This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Disclaimer
JUMPCLOUD EXPRESSLY DISCLAIMS ALL REPRESENTATIONS, WARRANTIES, CONDITIONS, AND LIABILITIES OF ANY KIND ARISING FROM OR RELATED TO THIRD-PARTY SOFTWARE, SCRIPTS, REPOSITORIES, AND APIS. JUMPCLOUD IS NOT REQUIRED TO SUPPORT ANY SUCH THIRD-PARTY MATERIALS AND ALL RISKS RELATED TO THIRD-PARTY MATERIALS ARE YOUR RESPONSIBILITY. PLEASE ALSO REVIEW THE JUMPCLOUD TOS.

[PowerShell] How to scan for vulnerable applications? "JC - Get Vulnerabilities for an installed Application.ps1" is here for you.

JuergenKlaassen
Rising Star III
Rising Star III

‎01-17-2024 03:54 AM - edited ‎01-17-2024 03:57 AM

Hi Community Folks

Over the festive season I pondered a bit more about the possibility to scan a JumpCloud managed environment for application vulnerabilities.
The National Vulnerability Database by NIST provides an API to make queries against it and you'll need an API-key for that if you want to make use of this script. Get one here, no worries: it's free
I made experiments with direct REST-API-calls via Powershell, but wasn't satisfied as the usage isn't that straightforward actually - or at least not without putting much more time into it first. 

What I found then is a fairly new PowerShell Module for the NVD written by Dan Gough (big kudos for that!) and you can find the module here - you'll need that as well when using this script. 

That said, you're requirements are the following:

  1. JumpCloud API-Key (Read-only will do)
  2. This script
  3. NVD API Key
  4. Posh-CVE PowerShell Module
  5. JumpCloud PowerShell Module

Now you have all the ingredients already and your good to go. 

Screen Recording 2024-01-17 at 16.28.21.gif

What the script will do is:

  • Prompt for an application name, i.e. 'Edge', 'Chrome' or 'Microsoft Outlook'
  • it then iterates through all systems by using 'Get-JCStystemApp' and 'Get-JCSystem'
  • it makes a keyword search against the NVD DB using the PoshCVE-module 
  • it creates a table with all found vulnerabilities
  • ... and finally writes the results into a CSV file for further consumption. 

You can modify the columns to your needs and add/remove as needed.

 

        if ($vulnerabilities) {
            Write-Output "`tVulnerabilities: $($vulnerabilities.Count) $($vulnerabilities.CVE)"
            foreach ($vuln in $vulnerabilities) {
                $vulnerabilityData += [PSCustomObject]@{
                    CVE = $vuln.CVE
                    Score = $vuln.CVSSv3Score
                    Severity = $vuln.CVSSv3Severity
                    Description = $vuln.Description
                    OS = $os
                    SystemID = $systemId
                    Hostname = $hostname
                }

 

Is it failsafe? 
No, it's not. I did a bunch of tests and they were pretty satisfying so far, but yes, you will have false positives etc. 
It's a good start to get a picture and more actionable visibility. For example you can make use of this when there are Zero-Days in the wild like this one for Google Chrome.

Labels:
1 REPLY 1

JCDavid
Iron II
Iron II

‎01-17-2024 05:07 PM - edited ‎01-17-2024 05:07 PM

There were plenty of false positives with OpenVAS using an Alienvault appliance a few years back. Nothing out of the ordinary IMHO.

0 Kudos
You Might Like

New to the site? Take a look at these additional resources:

Community created scripts:

Our new Radical Admin blog:

Keep up with Product News:

Read our community guidelines

Ready to join us? You can register here.