In [1]:
from selenium import webdriver
from selenium.webdriver.chrome.options import Options
from selenium.webdriver.chrome.webdriver import WebDriver
from selenium.webdriver.common.by import By
from selenium.webdriver.support.relative_locator import locate_with
from trafilatura import fetch_url, extract

from mongo_handler import setup_mongo_connection, get_reference_list_for_url
from selenium_scraper import setup_driver

In [2]:
mongo_collection = setup_mongo_connection()
cisco_references = get_reference_list_for_url("tools.cisco.com", mongo_collection)
print(f"Found {len(cisco_references)} matching reference urls") # [{'_id': 'CVE-2021-XYZ', 'url': 'https://wpscan.com/wtfxyz42'}]
cisco_references

Found 3019 matching reference urls


[{'_id': 'CVE-2021-1126',
  'url': 'https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infodisc-RJdktM6f'},
 {'_id': 'CVE-2021-1127',
  'url': 'https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-xss-smsz5Vhb'},
 {'_id': 'CVE-2021-1128',
  'url': 'https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-infodisc-4mtm9Gyt'},
 {'_id': 'CVE-2021-1129',
  'url': 'https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-info-RHp44vAC'},
 {'_id': 'CVE-2021-1130',
  'url': 'https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-xss-HfV73cS3'},
 {'_id': 'CVE-2021-1131',
  'url': 'https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcameras-dos-9zdZcUfq'},
 {'_id': 'CVE-2021-1133',
  'url': 'https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-api-path-TpTApx2p'},
 {'_id': 'CVE-2021-11

In [3]:
driver = setup_driver()

In [4]:
url = 'https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-xss-smsz5Vhb'
#url = 'http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl'
driver.get(url)

In [5]:
summary_field = driver.find_element(By.ID, 'summaryfield')
summary_field

<selenium.webdriver.remote.webelement.WebElement (session="f886607e7b2a365def7e78067ac1d1a6", element="d6e2a61d-6d4f-475f-b2d5-df0d5ff268de")>

In [6]:
text: str = summary_field.text
text

'A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface.\nThe vulnerability is due to improper input validation of log file content stored on the affected device. An attacker could exploit this vulnerability by modifying a log file with malicious code and getting a user to view the modified log file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-xss-smsz5Vhb'

In [7]:
text = text.replace('\n', '')
text

'A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface.The vulnerability is due to improper input validation of log file content stored on the affected device. An attacker could exploit this vulnerability by modifying a log file with malicious code and getting a user to view the modified log file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is available at the following link:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-xss-smsz5Vhb'

In [8]:
text = text.split('This advisory is available at the following link:')[0]
text

'A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface.The vulnerability is due to improper input validation of log file content stored on the affected device. An attacker could exploit this vulnerability by modifying a log file with malicious code and getting a user to view the modified log file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.'

In [9]:
text = text.replace('This advisory will be updated as additional information becomes available.', '')
text

'A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface.The vulnerability is due to improper input validation of log file content stored on the affected device. An attacker could exploit this vulnerability by modifying a log file with malicious code and getting a user to view the modified log file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.'

In [10]:
driver.quit()

In [11]:
trafilatura_downloaded = fetch_url(url)
if trafilatura_downloaded is not None:
    trafilatura_result = extract(trafilatura_downloaded)
    print(trafilatura_result)

Cisco Security Advisory
Cisco Enterprise NFV Infrastructure Software Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface.
The vulnerability is due to improper input validation of log file content stored on the affected device. An attacker could exploit this vulnerability by modifying a log file with malicious code and getting a user to view the modified log file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content