With a little side of applesauce...

Tuesday, May 22, 2012

GREP - only display matching text in line

I used the following file to grab all of the CVE numbers from a mixed-text penetration test report:



grep -Ei 'CVE-[0-9]{4}-[0-9]{4}' pentest.csv  | grep -oEi 'CVE-[0-9]{4}-[0-9]{4}'

Here is sample input:



...
*CVE-2010-0434: HTTP header poisoning in mod_headers_x000D_
*CVE-2010-1623: apr_bridage_split_line DoS_x000D_
*CVE-2011-0419: apr_fnmatch flaw leads to mod_autoindex remote DoS_x000D_
*CVE-2011-3368: mod_proxy reverse proxy exposure","Apache - Multiple Vulnerabilities (2.2.3)",,"If the affected modules are not required for a defined business purpose they should be disabled.  If the modules are required then Apache should be upgraded to the latest version, available at: http://httpd.apache.org/ ","Exploitation of these vulnerabilities could allow an attacker to steal session information or redirect visitors to malicious Websites, put the resource into a denial of service state, or possibly execute code with privileges of the web server.","Patch/Version","High","CVE-2010-1452, CVE-2006-5752, CVE-2007-3304, CVE-2007-1863, CVE-2007-3847, CVE-2007-5000, CVE-2007-6422, CVE-2007-6388, CVE-2007-6421, CVE-2007-6420, CVE-2008-0005, CVE-2008-2364, CVE-2008-2939, CVE-2009-1195, CVE-2009-0023, CVE-2009-1955, CVE-2009-1956, CVE-2009-1890, CVE-2009-1891, CVE-2009-2412, CVE-2009-3094, CVE-2009-3095, CVE-2009-2699, CVE-2009-3720, CVE-2009-3560, CVE-2010-0408, CVE-2010-0425, CVE-2010-0434, CVE-2010-1623","Apache httpd mod_deflate DoS (CVE-2009-1891)"," A denial of service flaw was found in the mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file._x000D_
...



Here is sample output:



...
CVE-2010-0434
CVE-2010-1623
CVE-2011-0419
CVE-2011-3368
CVE-2010-1452
CVE-2006-5752
CVE-2007-3304
CVE-2007-1863
CVE-2007-3847
CVE-2007-5000
CVE-2007-6422
CVE-2007-6388
CVE-2007-6421
CVE-2007-6420
CVE-2008-0005
CVE-2008-2364
CVE-2008-2939
CVE-2009-1195
CVE-2009-0023
CVE-2009-1955
CVE-2009-1956
CVE-2009-1890
CVE-2009-1891
CVE-2009-2412
CVE-2009-3094
CVE-2009-3095
CVE-2009-2699
CVE-2009-3720
CVE-2009-3560
CVE-2010-0408
CVE-2010-0425
CVE-2010-0434
CVE-2010-1623
...



Go grep!


No comments: