# Run cvemap and give everything that is critical, has a poc and is known to be exploitable by CISA #.\cvemap.exe -severity=high -f poc,vendor -poc=true -json > new_vulns.json .\cvemap.exe -severity=critical -severity=high -es '> 0.01' -poc=true -l 1000 -json > new_vulns.json # Paths to the JSON files $newJsonFilePath = "new_vulns.json" $databaseJsonFilePath = "cve_database.json" # Read the newly fetched JSON file $newJsonContent = Get-Content -Path $newJsonFilePath | ConvertFrom-Json # Read the existing CVE database JSON file if (Test-Path $databaseJsonFilePath) { $databaseJsonContent = Get-Content -Path $databaseJsonFilePath | ConvertFrom-Json } else { # If it doesn't exist, create an empty database file $databaseJsonContent = @() } # Array to store new vulnerabilities $newVulnerabilities = @() # Check if each vulnerability is new foreach ($vuln in $newJsonContent) { $cveId = $vuln.cve_id # Check if CVE ID already exists in the database $existingVuln = $databaseJsonContent | Where-Object { $_.cve_id -eq $cveId } if (-not $existingVuln) { # Append the new vulnerability to the array $newVulnerabilities += $vuln } } if (-not $newVulnerabilities) { Write-Host "Nothing to worry about today. You can go back to sleep :) " -ForegroundColor Green } # Create a new array to merge the existing database content and new vulnerabilities $mergedContent = @() $mergedContent += $databaseJsonContent $mergedContent += $newVulnerabilities # Convert the entire merged content to JSON and write it to file $mergedContent | ConvertTo-Json -Depth 100 | Set-Content -Path $databaseJsonFilePath # Define the list of vendors and products to ignore $ignoreVendors = "bloofox", "vendor2" $ignoreProducts = "firmware", "product2" # Convert the ignore lists to regular expressions $ignoreVendorRegex = ($ignoreVendors | ForEach-Object { [regex]::Escape($_) }) -join "|" $ignoreProductRegex = ($ignoreProducts | ForEach-Object { [regex]::Escape($_) }) -join "|" # Now let's parse the new data # Select relevant fields and filter out entries containing ignored vendors or products $filteredData = $newVulnerabilities | Where-Object { $_.cpe.vendor -notmatch $ignoreVendorRegex -and $_.cpe.product -notmatch $ignoreProductRegex } | ForEach-Object { [PSCustomObject]@{ Vendor = $_.cpe.vendor Product = $_.cpe.product cve_id = $_.cve_id is_exploited = $_.is_exploited age = $_.age_in_days cve_description = $_.cve_description cvss_score = $_.cvss_score severity = $_.severity References = $_.reference -join "`n" # Join references with newline POCs = $_.poc.url -join "`n" # Join POCs with newline vendor_advisory = $_.vendor_advisory } } # Display the filtered data with dataset labels foreach ($dataset in $filteredData) { Write-Host -ForegroundColor yellow "##########" $dataset Write-Host -ForegroundColor yellow "##########" Write-Host "" } <# # Send messages to Teams channel for new vulnerabilities foreach ($newVuln in $newVulnerabilities) { $cveId = $newVuln.cve_id $vendor = $newvuln.cpe.vendor $product = $newvuln.cpe.product $teamsWebhookUrl = "https://vorwerkholding.webhook.office.com/webhookb2/ec845563-2b6a-4746-8944-9e604d1fc170@7106b467-21bb-484c-9e4d-75fc460bec04/IncomingWebhook/c45ab5d54acb4b7cb341e31b5ce0896e/a6fc7c92-bde3-45c2-8830-abdc5a9ddf0a" # Prepare message for Teams $teamsMessage = @{ "@type" = "MessageCard" "@context" = "http://schema.org/extensions" "summary" = "New Vulnerability Detected: $cveId" "themeColor" = "0078D7" "sections" = @( @{ "activityTitle" = "New Vulnerability: " + $vendor + " " + $product "activitySubtitle" = "CVE ID: $cveId" "facts" = @( @{ "name" = "Description" "value" = $newVuln.cve_description }, @{ "name" = "Severity" "value" = $newVuln.severity }, @{ "name" = "CVSS Score" "value" = $newVuln.cvss_score } @{ "name" = "Vendor Advisory" "value" = $newVuln.vendor_advisory } ) } ) } $teamsMessageJson = $teamsMessage | ConvertTo-Json -Depth 100 Invoke-RestMethod -Uri $teamsWebhookUrl -Method Post -Body $teamsMessageJson -ContentType "application/json" } #>