Release 3.4: Added --show-cves-descriptions option

README.md

@@ -18,10 +18,11 @@
     + [x] Retrieving list of computers from a Windows domain through an LDAP query to use them as a list of targets.
     + [x] Reading targets line by line from a file.
     + [x] Reading individual targets (IP/DNS/CIDR) from `-tt/--target` option. 
+    + [x] Reading individual targets URLs from `-tu/--target-url` option. 
  - [x] Custom list of ports to test.
  - [x] Tests for `/manager/html` accessibility.
  - [x] Tests for default credentials to access the Tomcat Manager.
- - [x] List the CVEs of each version with the `--list-cves` option
+ - [x] List the CVEs of each version with the `--list-cves` option, print detailed CVEs descriptions with `--show-cves-descriptions`
 
 
 ## Installation
@@ -36,12 +37,12 @@ sudo python3 -m pip install apachetomcatscanner
 
 ```
 $ ./ApacheTomcatScanner.py -h
-Apache Tomcat Scanner v3.3 - by @podalirius_
+Apache Tomcat Scanner v3.4 - by @podalirius_
 
-usage: apachetomcatscanner [-h] [-v] [--debug] [-C] [-T THREADS] [-s] [--no-colors] [--only-http] [--only-https] [--export-xlsx EXPORT_XLSX] [--export-json EXPORT_JSON] [--export-sqlite EXPORT_SQLITE] [-PI PROXY_IP]
-                           [-PP PROXY_PORT] [-rt REQUEST_TIMEOUT] [--tomcat-username TOMCAT_USERNAME] [--tomcat-usernames-file TOMCAT_USERNAMES_FILE] [--tomcat-password TOMCAT_PASSWORD]
-                           [--tomcat-passwords-file TOMCAT_PASSWORDS_FILE] [-tf TARGETS_FILE] [-tt TARGET] [-tu TARGET_URL] [-tp TARGET_PORTS] [-ad AUTH_DOMAIN] [-ai AUTH_DC_IP] [-au AUTH_USER] [-ap AUTH_PASSWORD]
-                           [-ah AUTH_HASHES] [--ldaps] [--subnets]
+usage: ApacheTomcatScanner.py [-h] [-v] [--debug] [-C] [--show-cves-descriptions] [-T THREADS] [-s] [--no-colors] [--only-http] [--only-https] [--export-xlsx EXPORT_XLSX] [--export-json EXPORT_JSON] [--export-sqlite EXPORT_SQLITE]
+                              [-PI PROXY_IP] [-PP PROXY_PORT] [-rt REQUEST_TIMEOUT] [--tomcat-username TOMCAT_USERNAME] [--tomcat-usernames-file TOMCAT_USERNAMES_FILE] [--tomcat-password TOMCAT_PASSWORD]
+                              [--tomcat-passwords-file TOMCAT_PASSWORDS_FILE] [-tf TARGETS_FILE] [-tt TARGET] [-tu TARGET_URL] [-tp TARGET_PORTS] [-ad AUTH_DOMAIN] [-ai AUTH_DC_IP] [-au AUTH_USER] [-ap AUTH_PASSWORD]
+                              [-ah AUTH_HASHES] [--ldaps] [--subnets]
 
 A python script to scan for Apache Tomcat server vulnerabilities.
 
@@ -50,6 +51,8 @@ options:
   -v, --verbose         Verbose mode. (default: False)
   --debug               Debug mode, for huge verbosity. (default: False)
   -C, --list-cves       List CVE ids affecting each version found. (default: False)
+  --show-cves-descriptions
+                        Show description of found CVEs. (default: False)
   -T THREADS, --threads THREADS
                         Number of threads (default: 250)
   -s, --servers-only    If querying ActiveDirectory, only get servers and not all computer objects. (default: False)

apachetomcatscanner/Config.py

@@ -20,6 +20,7 @@ class Config(object):
     request_available_schemes = ["http"]
 
     list_cves_mode = False
+    show_cves_descriptions_mode = False
 
     debug_mode = False
     verbose_mode = False
@@ -146,4 +147,9 @@ def get_no_colors(self):
 
     def set_no_colors(self, value):
         self.no_colors = value
-
+
+    def get_show_cves_descriptions_mode(self):
+        return self.show_cves_descriptions_mode
+
+    def set_show_cves_descriptions_mode(self, value):
+        self.show_cves_descriptions_mode = value

apachetomcatscanner/Reporter.py

@@ -72,10 +72,15 @@ def print_new_results(self):
                     print(prompt % (finding["version"], finding["computer_ip"], finding["computer_port"]))
 
                 # List of cves
-                if self.config.list_cves_mode == True:
+                if self.config.list_cves_mode == True and self.config.show_cves_descriptions_mode == False:
                     cve_list = self.vulns_db.get_vulnerabilities_of_version_sorted_by_criticity(finding["version"], colors=True, reverse=True)
+                    cve_list = [cve_colored for cve_colored, cve_content in cve_list]
                     if len(cve_list) != 0:
                         print("  | CVEs: %s" % ', '.join(cve_list))
+                elif self.config.show_cves_descriptions_mode == True:
+                    cve_list = self.vulns_db.get_vulnerabilities_of_version_sorted_by_criticity(finding["version"], colors=True, reverse=True)
+                    for cve_colored, cve_content in cve_list:
+                        print("  | %s: %s" % (cve_colored, cve_content["description"]))
 
                 self._new_results.remove(finding)
         except Exception as e:

apachetomcatscanner/VulnerabilitiesDB.py

@@ -62,7 +62,7 @@ def get_vulnerabilities_of_version_sorted_by_criticity(self, version_tag, colors
             vulnerabilities = sorted(vulnerabilities, key=lambda cve: cve["cvss"]["score"], reverse=reverse)
             if colors:
                 vulnerabilities = [
-                    colored_criticity[vuln["cvss"]["criticity"]] % vuln["cve"]["id"]
+                    (colored_criticity[vuln["cvss"]["criticity"]] % vuln["cve"]["id"], vuln)
                     for vuln in vulnerabilities
                 ]
         return vulnerabilities

apachetomcatscanner/__main__.py

@@ -19,7 +19,7 @@
 from concurrent.futures import ThreadPoolExecutor
 
 
-VERSION = "3.3"
+VERSION = "3.4"
 
 banner = """Apache Tomcat Scanner v%s - by @podalirius_\n""" % VERSION
 
@@ -136,6 +136,7 @@ def parseArgs():
     parser.add_argument("-v", "--verbose", default=False, action="store_true", help="Verbose mode. (default: False)")
     parser.add_argument("--debug", default=False, action="store_true", help="Debug mode, for huge verbosity. (default: False)")
     parser.add_argument("-C", "--list-cves", default=False, action="store_true", help="List CVE ids affecting each version found. (default: False)")
+    parser.add_argument("--show-cves-descriptions", default=False, action="store_true", help="Show description of found CVEs. (default: False)")
     parser.add_argument("-T", "--threads", default=250, type=int, help="Number of threads (default: 250)")
     parser.add_argument("-s", "--servers-only", default=False, action="store_true", help="If querying ActiveDirectory, only get servers and not all computer objects. (default: False)")
     parser.add_argument("--no-colors", default=False, action="store_true", help="Disable colored output. (default: False)")
@@ -201,6 +202,7 @@ def main():
     config.set_request_proxies(options.proxy_ip, options.proxy_port)
     # config.set_request_no_check_certificate(options.no_check_certificate)
     config.set_list_cves_mode(options.list_cves)
+    config.set_show_cves_descriptions_mode(options.show_cves_descriptions)
 
     config.load_credentials_from_options(options.tomcat_username, options.tomcat_password, options.tomcat_usernames_file, options.tomcat_passwords_file)
 

setup.py

@@ -14,7 +14,7 @@
 
 setuptools.setup(
     name="apachetomcatscanner",
-    version="3.3",
+    version="3.4",
     description="",
     url="https://github.com/p0dalirius/ApacheTomcatScanner",
     author="Podalirius",