185 lines
7.0 KiB
Python
185 lines
7.0 KiB
Python
#!/usr/bin/env python3
|
|
"""
|
|
Create comprehensive test with Windows and RHEL Plugin 66334 formats
|
|
"""
|
|
|
|
import xml.etree.ElementTree as ET
|
|
from xml.dom import minidom
|
|
|
|
|
|
def create_windows_host(report, host_ip, host_name):
|
|
"""Create Windows host with vulnerabilities"""
|
|
report_host = ET.SubElement(report, 'ReportHost', name=host_ip)
|
|
|
|
# Host properties
|
|
host_properties = ET.SubElement(report_host, 'HostProperties')
|
|
tag = ET.SubElement(host_properties, 'tag', name='netbios-name')
|
|
tag.text = host_name
|
|
|
|
# Windows vulnerabilities
|
|
vulns = [
|
|
{'plugin_id': '200001', 'name': 'MS KB5073724 Security Update', 'severity': '4', 'cves': ['CVE-2024-0001', 'CVE-2024-0002']},
|
|
{'plugin_id': '200002', 'name': 'MS KB5049613 Critical Patch', 'severity': '4', 'cves': ['CVE-2024-0003']},
|
|
{'plugin_id': '200003', 'name': 'Adobe AIR < 23.0.0.257 Multiple Vulnerabilities', 'severity': '4', 'cves': ['CVE-2024-0010', 'CVE-2024-0011']},
|
|
{'plugin_id': '200004', 'name': 'Adobe AIR Unsupported Version', 'severity': '3', 'cves': ['CVE-2024-0012']},
|
|
{'plugin_id': '200005', 'name': 'Curl Use-After-Free < 7.87', 'severity': '4', 'cves': ['CVE-2022-43552']},
|
|
{'plugin_id': '200006', 'name': 'Microsoft Edge < 143.0.3650.139', 'severity': '3', 'cves': ['CVE-2026-0628']},
|
|
]
|
|
|
|
for vuln in vulns:
|
|
report_item = ET.SubElement(report_host, 'ReportItem',
|
|
port='0', svc_name='general', protocol='tcp',
|
|
severity=vuln['severity'], pluginID=vuln['plugin_id'], pluginName=vuln['name'])
|
|
for cve in vuln['cves']:
|
|
cve_elem = ET.SubElement(report_item, 'cve')
|
|
cve_elem.text = cve
|
|
|
|
# Plugin 66334
|
|
patch_output = """
|
|
. You need to take the following 18 actions :
|
|
|
|
+ Install the following Microsoft patches :
|
|
- KB5073724 (39 vulnerabilities)
|
|
- KB5049613
|
|
- KB5044023
|
|
- KB5039893
|
|
- KB5039884
|
|
- KB5036608
|
|
- KB5033909
|
|
- KB5031988
|
|
|
|
[ Adobe AIR <= 22.0.0.153 Android Applications Runtime Analytics MitM (APSB16-31) (93523) ]
|
|
|
|
+ Action to take : Upgrade to Adobe AIR version 23.0.0.257 or later.
|
|
|
|
+Impact : Taking this action will resolve 564 different vulnerabilities (CVEs).
|
|
|
|
|
|
[ Curl Use-After-Free < 7.87 (CVE-2022-43552) (171859) ]
|
|
|
|
+ Action to take : Upgrade Curl to version 7.87.0 or later
|
|
|
|
|
|
[ Microsoft Edge (Chromium) < 143.0.3650.139 (CVE-2026-0628) (282534) ]
|
|
|
|
+ Action to take : Upgrade to Microsoft Edge version 143.0.3650.139 or later.
|
|
|
|
+Impact : Taking this action will resolve 96 different vulnerabilities (CVEs).
|
|
"""
|
|
|
|
report_item = ET.SubElement(report_host, 'ReportItem',
|
|
port='0', svc_name='general', protocol='tcp',
|
|
severity='0', pluginID='66334', pluginName='Patch Report')
|
|
plugin_output = ET.SubElement(report_item, 'plugin_output')
|
|
plugin_output.text = patch_output
|
|
|
|
|
|
def create_rhel_host(report, host_ip, host_name):
|
|
"""Create RHEL host with vulnerabilities"""
|
|
report_host = ET.SubElement(report, 'ReportHost', name=host_ip)
|
|
|
|
# Host properties
|
|
host_properties = ET.SubElement(report_host, 'HostProperties')
|
|
tag = ET.SubElement(host_properties, 'tag', name='host-fqdn')
|
|
tag.text = f"{host_name}.company.local"
|
|
|
|
# RHEL vulnerabilities
|
|
vulns = [
|
|
{'plugin_id': '300001', 'name': 'Apache Log4j 1.2 JMSAppender RCE', 'severity': '4', 'cves': ['CVE-2021-4104']},
|
|
{'plugin_id': '300002', 'name': 'Oracle Java SE July 2022 CPU', 'severity': '4', 'cves': ['CVE-2024-0020', 'CVE-2024-0021']},
|
|
{'plugin_id': '300003', 'name': 'RHEL 8 : java-1.8.0-openjdk (RHSA-2025:18815)', 'severity': '3', 'cves': ['CVE-2024-0030']},
|
|
{'plugin_id': '300004', 'name': 'RHEL 8 : NetworkManager (RHSA-2025:0288)', 'severity': '2', 'cves': []},
|
|
{'plugin_id': '300005', 'name': 'RHEL 8 : NetworkManager-libreswan (RHSA-2024:8353)', 'severity': '2', 'cves': []},
|
|
{'plugin_id': '300006', 'name': 'RHEL 8 : bcc (RHSA-2024:8831)', 'severity': '2', 'cves': []},
|
|
]
|
|
|
|
for vuln in vulns:
|
|
report_item = ET.SubElement(report_host, 'ReportItem',
|
|
port='0', svc_name='general', protocol='tcp',
|
|
severity=vuln['severity'], pluginID=vuln['plugin_id'], pluginName=vuln['name'])
|
|
for cve in vuln['cves']:
|
|
cve_elem = ET.SubElement(report_item, 'cve')
|
|
cve_elem.text = cve
|
|
|
|
# Plugin 66334
|
|
patch_output = """
|
|
. You need to take the following 110 actions :
|
|
|
|
|
|
[ Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104) (156103) ]
|
|
|
|
+ Action to take : Upgrade to Apache Log4j version 2.16.0 or later since 1.x is end of life.
|
|
|
|
Upgrading to the latest versions for Apache Log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities.
|
|
|
|
|
|
[ Oracle Java SE Multiple Vulnerabilities (July 2022 CPU) (163304) ]
|
|
|
|
+ Action to take : Apply the appropriate patch according to the July 2022 Oracle Critical Patch Update advisory.
|
|
|
|
+Impact : Taking this action will resolve 348 different vulnerabilities (CVEs).
|
|
|
|
|
|
[ RHEL 8 / 9 : java-1.8.0-openjdk (RHSA-2025:18815) (271273) ]
|
|
|
|
+ Action to take : Update the RHEL java-1.8.0-openjdk package based on the guidance in RHSA-2025:18815.
|
|
|
|
+Impact : Taking this action will resolve 24 different vulnerabilities (CVEs).
|
|
|
|
|
|
[ RHEL 8 : Bug fix of NetworkManager (Moderate) (RHSA-2025:0288) (214070) ]
|
|
|
|
+ Action to take : Update the affected packages.
|
|
|
|
|
|
[ RHEL 8 : NetworkManager-libreswan (RHSA-2024:8353) (209549) ]
|
|
|
|
+ Action to take : Update the RHEL NetworkManager-libreswan package based on the guidance in RHSA-2024:8353.
|
|
|
|
|
|
[ RHEL 8 : bcc (RHSA-2024:8831) (210348) ]
|
|
|
|
+ Action to take : Update the RHEL bcc package based on the guidance in RHSA-2024:8831.
|
|
"""
|
|
|
|
report_item = ET.SubElement(report_host, 'ReportItem',
|
|
port='0', svc_name='general', protocol='tcp',
|
|
severity='0', pluginID='66334', pluginName='Patch Report')
|
|
plugin_output = ET.SubElement(report_item, 'plugin_output')
|
|
plugin_output.text = patch_output
|
|
|
|
|
|
def main():
|
|
root = ET.Element('NessusClientData_v2')
|
|
report = ET.SubElement(root, 'Report', name='Comprehensive Patch Report Test')
|
|
|
|
# Create Windows host
|
|
create_windows_host(report, "169.254.33.107", "DESKTOP-UE5DFOC")
|
|
|
|
# Create RHEL host
|
|
create_rhel_host(report, "192.168.1.50", "rhel-server01")
|
|
|
|
# Pretty print
|
|
xml_str = minidom.parseString(ET.tostring(root)).toprettyxml(indent=" ")
|
|
|
|
filename = 'comprehensive_patch_test.nessus'
|
|
with open(filename, 'w') as f:
|
|
f.write(xml_str)
|
|
|
|
print(f"✓ Created comprehensive test file: {filename}")
|
|
print("\nIncludes:")
|
|
print(" HOST 1 (Windows):")
|
|
print(" - KB patches with and without counts")
|
|
print(" - Adobe AIR upgrade")
|
|
print(" - Curl upgrade")
|
|
print(" - Microsoft Edge upgrade")
|
|
print("\n HOST 2 (RHEL 8):")
|
|
print(" - Apache Log4j upgrade")
|
|
print(" - Oracle Java patches")
|
|
print(" - RHEL package updates (java, NetworkManager, bcc)")
|
|
print("\nTest with:")
|
|
print(" python patch_report_extractor.py comprehensive_patch_test.nessus --summary -o result.csv")
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main() |