# CVSS Calculator
### *CVSS Calculator* is a tool that scoring each vulnerability on a variety of measures

## Mesures
**There are six different measures**

In [None]:
mesures_dic = {
    'access_vector' : {
        1:['Local',0.395,'The attacker must have physical or logical access to the affected system'],
        2:['Adjacent Network',0.646,'The attacker must have access to the local network that the affected system is connected to'],
        3:['Network',1.000,'The attacker can exploit the vulnerability remotely over a network']
    },
    'access_complexity' : {
        1:['High',0.35,'Exploiting the vulnerability requires "specialized" conditions that would be difficult to find'],
        2:['Medium',0.610,'Exploiting the vulnerability requires "somewhat 0.610 specialized" conditions'],
        3:['Low',0.710,'Exploiting the vulnerability does not require any specialised condition']
    },
    'authentication' : {
        1:['Multiple',0.450,'Attackers would need to authenticate two or more times to exploit the vulnerability'],
        2:['Single',0.560,'Attackers would need to authenticate once to exploit the vulnerability'],
        3:['None',0.704,'Attackers do not need to authenticate to exploit the vulnerability']
    },
    'confidentiality' : {
        1:['None',0.00,'There is no confidentiality impact'],
        2:['Partial',0.275,'Access to some information is possible, but the attacker does not have control over what information is compromised'],
        3:['Complete',0.660,'All information on the system is compromised']
    },
    'integrity' : {
        1:['None',0.00,'There is no integrity impact'],
        2:['Partial',0.275,'Modification of some information is possible, but the attacker does not have control over what information is modified'],
        3:['Complete',0.660,'The integrity of the system is totally compromised and the attacker may change any information at will']
    },
    'availability' : {
        1:['None',0.00,'There is no availability impact'],
        2:['Partial',0.275,'The performance of the system is degraded'],
        3:['Complete',0.660,'The system is completely shut down']
    }
}

## CVSS Scores 
- **Exploitability Score** = 20 x *AccessVector* x *AccessComplexity* x *Authentication*



In [None]:
# Exploitability score function
exploit_score = lambda av , ac , au : round(20*av*ac*au , 3)


- **Impact Score** = 10.41 x (1- ( 1-*Confidentiality* ) x ( 1-*Integrity* ) x ( 1-*Availability* ))

In [None]:
# Impact score function 
impact_score = lambda c , i , a : round(10.41*(1-(1-c)*(1-i)*(1-a)),3)


- If **Impact Score** = 0 then **Impact Function** = 0   
  If **Impact Score** > 0 then **Impact Function** = 1.176

In [None]:
# Impact functio
def impact_fun(score):
    if score == 0 :
        result = 0 
    else :
        result = 1.176
    return result 


- **Base Score** = ((0.6 x *ImpactScore* ) + (0.4 x *ExploitabilityScore* ) - 1.5 ) x *ImpactFunction*

In [None]:
# Base Score function 
def base_score(im , ex , imf):
    cvss = round(((0.6*im)+(0.4*ex)-1.5)*imf, 3)
    if cvss == 0.0:
        risk = 'None'
    elif cvss >= 0.1 and cvss <= 3.9 :
        risk = 'Low'
    elif cvss >= 4.0 and cvss <= 5.9 :
        risk = 'Medium'
    elif cvss >= 6.0 and cvss <= 8.9 :
        risk = 'High'
    elif cvss >= 9.0 and cvss <=10.0 :
        risk = 'Critical'
    print('CVSS : ', cvss, '\nSeverity of the vulnerability : ', risk)
    

## The description of the metrics
**Clarify the meaning of each metric**

In [None]:
# description function
def desc(dic):
    for i in dic :
        print(i.upper())
        for j in dic[i]:
            print(dic[i][j][0], ':', dic[i][j][2] )
        print()

desc(mesures_dic)

## Input validation 
**Ensure that the user has selected one of the available options**

In [None]:
#input validation function
def valid(ans):
    valid_values = [1, 2, 3]
    while True:
        answer = int(input(ans))
        if answer in valid_values:
            break  # Exit the loop if the input is valid
        else:
            print("\nInvalid input, Please the correct number")
    return answer 

## Selection of metrics
**Let the user choose the metrics of the vulnerability that he wants to evaluate**

In [None]:
try:
    measures = []
    choices = ['Access Vector : \n1: Local\n2: Adjacent Network\n3: Network\n',
           'Access Complexity : \n1: High\n2: Medium\n3: Low\n',
           'Authentication Metric : \n1: Multiple\n2: Single\n3: None\n',
           'Confidentiality Impact : \n1: None\n2: Partial\n3: Complete\n',
           'Integrity Impact : \n1: None\n2: Partial\n3: Complete\n',
           'Availability Impact : \n1: None\n2: Partial\n3: Complete\n']
    for i in choices:
        question = 'Enterr the number of '+ i
        answer = valid(question)
        measures.append(answer)
    
except KeyboardInterrupt:
    print("The process has been interrupted")

## CVSS calculating
**Calculate the CVSS based on what the user chose**

In [None]:
# cvss function
def cvss_score(answer_lis, dic):
    lis = []
    i = 0
    for x in dic :
        value = dic[x][answer_lis[i]][1]
        lis.append(value)
        i += 1
    x = exploit_score(lis[0], lis[1], lis[2])
    y = impact_score (lis[3], lis[4], lis[5]) 
    z = impact_fun(y) 
    print('The exploitability Score is ', x)
    print('The Impact Score Score is ', y)
    m = base_score(y, x, z) 
    
cvss_score(measures, mesures_dic)