Page 63 - Hands-On Bug Hunting for Penetration Testers

P. 63

Preparing for an Engagement Chapter 3

That GPSNBU@CVH function will just pull out the information we care about from the
WVMOFSBCJMJUZ dictionary and order the info properly in a list the function will return:
def format_bug(vulnerability):
row = [
vulnerability['severity'],
vulnerability.get('identifiers').get('summary', 'N/A') if
vulnerability.get('identifiers', False) else 'N/A',
vulnerability['file'] + "\n" + vulnerability.get('info',
['N/A'])[0]
]
return row

Then we'll sort the vulnerabilities by severity so that all the different types (high, medium,
low, and so on) are grouped together:

print(
"""
,--. ,---. ,-----.
| |' .-' | |) /_ ,--.,--. ,---. ,---.
,--. | |`. `-. | .-. \| || || .-. |( .-'
| '-' /.-' | | '--' /' '' '' '-' '.-' `)
`-----' `-----' `------' `----' .`- / `----'
`---'
""")
print tabulate(rows, headers=['Severity', 'Summary', 'Info & File'])

Here's what it looks like all together, for reference:
#!/usr/bin/env python2.7

import sys, json
from tabulate import tabulate

data = json.load(sys.stdin)

rows = []
def format_bug(vulnerability):
row = [
vulnerability['severity'],
vulnerability.get('identifiers').get('summary', 'N/A') if
vulnerability.get('identifiers', False) else 'N/A',
vulnerability['file'] + "\n" + vulnerability.get('info',
['N/A'])[0]
]
return row

[ 48 ]

58 59 60 61 62 63 64 65 66 67 68