Fix issue (KeyError: 'impact' #1)

wined.py

@@ -330,7 +330,7 @@ def argument_parser():
  Command line arguments parser
  """
  input_parser = argparse.ArgumentParser(description='Windows Exploit Dowser')
- input_parser.add_argument("-d", "--database", help="feed in with your local MS Bulletin database file")
+ input_parser.add_argument("-d", "--database", help="feed in with your local MS Bulletin database file (Note: not the 'old_2017_03_14_msbulletin.csv' file)")
  input_parser.add_argument("-u", "--update", help="update the MS Bulletin database", action="store_true") 
  input_parser.add_argument("-e", "--exploitdb_dir", help="feed in with your local ExploitDB folder [Default "+DEFAULT_EXPLOIDB_DIR+"]")
  input_parser.add_argument("-m", "--meta_dir", help="feed in with your local Metasploit folder [Default "+DEFAULT_META_DIR+"]") 
@@ -371,6 +371,7 @@ def get_bulletin():
  'Host':'api.msrc.microsoft.com',
  'User-Agent':'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0',
  'Connection':'close',
+ #'Accept-Encoding':'gzip, deflate, br',
  }
  bulletin_list = []
  # First retrieve the amount of MS Bulletins
@@ -416,12 +417,31 @@ def get_bulletin():
  print("[*] Successfully downloaded %s MS Bulletins, remaining %s" % (str(num),cnt))
 
  # Save collected bulletins as csv file
- print("[*] Saving downloaded MS Bulletins as: \"%s\"" % MSBULLETIN_FILE)
+ print("[*] Saving downloaded MS Bulletins as: \"%s\"" % MSBULLETIN_FILE) 
+
+ # Generate dictionary containing only specific bulletin items, this workaround is
+ # necessary because the JSON of MS bulletins has a non-regular format :-(
+ needed_rows = ['releaseDate','product','platform','impact','severity','productId','cveNumber','kbArticles', 'productFamily'] 
+ for i in range(len(bulletin_list)):
+ tmp_bulletin_dict = bulletin_list[i]
+ missing = list(set(needed_rows).difference(tmp_bulletin_dict.keys()))
+ exceed = list(set(tmp_bulletin_dict.keys()).difference(needed_rows))
+ for exceed_elem in exceed:
+ tmp_bulletin_dict.pop(exceed_elem)
+ for missing_elem in missing:
+ tmp_bulletin_dict[missing_elem] = 'Unknown'
+ bulletin_list[i] = tmp_bulletin_dict
+
+
  with open(MSBULLETIN_FILE, 'w') as file:
  csv_writer = csv.writer(file)
- csv_writer.writerow(bulletin_list[0].keys()) # header row
+ key_list = list(bulletin_list[0].keys())
+ key_list.sort()
+ csv_writer.writerow(key_list) # header row
+ #print(*bulletin_list[0].keys())
  for row in bulletin_list:
- csv_writer.writerow(str(row.values()).encode('utf-8')) # values rows 
+ sorted_row = {i: row[i] for i in key_list}
+ csv_writer.writerow(sorted_row.values()) # values rows 
  return True
 
 
@@ -486,7 +506,7 @@ def find_exploits(folder, is_meta, no_dos):
  has_cve = False
  fh = open(fname,'r')
  for line in fh:
- match = re.search('CVE', line, re.DOTALL)
+ match = re.search('CVE', line)
  if match:
  matches.append(match.string)
  has_cve = True
@@ -525,7 +545,7 @@ def find_exploits(folder, is_meta, no_dos):
  matches = []
  vfh = open(valid_fname,'r')
  for vline in vfh: 
- match = re.search('CVE', vline, re.DOTALL)
+ match = re.search('CVE', vline)
  if match:
  matches.append(match.string)
  vfh.close()
@@ -871,7 +891,7 @@ def read_systeminfo(sysinfo):
  osPatches.append(matchPatch.group(0))
 
  # Search for the OS architecture which could be 32 bits, 64 bits or Itanium
- match64 = re.search(r'System type:[\s]*(64-based|x64| 64|i64|64bit|64 bit|64-bit)', line)
+ match64 = re.search(r'(64-based|x64| 64|i64|64bit|64 bit|64-bit)', line)
  matchItanium = re.search(r'(itanium)', line)
  if match64:
  is64 = True
@@ -1037,7 +1057,7 @@ def read_bulletin(msdatabaseFile, osName, vulnType, isGreedy):
  matchFamily = re.search(r'(windows|esu)', csvrow['productFamily'].lower())
  matchPlatform = re.search(r'(windows)', csvrow['platform'].lower())
  # Retrieve patch identifier from json string
- m_obj = re.match(r"\[\{u'articleName': u'([\w]+)',", str(csvrow['kbArticles']))
+ m_obj = re.match(r"\[\{u'articleName': u'([\w]+)',", csvrow['kbArticles'])
  if m_obj:
  patchID = m_obj.group(1)
  if matchFamily:
@@ -1064,7 +1084,7 @@ def read_bulletin(msdatabaseFile, osName, vulnType, isGreedy):
  matchFamily = re.search(r'(windows|esu)', csvrow['productFamily'].lower())
  matchPlatform = re.search(r'(windows)', csvrow['platform'].lower())
  # Retrieve patch identifier from json string
- m_obj = re.match(r"\[\{u'articleName': u'([\w]+)',", str(csvrow['kbArticles']))
+ m_obj = re.match(r"\[\{u'articleName': u'([\w]+)',", csvrow['kbArticles'])
  if m_obj:
  patchID = m_obj.group(1)
  if matchFamily:
@@ -1091,7 +1111,7 @@ def read_bulletin(msdatabaseFile, osName, vulnType, isGreedy):
  matchFamily = re.search(r'(windows|esu)', csvrow['productFamily'].lower())
  matchPlatform = re.search(r'(windows)', csvrow['platform'].lower())
  # Retrieve patch identifier from json string
- m_obj = re.match(r"\[\{u'articleName': u'([\w]+)',", str(csvrow['kbArticles']))
+ m_obj = re.match(r"\[\{u'articleName': u'([\w]+)',", csvrow['kbArticles'])
  if m_obj:
  patchID = m_obj.group(1)
  cve_list = []
@@ -1147,7 +1167,7 @@ def read_bulletin(msdatabaseFile, osName, vulnType, isGreedy):
  matchFamily = re.search(r'(windows|ESU)', csvrow['productFamily'].lower())
  matchPlatform = re.search(r'(windows)', csvrow['platform'].lower())
  # Retrieve patch identifier from json string
- m_obj = re.match(r"\[\{u'articleName': u'([\w]+)',", str(csvrow['kbArticles']))
+ m_obj = re.match(r"\[\{u'articleName': u'([\w]+)',", csvrow['kbArticles'])
  if m_obj:
  patchID = m_obj.group(1)
  if matchFamily:
@@ -1216,7 +1236,7 @@ def old_read_bulletin(oldmsdatabaseFile, osName, vulnType, isGreedy):
  old_cve_list = cve_string.split(',')
  old_bulletin_dict[str(csvrow['Bulletin KB'])] = {}
  old_bulletin_dict[csvrow['Bulletin KB'].lower()][csvrow['Affected Product'].lower()] = list(set(old_cve_list))
- elif isGreedy:# and (csvrow['Affected Component']):
+ elif isGreedy and (csvrow['Affected Component']):
  if ( (csvrow['Affected Product'].lower().startswith(osName)) or (csvrow['Affected Product'].lower().startswith('microsoft '+osName)) ):
  cve_string = csvrow['CVEs']
  # Discard patches without any CVE
@@ -1240,7 +1260,7 @@ def old_read_bulletin(oldmsdatabaseFile, osName, vulnType, isGreedy):
  old_cve_list = cve_string.split(',')
  old_bulletin_dict[str(csvrow['Bulletin KB'])] = {}
  old_bulletin_dict[csvrow['Bulletin KB'].lower()][csvrow['Affected Product'].lower()] = list(set(old_cve_list))
- elif isGreedy:# and (csvrow['Affected Component']):
+ elif isGreedy and (csvrow['Affected Component']):
  if ( (csvrow['Affected Product'].lower().startswith(osName)) or (csvrow['Affected Product'].lower().startswith('microsoft '+osName)) ):
  cve_string = csvrow['CVEs']
  # Discard patches without any CVE
@@ -1279,7 +1299,7 @@ def old_read_bulletin(oldmsdatabaseFile, osName, vulnType, isGreedy):
  # This is a new item, because patch identifier is not in dictionary
  old_bulletin_dict[str(csvrow['Bulletin KB'])] = {}
  old_bulletin_dict[str(csvrow['Bulletin KB'])][csvrow['Affected Product'].lower()] = cve_list
- elif isGreedy: # and (csvrow['Affected Component']):
+ elif isGreedy and (csvrow['Affected Component']):
  if ( (csvrow['Affected Product'].lower().startswith(osName)) or (csvrow['Affected Product'].lower().startswith('microsoft '+osName)) ):
  cve_string = csvrow['CVEs']
  # Discard patches without any CVE
@@ -1424,6 +1444,10 @@ def is_implicit64bit(osName, osRelease):
  print("[-] ERROR: Exiting, you have to specify a MS Bulletin file location [option --database]")
  exit(1)
 
+ if args.database == "old_2017_03_14_msbulletin.csv":
+ print("[-] ERROR: Exiting, you do not need to specify the old MS Bulletin file, it is parsed by default")
+ exit(1)
+
  if not args.systeminfo and not args.wmicinfo and not args.target:
  print("[-] ERROR: Exiting, you have to specify source file for OS target infos [options --systeminfo or --wmicinfo]")
  exit(1)