الأربعاء، 13 أبريل 2016

New scripts in Faraday: cfdbToCsv.py - vulndbToCsv.py - getExploits.py (vFeed)



In Faraday version 1.0.18, we launched a new script to generate a Faraday-compatible vulnerabilities databases based on Open Source projects.
Also, we launched a new script that allows one to obtain exploits based on CVEs added as references in vulnerabilities.




“cfdbToCsv.py” and “vulndbToCsv.py” do the same: do a "git clone" of the project in Github (cfdb or vulndb) to download the database and later, parse this to generate a CSV file.
This file is necessary later, with the script [Faraday_Installation]/helpers/pushCwe.py you can include this database for CouchDB in Faraday.





The script “getExploits.py” is located in [Faraday_Installation]/bin/getExploits.py and this allows one to get URLs or Paths of exploits based on the CVEs present in references of the vulnerabilities.
How is it able to do this? Using the DB of “vFeed” project, which you must first download and copy this to [Faraday_Installation]/data/



When the DB is ready, execute this command: “fplugin -f getExploits.py” in your shell of Faraday QT.
And you get all the exploits you need!
scripts_out.png

We did the following video to show it in action:

And check the Faraday Wiki.
https://github.com/infobyte/faraday/wiki/Vulnerabilities-Database

Big thanks to these projects !
https://github.com/mubix/cfdb
https://github.com/vulndb/data
https://github.com/toolswatch/vFeed

What do you think about this new plugin?
We want to hear your comments!

Cheers!


ليست هناك تعليقات:

إرسال تعليق