Skip to content

Commit

Permalink
follow-cvelist.py add reload-only mode
Browse files Browse the repository at this point in the history
Add -r to allow 'git pulls' to be run outside the script. This enables,
e.g., multiple displays from the same cvelistV5 repository.
Prefix both reloads and git pulls with a timestamp in -vv mode.
  • Loading branch information
oh2fih committed Aug 12, 2024
1 parent 481c04e commit 3bcc445
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 7 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ Miscellaneous scripts for different purposes. Mostly unrelated to each other.
| Email | [`mail-prepender.sh`](bin/mail-prepender.sh)<br>Shell (bash) | Prepends (to stdin/stdout) email header strings given in as flags `i`, `I`, `a`, or `A`; after possible mbox `From` & `Return-Path` header lines. Intended as a limited `formail` replacement that ignores the nyanses of the flags and simply prepends the valid (RFC 5322, 2.2) non-empty headers keeping the other headers as is. Flags `x` & `X` are implemented. Any other flags are ignored. |
| Git | [`git-find-commits-by-file-hash.sh`](bin/git-find-commits-by-file-hash.sh)<br>Shell (bash) | Search Git repository history for commits with SHA-256 checksum of a file. Answers the question "Has this version of this file ever been committed as the file on this path of this Git repository?" and shows a summary (`git show --stat`) of the matching commit(s). The `path` should be relative to the repository root.<br>`git-find-commits-by-file-hash.sh sha256sum path`|
| Infosec | [`netcat-proxy.sh`](bin/netcat-proxy.sh)<br>Shell (sh) | Creates a simple persistent TCP proxy with netcat & named pipes.<br>`netcat-proxy.sh listenport targethost targetport` |
| Infosec | [`follow-cvelist.py`](bin/follow-cvelist.py)<br>Python 3 | Follow changes (commits) in CVEProject / [cvelistV5](https://github.com/CVEProject/cvelistV5). Requires git. Working directory must be the root of the cvelistV5 repository.<br>`follow-cvelist.py [-haou4] [-vvvv] [-i s] [-c N] [-w N]`|
| Infosec | [`follow-cvelist.py`](bin/follow-cvelist.py)<br>Python 3 | Follow changes (commits) in CVEProject / [cvelistV5](https://github.com/CVEProject/cvelistV5). Requires git. Working directory must be the root of the cvelistV5 repository.<br>`follow-cvelist.py [-haoru4] [-vvvv] [-i s] [-c N] [-w N]`|
| Infosec | [`partialpassword.sh`](bin/partialpassword.sh)<br>Shell (bash) | Creates a new wordlist from a wordlist by replacing all ambiguous characters with all their possible combinations.<br>`partialpassword.sh input.txt output.txt O0 [Il1 ...]` |
| Infosec | [`duplicate-ssh-hostkeys.sh`](bin/duplicate-ssh-hostkeys.sh)<br>Shell (bash) | Find duplicate SSH host keys in a CIDR range. Examine your network for shared host keys that could potentially be dangerous.<br>`duplicate-ssh-hostkeys.sh CIDR [HostKeyAlgorithm ...]` |
| Infosec<br>Automation | [`make-mac-prefixes.py`](bin/make-mac-prefixes.py)<br>Python 3 | Processes registered MAC address prefixes from [IEEE MA-L Assignments (CSV)](https://standards.ieee.org/products-programs/regauth/) (stdin) to Nmap's [`nmap-mac-prefixes`](https://github.com/nmap/nmap/blob/master/nmap-mac-prefixes) (stdout) with a few additional unregistered OUIs.<br>`curl https://standards-oui.ieee.org/oui/oui.csv \| make-mac-prefixes.py > nmap-mac-prefixes` |
Expand Down
37 changes: 31 additions & 6 deletions bin/follow-cvelist.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,12 @@
# ------------------------------------------------------------------------------
# Follow changes (commits) in CVEProject / cvelistV5
#
# Usage: follow-cvelist.py [-haou4] [-vvvv] [-i s] [-c N] [-w N]
# Usage: follow-cvelist.py [-haoru4] [-vvvv] [-i s] [-c N] [-w N]
#
# -h, --help show this help message and exit
# -a, --ansi add ansi colors to the output (default: False)
# -o, --once only the current tail; no active follow (default: False)
# -r, --reload-only skip pulls & only follow local changes (default: False)
# -u, --url prefix cve with url to nvd nist details (default: False)
# -4, --cvss4 show cvss 4.0 score instead of cvss 3.1 (default: False)
# -v, --verbose each -v increases verbosity (commits, git pull, raw data)
Expand Down Expand Up @@ -39,7 +40,8 @@
def main(args: argparse.Namespace) -> None:
cvelist = CvelistFollower(args)
cvelist.header()
cvelist.pull()
if not args.reload_only:
cvelist.pull()
cvelist.history()
if not args.once:
cvelist.monitor()
Expand Down Expand Up @@ -148,7 +150,13 @@ def monitor(self) -> None:
for x in range(self.args.interval):
self.check_interrupt()
time.sleep(1)
self.pull()
if not self.args.reload_only:
self.pull()
elif self.args.verbose > 1:
print(
f"{time.strftime('%Y-%m-%d %H:%M:%S', time.gmtime())} Reload",
file=sys.stderr,
)
new_cursor = self.get_cursor()
if new_cursor != cursor:
if self.args.verbose > 0:
Expand All @@ -162,7 +170,11 @@ def pull(self) -> None:
result = subprocess.run(
["git", "pull"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT
)
print(result.stdout.decode("utf-8").strip(), file=sys.stderr)
print(
f"{time.strftime('%Y-%m-%d %H:%M:%S', time.gmtime())} "
f"{result.stdout.decode('utf-8').strip()}",
file=sys.stderr,
)
else:
subprocess.call(
["git", "pull"], stdout=subprocess.DEVNULL, stderr=subprocess.STDOUT
Expand Down Expand Up @@ -537,7 +549,7 @@ def check_positive(value: str) -> int:
if __name__ == "__main__":
argParser = argparse.ArgumentParser(
description="Follow changes (commits) in CVEProject / cvelistV5",
usage="%(prog)s [-haou4] [-vvvv] [-i s] [-c N]",
usage="%(prog)s [-haoru4] [-vvvv] [-i s] [-c N] [-w N]",
epilog="Requires git. "
"Working directory must be the root of the cvelistV5 repository.",
formatter_class=argparse.ArgumentDefaultsHelpFormatter,
Expand All @@ -556,6 +568,13 @@ def check_positive(value: str) -> int:
help="only the current tail; no active follow",
default=False,
)
argParser.add_argument(
"-r",
"--reload-only",
action="store_true",
help="skip pulls & only follow local changes",
default=False,
)
argParser.add_argument(
"-u",
"--url",
Expand All @@ -582,7 +601,7 @@ def check_positive(value: str) -> int:
"--interval",
type=check_positive,
metavar="s",
help="pull interval in seconds",
help="pull/reload interval in seconds",
default=150,
)
argParser.add_argument(
Expand Down Expand Up @@ -611,4 +630,10 @@ def check_positive(value: str) -> int:
}
if args.verbose > 0:
print(f"VERBOSITY: {verbosity[args.verbose]}", file=sys.stderr)
if args.reload_only:
print(
"Reload only mode; "
"make sure the periodic 'git pull' gets run somewhere else",
file=sys.stderr,
)
main(args)

0 comments on commit 3bcc445

Please sign in to comment.