "CVE Data": cve_data,
@@ -897,6 +955,7 @@ def main(cve_ids, export_format=None, import_file=None, import_type=None):
                 "VulnCheck Data": vulncheck_data,
                 "ExploitDB Data": exploitdb_data,
                 "PacketStorm Data": packetstorm_data,
+                "HackerOne Data": hackerone_data,
                 "Priority": {"Priority": priority},
                 "Risk Assessment": risk_assessment,
             }
diff --git a/sploitscan/templates/report_template.html b/sploitscan/templates/report_template.html
@@ -255,12 +255,16 @@ <h4><span class="icon">⚛️</span> Nuclei Template</h4>
                         </table>
                     </div>
                     <div class="mb-3">
-                        <h4><span class="icon">⚠️</span> Patching Priority Rating</h4>
+                        <h4><span class="icon">🕵️</span> HackerOne Hacktivity</h4>
                         <table class="table table-sm">
                             <tbody>
                                 <tr>
-                                    <td>Priority</td>
-                                    <td>{{ cve['Priority']['Priority'] if cve['Priority'] and cve['Priority']['Priority'] else 'N/A' }}</td>
+                                    <td>Rank</td>
+                                    <td>{{ cve['HackerOne Data']['data']['cve_entry']['rank'] if cve['HackerOne Data'] and cve['HackerOne Data'].get('data') and cve['HackerOne Data']['data'].get('cve_entry') else 'N/A' }}</td>
+                                </tr>
+                                <tr>
+                                    <td>Reports Submitted</td>
+                                    <td>{{ cve['HackerOne Data']['data']['cve_entry']['reports_submitted_count'] if cve['HackerOne Data'] and cve['HackerOne Data'].get('data') and cve['HackerOne Data']['data'].get('cve_entry') else 'N/A' }}</td>
                                 </tr>
                             </tbody>
                         </table>
@@ -269,7 +273,17 @@ <h4><span class="icon">⚠️</span> Patching Priority Rating</h4>
                         <h4><span class="icon">🤖</span> AI-Powered Risk Assessment</h4>
                         <pre style="white-space: pre-wrap;">{{ cve['Risk Assessment'] }}</pre>
                     </div>
-                    
+                    <div class="mb-3">
+                        <h4><span class="icon">⚠️</span> Patching Priority Rating</h4>
+                        <table class="table table-sm">
+                            <tbody>
+                                <tr>
+                                    <td>Priority</td>
+                                    <td>{{ cve['Priority']['Priority'] if cve['Priority'] and cve['Priority']['Priority'] else 'N/A' }}</td>
+                                </tr>
+                            </tbody>
+                        </table>
+                    </div>                    
                     <div class="mb-3">
                         <h4><span class="icon">📚</span> Further References</h4>
                         <table class="table table-sm">
