In [10]:
from crewai import Agent, Task, Crew, Process
from langchain_openai import ChatOpenAI
from typing import List
import asyncio

from dotenv import dotenv_values
from dotenv import load_dotenv
import os
#from crewai_tools import SerperDevTool
import requests
import json


In [11]:
# load .env file to environment
load_dotenv()

config = dotenv_values("../.env")

# Set up API keys (replace with your actual API keys)
os.environ["OPENAI_API_KEY"] = config['OPENAI_API_KEY']
#os.environ["SERPER_API_KEY"] = config['SERPER_API_KEY']
#os.environ["ANTHROPIC_API_KEY"] = config['ANTHROPIC_API_KEY']
#os.environ["GOOGLE_API_KEY"] = config['GOOGLE_API_KEY']

#If using env vars
#GOOGLE_API_KEY=config['GOOGLE_API_KEY']
#OPENAI_API_KEY=config['OPENAI_API_KEY']
#ANTHROPIC_API_KEY=config['ANTHROPIC_API_KEY']

# Initialize the language model
llm = ChatOpenAI(temperature=0)

In [19]:
#==================================================
# Define the tools
#==================================================

def search_nvd(keyword, max_results=3):
    base_url = "https://services.nvd.nist.gov/rest/json/cves/2.0"
    params = {
        "keywordSearch": keyword,
        "resultsPerPage": max_results
    }
    
    try:
        response = requests.get(base_url, params=params)
        response.raise_for_status()  # Raises an HTTPError for bad responses
        data = response.json()
        
        results = []
        for vuln in data.get('vulnerabilities', []):
            cve = vuln['cve']
            results.append({
                'id': cve['id'],
                'description': cve['descriptions'][0]['value'] if cve['descriptions'] else 'No description available',
                'published': cve['published'],
                'lastModified': cve['lastModified']
            })
        
        return results
    except requests.RequestException as e:
        print(f"An error occurred: {e}")
        return []

# Example usage
search_query = "improper validation of string input"
results = search_nvd(search_query)

print(f"Search results for '{search_query}':")
for result in results:
    print(f"\n{result['id']}" ": " f"Description: {result['description']}")
    #print(f"\nID: {result['id']}")
    #print(f"Description: {result['description']}")
    #print(f"Published: {result['published']}")
    #print(f"Last Modified: {result['lastModified']}")

Search results for 'improper validation of string input':

CVE-2017-12243: Description: A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device. Cisco Bug IDs: CSCvf20741, CSCvf60078.

CVE-2019-1831: Description: A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An

In [7]:

#==================================================
# Define the agents
#==================================================

keyphrases_extractor = Agent(
    role='Keyphrases Extractor',
    goal='Extract key phrases from vulnerability descriptions',
    backstory='You are an expert in cybersecurity language and can identify crucial elements in vulnerability descriptions.',
    allow_delegation=False,
    llm=llm
)

cwe_observer = Agent(
    role='CWE Observer',
    goal='Find CVEs with similar weakness keyphrases from CWE Observed Examples',
    backstory='You have extensive knowledge of Common Weakness Enumeration (CWE) and can identify related CVEs.',
    allow_delegation=False,
    llm=llm
)

top25_cwe_analyst = Agent(
    role='Top 25 CWE Analyst',
    goal='Identify CVEs with similar weakness keyphrases from Top 25 CWE Mappings',
    backstory='You specialize in the OWASP Top 25 Common Weakness Enumeration and can find relevant CVEs.',
    allow_delegation=False,
    llm=llm
)

nvd_researcher = Agent(
    role='NVD Researcher',
    goal='Discover CVEs with similar weakness keyphrases from the National Vulnerability Database',
    backstory='You are an expert in navigating the National Vulnerability Database and can find pertinent CVEs.',
    allow_delegation=False,
    llm=llm
)

report_creator = Agent(
    role='Report Creator',
    goal='Create a comprehensive vulnerability report',
    backstory='You are skilled in synthesizing information from various sources to create detailed cybersecurity reports.',
    allow_delegation=False,
    llm=llm
)

report_reviewer = Agent(
    role='Report Reviewer',
    goal='Review and improve the vulnerability report',
    backstory='You have years of experience in reviewing and enhancing cybersecurity reports, ensuring they are accurate and actionable.',
    allow_delegation=False,
    llm=llm
)




#==================================================
# Define the tasks
#==================================================     

extract_key_phrases = Task(
    description=f"Extract key phrases from the following vulnerability description: {vulnerability_description}",
    expected_output="A list of key phrases that accurately represent the core aspects of the vulnerability.",
    output_file="task1output.txt",
    agent=keyphrases_extractor,
)

find_similar_cves_from_cwes_observed = Task(
    description="Find CVEs with similar weakness keyphrases from CWE Observed Examples using the extracted key phrases.",
    expected_output="A list of relevant CVEs from CWE Observed Examples, including their IDs and brief descriptions.",
    async_execution=True,
    output_file="task2output.txt",
    agent=cwe_observer,
    context=[extract_key_phrases]
)

find_similar_cves_from_top25 = Task(
    description="Identify CVEs with similar weakness keyphrases from Top 25 CWE Mappings using the extracted key phrases.",
    expected_output="A list of relevant CVEs from Top 25 CWE Mappings, including their IDs, rankings, and brief descriptions.",
    async_execution=True,
    output_file="task3output.txt",
    agent=top25_cwe_analyst,
    context=[extract_key_phrases]
)

find_similar_cves_from_nvd = Task(
    description="Discover CVEs with similar weakness keyphrases from the National Vulnerability Database using the extracted key phrases.",
    expected_output="A comprehensive list of relevant CVEs from the NVD, including their IDs, CVSS scores, and brief descriptions.",
    async_execution=True,
    output_file="task4output.txt",
    agent=nvd_researcher,
    context=[extract_key_phrases]
)

create_vulnerability_report = Task(
    description="Create a comprehensive report based on the vulnerability description, extracted key phrases, and identified CVEs from all sources.",
    expected_output="A detailed report that includes an overview of the vulnerability, analysis of related CVEs, potential impact, and initial recommendations for mitigation.",
    output_file="task5output.txt",
    agent=report_creator,
    context=[find_similar_cves_from_cwes_observed, find_similar_cves_from_top25, find_similar_cves_from_nvd]
)

review_vulnerability_report = Task(
    description="Review the created report, provide feedback, and improve it if necessary.",
    expected_output="A final, polished report that incorporates any necessary improvements, ensures accuracy, and provides actionable insights for addressing the vulnerability.",
    output_file="task6output.txt",
    agent=report_reviewer,
)


# Main function to run the vulnerability analysis
def analyze_vulnerability(vulnerability_description: str) -> str:
    tasks = create_tasks(vulnerability_description)
    vulnerability_analysis_crew = Crew(
        agents=[keyphrases_extractor, cwe_observer, top25_cwe_analyst, nvd_researcher, report_creator, report_reviewer],
        tasks=[extract_key_phrases, find_similar_cves_from_cwes_observed, find_similar_cves_from_top25, find_similar_cves_from_nvd, create_vulnerability_report,review_vulnerability_report],
        process=Process.sequential
    )
    result = vulnerability_analysis_crew.kickoff()
    return result

# Example usage
if __name__ == "__main__":
    vulnerability_description = "A buffer overflow vulnerability in the XYZ software allows remote attackers to execute arbitrary code."
    final_report = analyze_vulnerability(vulnerability_description)
    print("Final Vulnerability Analysis Report:")
    print(final_report)



Final Vulnerability Analysis Report:
**Enhanced Vulnerability Report**

**Overview:**
The XYZ software is plagued with multiple buffer overflow vulnerabilities that can be exploited by remote attackers to execute arbitrary code on the affected systems. These vulnerabilities pose a significant risk to the confidentiality, integrity, and availability of the systems running the XYZ software.

**Analysis of CVEs:**
1. CVE-2021-1234:
   - Description: Buffer overflow vulnerability in XYZ software allows remote attackers to execute arbitrary code via a crafted input.
   - CVSS Score: Not available
   - Potential Impact: High
   - Recommendation: Immediate patching and input validation measures should be implemented to mitigate the risk.

2. CVE-2020-5678:
   - Description: XYZ software is prone to a buffer overflow vulnerability that can be exploited by remote attackers to execute arbitrary code on the affected system.
   - CVSS Score: Not available
   - Potential Impact: High
   - Recommend