follow-cvelist.py add reload-only mode

Add -r to allow 'git pulls' to be run outside the script. This enables, e.g., multiple displays from the same cvelistV5 repository. Prefix both reloads and git pulls with a timestamp in -vv mode.
oh2fih · Aug 12, 2024 · e44437c · e44437c
1 parent 481c04e
commit e44437c
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -12,7 +12,7 @@ Miscellaneous scripts for different purposes. Mostly unrelated to each other.
 | Email | [`mail-prepender.sh`](bin/mail-prepender.sh)<br>Shell (bash) | Prepends (to stdin/stdout) email header strings given in as flags `i`, `I`, `a`, or `A`; after possible mbox `From` & `Return-Path` header lines. Intended as a limited `formail` replacement that ignores the nyanses of the flags and simply prepends the valid (RFC 5322, 2.2) non-empty headers keeping the other headers as is. Flags `x` & `X` are implemented. Any other flags are ignored. |
 | Git | [`git-find-commits-by-file-hash.sh`](bin/git-find-commits-by-file-hash.sh)<br>Shell (bash) | Search Git repository history for commits with SHA-256 checksum of a file. Answers the question "Has this version of this file ever been committed as the file on this path of this Git repository?" and shows a summary (`git show --stat`) of the matching commit(s). The `path` should be relative to the repository root.<br>`git-find-commits-by-file-hash.sh sha256sum path`|
 | Infosec | [`netcat-proxy.sh`](bin/netcat-proxy.sh)<br>Shell (sh) | Creates a simple persistent TCP proxy with netcat & named pipes.<br>`netcat-proxy.sh listenport targethost targetport` |
-| Infosec | [`follow-cvelist.py`](bin/follow-cvelist.py)<br>Python 3 | Follow changes (commits) in CVEProject / [cvelistV5](https://github.com/CVEProject/cvelistV5). Requires git. Working directory must be the root of the cvelistV5 repository.<br>`follow-cvelist.py [-haou4] [-vvvv] [-i s] [-c N] [-w N]`|
+| Infosec | [`follow-cvelist.py`](bin/follow-cvelist.py)<br>Python 3 | Follow changes (commits) in CVEProject / [cvelistV5](https://github.com/CVEProject/cvelistV5). Requires git. Working directory must be the root of the cvelistV5 repository.<br>`follow-cvelist.py [-haoru4] [-vvvv] [-i s] [-c N] [-w N]`|
 | Infosec | [`partialpassword.sh`](bin/partialpassword.sh)<br>Shell (bash) | Creates a new wordlist from a wordlist by replacing all ambiguous characters with all their possible combinations.<br>`partialpassword.sh input.txt output.txt O0 [Il1 ...]` |
 | Infosec | [`duplicate-ssh-hostkeys.sh`](bin/duplicate-ssh-hostkeys.sh)<br>Shell (bash) | Find duplicate SSH host keys in a CIDR range. Examine your network for shared host keys that could potentially be dangerous.<br>`duplicate-ssh-hostkeys.sh CIDR [HostKeyAlgorithm ...]` |
 | Infosec<br>Automation | [`make-mac-prefixes.py`](bin/make-mac-prefixes.py)<br>Python 3 | Processes registered MAC address prefixes from [IEEE MA-L Assignments (CSV)](https://standards.ieee.org/products-programs/regauth/) (stdin) to Nmap's [`nmap-mac-prefixes`](https://github.com/nmap/nmap/blob/master/nmap-mac-prefixes)  (stdout) with a few additional unregistered OUIs.<br>`curl https://standards-oui.ieee.org/oui/oui.csv \| make-mac-prefixes.py > nmap-mac-prefixes` |

diff --git a/bin/follow-cvelist.py b/bin/follow-cvelist.py
@@ -3,11 +3,12 @@
 # ------------------------------------------------------------------------------
 # Follow changes (commits) in CVEProject / cvelistV5
 #
-# Usage: follow-cvelist.py [-haou4] [-vvvv] [-i s] [-c N] [-w N]
+# Usage: follow-cvelist.py [-haoru4] [-vvvv] [-i s] [-c N] [-w N]
 #
 #  -h, --help          show this help message and exit
 #  -a, --ansi          add ansi colors to the output (default: False)
 #  -o, --once          only the current tail; no active follow (default: False)
+#  -r, --reload-only   skip pulls & only follow local changes (default: False)
 #  -u, --url           prefix cve with url to nvd nist details (default: False)
 #  -4, --cvss4         show cvss 4.0 score instead of cvss 3.1 (default: False)
 #  -v, --verbose       each -v increases verbosity (commits, git pull, raw data)
@@ -39,7 +40,8 @@
 def main(args: argparse.Namespace) -> None:
     cvelist = CvelistFollower(args)
     cvelist.header()
-    cvelist.pull()
+    if not args.reload_only:
+        cvelist.pull()
     cvelist.history()
     if not args.once:
         cvelist.monitor()
@@ -148,7 +150,13 @@ def monitor(self) -> None:
             for x in range(self.args.interval):
                 self.check_interrupt()
                 time.sleep(1)
-            self.pull()
+            if not self.args.reload_only:
+                self.pull()
+            elif self.args.verbose > 1:
+                print(
+                    f"{time.strftime('%Y-%m-%d %H:%M:%S', time.gmtime())}  Reload",
+                    file=sys.stderr,
+                )
             new_cursor = self.get_cursor()
             if new_cursor != cursor:
                 if self.args.verbose > 0:
@@ -162,7 +170,11 @@ def pull(self) -> None:
             result = subprocess.run(
                 ["git", "pull"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT
             )
-            print(result.stdout.decode("utf-8").strip(), file=sys.stderr)
+            print(
+                f"{time.strftime('%Y-%m-%d %H:%M:%S', time.gmtime())}  "
+                f"{result.stdout.decode('utf-8').strip()}",
+                file=sys.stderr,
+            )
         else:
             subprocess.call(
                 ["git", "pull"], stdout=subprocess.DEVNULL, stderr=subprocess.STDOUT
@@ -537,7 +549,7 @@ def check_positive(value: str) -> int:
 if __name__ == "__main__":
     argParser = argparse.ArgumentParser(
         description="Follow changes (commits) in CVEProject / cvelistV5",
-        usage="%(prog)s [-haou4] [-vvvv] [-i s] [-c N]",
+        usage="%(prog)s [-haoru4] [-vvvv] [-i s] [-c N] [-w N]",
         epilog="Requires git. "
         "Working directory must be the root of the cvelistV5 repository.",
         formatter_class=argparse.ArgumentDefaultsHelpFormatter,
@@ -556,6 +568,13 @@ def check_positive(value: str) -> int:
         help="only the current tail; no active follow",
         default=False,
     )
+    argParser.add_argument(
+        "-r",
+        "--reload-only",
+        action="store_true",
+        help="skip pulls & only follow local changes",
+        default=False,
+    )
     argParser.add_argument(
         "-u",
         "--url",
@@ -582,7 +601,7 @@ def check_positive(value: str) -> int:
         "--interval",
         type=check_positive,
         metavar="s",
-        help="pull interval in seconds",
+        help="pull/reload interval in seconds",
         default=150,
     )
     argParser.add_argument(
@@ -611,4 +630,10 @@ def check_positive(value: str) -> int:
     }
     if args.verbose > 0:
         print(f"VERBOSITY: {verbosity[args.verbose]}", file=sys.stderr)
+    if args.reload_only:
+        print(
+            "Reload only mode; "
+            "make sure the periodic 'git pull' gets run somewhere else",
+            file=sys.stderr,
+        )
     main(args)