1.提取中文信息
#!/bin/bash
# Name: SamplesGrep 你好
# purpose:get infor from http://www.cnnvd.org.cn
domainname="http://www.cnnvd.org.cn/"
queryurl="vulnerability/index/cnnvdid/"
rm result.txt
while read x y;do
wget -O main.html $domainname$queryurl$x
resulturl=`cat main.html|grep -i '<td width="45%"><a href="/vulnerability/show/cv_id'|cut -d'"' -f4`
echo $resulturl
wget -O result.html "${domainname}""${resulturl}"
cat result.html|tr -d '\n'|tr -d "'"|sed 's/<br\\>//g'|sed 's/<\/tr>/<\/tr>@/g'|tr'@' '\n'|sed 's/<tr>/<tr>@/g'|tr'@' '\n'|sed 's/</"</g'|sed 's/>/>"/g'>last.html
resultrow="insert into test.t_vulner_cn(id_value,NAME,publish_date,grade,TYPE,description) VALUES('${x}','"`cat last.html|grep -i '"漏洞名称:"'|cut -d'"' -f15`"'"
# resultrow="${resultrow} ,'"` cat last.html|grep -i '"CNNVD编号:"'|cut -d'"' -f9`"'"
resultrow="${resultrow} ,'"` cat last.html|grep -i '"发布时间:"'|cut -d'"' -f13`"'"
resultrow="${resultrow} ,'"` cat last.html|grep -i '"危害等级:"'|cut -d'"' -f13`"'"
resultrow="${resultrow} ,'"` cat last.html|grep -i '"漏洞类型:"'|cut -d'"' -f13`"'"
resultrow="${resultrow} ,'"` cat last.html|grep -i '/Public/images/cnnvd3_12_24.jpg'|cut -d'"' -f29`"');"
echo $resultrow
mysql -h 192.168.*.* -p* -e"${resultrow}"
echo $resultrow>>result.txt
done<cvelist.txt
echo done
2.提取英文信息
#!/bin/bash
# Name: SamplesGrep 你好
# purpose:get infor from http://www.cnnvd.org.cn
domainname="http://www.cvedetails.com/cve/"
querylist="http://www.cvedetails.com/vulnerability-search.php?f=1&cveid="
echo "">result.txt
echo "before while"
while read x ;do
wget -O result.html $domainname${x}
found=`cat result.html|grep -ic 'Unknown CVE ID'`
echo 'before if'
if ((${found}>0))
then
echo ${x}" not found">>result.txt
echo "not found"
else
# 取漏洞名称
cvename=`cat result.html|grep -i '<title>'|sed 's/</>/g'|cut -d '>' -f3`
echo 'cvename '${cvename}
# 取漏洞cvss分数
cvss=`cat result.html|tr -d '\n'|tr -d "'"|sed 's/<th>Cvss Score<\/th>/@<th>Cvss Score<\/th>/g'|tr
'@' '\n'|sed 's/</>/g'|grep -i '>th>Cvss Score>\/th>'|cut -d '>' -f9`
echo 'cvss '${cvss}
# 取漏洞描述信息
desc=`cat result.html|grep -i '<meta name="description" content="CVE'|cut -d '"' -f4`
echo 'desc '${desc}
# 取漏洞参考条目数
# refcount=`cat result.html|grep -ic '<td class="r_average">'`
# 提取漏洞参考条目
refcontent=`cat result.html|tr -d '\n'|tr -d "'"|sed 's/<br\\>//g'|sed 's/<td class="r_average">/@<td class="r_average">/g'|tr
'@' '\n'|sed 's/</>/g'|grep -i '>td class="r_average">'|cut -d '>' -f5`
echo 'refcontent '${refcontent}
# 取漏洞bid信息
BID=`cat result.html|tr -d '\n'|sed 's/<\/a><br\/> BID/<\/a><br\/> @<tttt<BID</g'|tr
'@' '\n'|grep -i '<tttt<BID<'|cut -d '<' -f4`
# 取查询信息
wget -O query.html $querylist${x}
cat query.html|tr -d '\n'|sed 's/<tr class="srrowns">/@<tr class="srrowns">/g'|tr
'@' '\n'|sed 's/<\/table>/@<\/table>/g'|tr
'@' '\n'|sed 's/</>/g'>querylast.html
qfound=`cat query.html|grep -ic 'title="View cwe definition "'`
if ((${qfound}>0))
then
# 是否有exploit
exploit=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f31`
echo 'exploit '${exploit}
# 漏洞类型
vulner_type=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f37`
echo 'vulner_type '${vulner_type}
# 命名时间
publish_date=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f41`
echo 'publish_date '${publish_date}
# 更新时间
update_date=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f45`
echo 'update_date '${update_date}
# cvss分数
cvss_score=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f51`
echo 'cvss_score '${cvss_score}
# gained_access_level
gained_access_level=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f57`
echo 'gained_access_level '${gained_access_level}
# access
access=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f61`
echo 'access '${access}
# Complexity
complexity=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f65`
echo 'complexity '${complexity}
# Authentication
authentication=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f69`
echo 'authentication '${authentication}
# Confidentiality
confidentiality=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f73`
echo 'confidentiality '${confidentiality}
# Integrity
integrity=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f77`
echo 'integrity '${integrity}
# Availability
availability=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f81`
echo 'availability '${availability}
else
# 是否有exploit
exploit=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f27`
echo 'exploit '${exploit}
# 漏洞类型
vulner_type=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f33`
echo 'vulner_type '${vulner_type}
# 命名时间
publish_date=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f37`
echo 'publish_date '${publish_date}
# 更新时间
update_date=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f41`
echo 'update_date '${update_date}
# cvss分数
cvss_score=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f47`
echo 'cvss_score '${cvss_score}
# gained_access_level
gained_access_level=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f53`
echo 'gained_access_level '${gained_access_level}
# access
access=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f57`
echo 'access '${access}
# Complexity
complexity=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f61`
echo 'complexity '${complexity}
# Authentication
authentication=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f65`
echo 'authentication '${authentication}
# Confidentiality
confidentiality=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f69`
echo 'confidentiality '${confidentiality}
# Integrity
integrity=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f73`
echo 'integrity '${integrity}
# Availability
availability=`cat querylast.html|grep -i '>tr class="srrowns">'|cut -d '>' -f77`
echo 'availability '${availability}
fi
# 插入数据库
resultrow="INSERT INTO t_control(id)
SELECT 1 FROM DUAL WHERE EXISTS(SELECT 1 FROM t_vulner_code WHERE vulner_code='${x}' AND vulner_code_type='CVE');
INSERT INTO t_vulnerability(
vulner_name_en,
description_en,
security_level,
exploit,
vulner_type,
publish_date,
update_date,
cvss,
gained_access_level,
access,
authentication,
confidentiality,
integrity,
availability,
reference)
SELECT trim('${cvename}'),trim('${desc}'),trim('${complexity}'),
trim('${exploit}'),trim('${vulner_type}'),trim('${publish_date}'),trim('${update_date}'),trim('${cvss}'),trim('${gained_access_level}'),
trim('${access}'),trim('${authentication}'),trim('${confidentiality}'),trim('${integrity}'),trim('${availability}'),trim('${refcontent}') FROM DUAL
WHERE NOT EXISTS(SELECT 1 FROM t_vulner_code WHERE vulner_code='${x}' AND vulner_code_type='CVE');
INSERT INTO t_vulner_code(vulner_id,vulner_code_type,vulner_code)
SELECT LAST_INSERT_ID(),'CVE',trim('${x}') from dual
WHERE NOT EXISTS(SELECT 1 FROM t_vulner_code WHERE vulner_code='${x}' AND vulner_code_type='CVE') and LAST_INSERT_ID()<>0 ;
INSERT INTO t_vulner_code(vulner_id,vulner_code_type,vulner_code)
SELECT LAST_INSERT_ID(),'BID',SUBSTR(trim('${BID}'),1,INSTR(trim('${BID}'),' ')-1) from dual
WHERE LAST_INSERT_ID()<>0 and NOT EXISTS(SELECT 1 FROM t_vulner_code WHERE vulner_id=LAST_INSERT_ID() and vulner_code=SUBSTR(trim('${BID}'),1,INSTR(trim('${BID}'),' ')-1) AND vulner_code_type='BID') and SUBSTR(trim('${BID}'),1,INSTR(trim('${BID}'),' ')-1)<>'';"
echo $resultrow
mysql -h 192.168.3.93 -phuawei virus -e"${resultrow}"
echo $resultrow>>result.txt
echo $resultrow
fi
done<cvelist.txt
echo done
# 15 cve_id
# 31 exploit
# 37 vulner_type
# 41 Publish_Date
# 45 Update_Date
# 51 cvss_score
# 57 Gained_Access_Level
# 61 access
# 65 Complexity
# 69 Authentication
# 73 Confidentiality
# 77 Integrity
# 81 Availability