pz6j89 10 Geschrieben 16. Juni 2023 Melden Teilen Geschrieben 16. Juni 2023 Servus zusammen. Ich nutze auf meinem Windows Server 2016 den CVE-Reporter von FrankysWeb (https://www.frankysweb.de/cve-reporter/). Seit etwa Anfang des Jahres wirft der Download (realisiert mit Invoke-WebRequest Befehl) immer folgenden Fehler: Downloading CVE Feed Download failed: An exception was caught: Die Anfrage wurde abgebrochen: Es konnte kein geschützter SSL/TLS-Kanal erstellt werden.. Failed URI: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-recent.json.zip Das Skript läuft, wenn ich es auf meinem Rechner (Windows 11) ausführe, ohne Probleme. Daher denke ich dass über irgendein Windows Update irgendwas speziell beim Windows Server OS reinkam dass diese Verbindung nun verhindert. Ich habe selbstverständlich sehr intensiv Google benutzt und schon alle möglichen Lösungsvorschläge ausprobiert, aber nicht einer hat funktioniert (z.B. wie die TLS VErsionen setzen etc.) Weiterhin habe ich auf den Skript Seite von FRankysWeb auch einen Kommentar geschrieben in dem ich das Problem geschildert habe der weder veröffentlicht noch beantwortet wurde. Daher meine Frage hier. Evtl. habt ihr ja eine Idee. Hier das Powershell Skript: <# .SYNOPSIS Creates an E-Mail Report with CVEs matches search pattern .DESCRIPTION This script will download NIST recent CVE data feed and searches for given keywords. Based on search pattern this script generates an HTML E-Mail report with CVEs and CVE description. NIST National Vulnerability Database (NVD) JSON Recent Feed URL visit here: https://nvd.nist.gov/vuln/data-feeds#APIS .EXAMPLE .\Create-CVEReport.ps1 .INPUTS No Input requierd, you have to change E-Mail Settings and search pattern insinde this script .OUTPUTS HTML E-Mail Report Console Log .NOTES Author: Frank Zoechling Website: https://www.frankysweb.de Twitter: @FrankysWeb #> #-------------------------------- #Set TLS Protocol #[Net.ServicePointManager]::SecurityProtocol = "Tls13" #Search Pattern $SearchPatternList=@( "*Windows*Server*", "*Exchange*Server*", "*sql*server*", "*vCenter*", "*ESXi*", "*vmware*", "*hyperv*", "*veeam*", "*ubiquiti*", "*fortinet*", "*fortigate*", "*forticlient*", "*ironport*", "*cisco*email*security*appliance*", "*sophos*utm*", "*gdata*", "*kaba*" ) #MailSettings $SMTPServer = "XXXXX" $Sender = "XXXXXX" $Recipient = "XXXXX" $Subject = "Daily CVE Report" #-------------------------------- #Download URL NIST CVE Feed $NISTFeedURL = "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-recent.json.zip" #ScriptStartTime $StartTimeStamp = get-date #Functions function Report-DownloadFailure ($Message, $URI) { write-output "Download failed:" Write-output " An exception was caught: $Message" Write-output " Failed URI: $URI" break } function Report-UnzipFailure ($Message, $File) { write-output "Unzip failed:" Write-output " An exception was caught: $Message" Write-output " Failed File: $File" break } function Report-JSONLoadFailure ($Message, $File) { write-output "Loading JSON File failed:" Write-output " An exception was caught: $Message" Write-output " Failed File: $File" break } function Report-MetadataLoadFailure ($Message) { write-output "Loading Feed Metadata failed:" Write-output " An exception was caught: $Message" break } function Report-CVEDataFailure ($Message) { write-output "Searching CVE data failed:" Write-output " An exception was caught: $Message" break } function Report-MailFailure ($Message) { write-output "Sending Report E-Mail failed:" Write-output " An exception was caught: $Message" break } function Report-CreateReportFailure ($Message) { write-output "Creating HTML Report failed:" Write-output " An exception was caught: $Message" break } function Report-CreateStatisticsFailure ($Message) { write-output "Creating Statistics Report failed:" Write-output " An exception was caught: $Message" break } function CleanUp { write-output "Ceaning Up (Deleting Feed ZIP and unzipped JSON)" Remove-Item "$PSScriptRoot\jsonfeed.*" -force Remove-Item "$PSScriptRoot\*.json" -force } function Create-HTMLHeader { $TimeStamp = $StartTimeStamp | get-date -Format "dd.MM.yyyy HH:mm" $HTMLHeader = @" <html> <head> <title>$title</title> </head> <body> <table style="width: 80%; text-align: left; margin-left: auto; margin-right: auto; border-collapse:collapse; font-family:calibri;" border="0" cellpadding="0" cellspacing="0"> <tr> <td style="font-size: large; background-color: #004578; color: #ffffff; font-weight: bold; border:solid #004578; border-width: 3px 3px 3px 3px;"><center><b>CVE Report $TimeStamp<b></center></td> </tr> </table> <br> "@ return $HTMLHeader } function Create-HTMLFooter { $HTMLFooter = @" </body> </html> "@ return $HTMLFooter } function Create-CVEReportEntry ($CVEID, $CVEDescription, $CVEReferences, $CVEAssigner, $CVEDate, $CVEModifiedDate, $CVEMetrics) { $CVEDetailPageURL = "https://nvd.nist.gov/vuln/detail/" foreach ($CVEReference in $CVEReferences) { $CVERefHTML += @" <tr><td colspan= "2" style="background-color: #F8F8F8; color: #585858; border:solid #787878; border-width: 1px 1px 1px 1px;"><li><a href="$CVEReference">$CVEReference</a></li></td></tr> "@ } $CVEDetails = @" <tr> <td colspan= "2" style="background-color: #787878; color: #ffffff; font-weight: bold; border:solid #787878; border-width: 3px 3px 3px 3px;">CVE Details (if not displayed, wait till CVE is updated)</td> </tr> "@ foreach ($CVEMetric in $CVEMetrics.GetEnumerator()) { $CVEDetails += @" <tr> <td style="width: 50%; background-color: #F8F8F8; color: #454545; border:solid #787878; border-width: 1px 1px 1px 1px;">$($CVEMetric.Name)</td> <td style="width: 50%; background-color: #F8F8F8; color: #454545; border:solid #787878; border-width: 1px 1px 1px 1px;">$($CVEMetric.Value)</td> </tr> "@ } $CVEHTML = @" <table style="width: 80%; text-align: left; margin-left: auto; margin-right: auto; border-collapse:collapse; font-family:calibri;" border="0" cellpadding="0" cellspacing="0"> <tr> <td style="background-color: #004578; color: #ffffff; font-weight: bold; border:solid #004578; border-width: 3px 3px 3px 3px;">CVE-ID</td> <td style="background-color: #004578; color: #ffffff; font-weight: bold; border:solid #004578; border-width: 3px 3px 3px 3px;">CVE URL</td> </tr> <tr> <td style="font-size: large; background-color: #F8F8F8; color: #000000; border:solid #787878; border-width: 1px 1px 1px 1px;"><b>$CVEID</b></td> <td style="background-color: #F8F8F8; color: #585858; border:solid #787878; border-width: 1px 1px 1px 1px;"><a href="$CVEDetailPageURL$CVEID">$CVEDetailPageURL$CVEID</a></td> </tr> <tr> <td colspan= "2" style="background-color: #787878; color: #ffffff; font-weight: bold; border:solid #787878; border-width: 3px 3px 3px 3px;">Description</td> </tr> <tr> <td colspan= "2" style="background-color: #F8F8F8; color: #454545; border:solid #787878; border-width: 1px 1px 1px 1px;">$CVEDescription</td> </tr> <tr> <td colspan= "2" style="background-color: #787878; color: #ffffff; font-weight: bold; border:solid #787878; border-width: 3px 3px 3px 3px;">References</td> </tr> $CVERefHTML <tr> <td colspan= "2" style="background-color: #787878; color: #ffffff; font-weight: bold; border:solid #787878; border-width: 3px 3px 3px 3px;">Assigning CNA</td> </tr> <tr> <td colspan= "2" style="background-color: #F8F8F8; color: #585858; border:solid #787878; border-width: 1px 1px 1px 1px;"><li>$CVEAssigner</li></td> </tr> $CVEDetails <tr> <td style="background-color: #787878; color: #ffffff; font-weight: bold; border:solid #787878; border-width: 3px 3px 3px 3px;">Date Record Created</td> <td style="background-color: #787878; color: #ffffff; font-weight: bold; border:solid #787878; border-width: 3px 3px 3px 3px;">Date Record Modified</td> </tr> <tr> <td style="width: 50%; background-color: #F8F8F8; color: #454545; border:solid #787878; border-width: 1px 1px 1px 1px;">$CVEDate</td> <td style="width: 50%; background-color: #F8F8F8; color: #454545; border:solid #787878; border-width: 1px 1px 1px 1px;">$CVEModifiedDate</td> </tr> </table> <br> "@ return $CVEHTML } function NothingToDoHTML { $HTML = @" <table style="width: 80%; text-align: left; margin-left: auto; margin-right: auto; border-collapse:collapse; font-family:calibri;" border="0" cellpadding="0" cellspacing="0"> <tr> <td style="background-color: #004578; color: #ffffff; font-weight: bold; border:solid #004578; border-width: 3px 3px 3px 3px;"><b>Lucky You, no new CVEs today!</b></td> </tr> <tr> <td style="background-color: #F8F8F8; color: #454545; border:solid #787878; border-width: 1px 1px 1px 1px;"> <center> <p>Missing CVEs? Try to specify more or other search patterns.</p> <p>Free time cause no Vulnerabilities need to be fixed? Visit FrankysWeb :-)</p> <p><center><a href="https://frankysweb.de">www.FrankysWeb.de</a></center></p> </center> </td> </tr> </table> <br> "@ return $HTML } function Create-HTMLStats ($FeedCVECount, $CVEsToReportCount, $TotalCVEsReportedCount, $NewCVEsToReportCount, $ScriptDuration, $SearchPatternList, $CVEUpdateCount, $CVENoChangeCount) { $HTML = @" <table style="width: 80%; text-align: left; margin-left: auto; margin-right: auto; border-collapse:collapse; font-family:calibri;" border="0" cellpadding="0" cellspacing="0"> <tr> <td colspan= "2" style="background-color: #004578; color: #ffffff; font-weight: bold; border:solid #004578; border-width: 3px 3px 3px 3px;">Statistics</td> </tr> <tr> <td style="width: 50%; background-color: #F8F8F8; color: #454545; border:solid #787878; border-width: 1px 1px 1px 1px;">Total CVEs in CVE Feed</td> <td style="width: 50%; background-color: #F8F8F8; color: #454545; border:solid #787878; border-width: 1px 1px 1px 1px;">$FeedCVECount</td> </tr> <tr> <td style="width: 50%; background-color: #F8F8F8; color: #454545; border:solid #787878; border-width: 1px 1px 1px 1px;">CVEs matches search patterns</td> <td style="width: 50%; background-color: #F8F8F8; color: #454545; border:solid #787878; border-width: 1px 1px 1px 1px;">$CVEsToReportCount</td> </tr> <tr> <td style="width: 50%; background-color: #F8F8F8; color: #454545; border:solid #787878; border-width: 1px 1px 1px 1px;">Total Reported CVEs</td> <td style="width: 50%; background-color: #F8F8F8; color: #454545; border:solid #787878; border-width: 1px 1px 1px 1px;">$TotalCVEsReportedCount</td> </tr> <tr> <td style="width: 50%; background-color: #F8F8F8; color: #454545; border:solid #787878; border-width: 1px 1px 1px 1px;">New CVEs included in Report</td> <td style="width: 50%; background-color: #F8F8F8; color: #454545; border:solid #787878; border-width: 1px 1px 1px 1px;">$NewCVEsToReportCount</td> </tr> <tr> <td style="width: 50%; background-color: #F8F8F8; color: #454545; border:solid #787878; border-width: 1px 1px 1px 1px;">Updated CVEs included in Report</td> <td style="width: 50%; background-color: #F8F8F8; color: #454545; border:solid #787878; border-width: 1px 1px 1px 1px;">$CVEUpdateCount</td> </tr> <tr> <td style="width: 50%; background-color: #F8F8F8; color: #454545; border:solid #787878; border-width: 1px 1px 1px 1px;">Unchanged CVEs included in Feed</td> <td style="width: 50%; background-color: #F8F8F8; color: #454545; border:solid #787878; border-width: 1px 1px 1px 1px;">$CVENoChangeCount</td> </tr> <tr> <td style="width: 50%; background-color: #F8F8F8; color: #454545; border:solid #787878; border-width: 1px 1px 1px 1px;">Script duration in seconds</td> <td style="width: 50%; background-color: #F8F8F8; color: #454545; border:solid #787878; border-width: 1px 1px 1px 1px;">$ScriptDuration</td> </tr> <tr> <td style="width: 50%; background-color: #F8F8F8; color: #454545; border:solid #787878; border-width: 1px 1px 1px 1px;">Search patterns</td> <td style="width: 50%; background-color: #F8F8F8; color: #454545; border:solid #787878; border-width: 1px 1px 1px 1px;">$SearchPatternList</td> </tr> </table> <br> "@ return $HTML } #Download JSON Feed try { write-output "Downloading CVE Feed" $DownloadFeed = Invoke-WebRequest $NISTFeedURL -OutFile "$PSScriptRoot\jsonfeed.zip" } catch { Report-DownloadFailure $_.Exception.Message $NISTFeedURL } #Unzip JSON Feed try { write-output "Unzip CVE Data" $Expand = Expand-Archive "$PSScriptRoot\jsonfeed.zip" -DestinationPath $PSScriptRoot -Force -ErrorAction Stop } catch { Report-UnzipFailure $_.Exception.Message "$PSScriptRoot\jsonfeed.zip" } #Load JSON File try { write-output "Importing JSON data" $FeedData = get-content "$PSScriptRoot\nvdcve-1.1-recent.json" -ErrorAction Stop | ConvertFrom-Json -ErrorAction Stop } catch { Report-JSONLoadFailure $_.Exception.Message "$PSScriptRoot\nvdcve-1.1-recent.json" } #Feed Metadata try { $FeedTimeStamp = $FeedData.CVE_data_timestamp | get-date $FeedCVECount = $FeedData.CVE_data_numberOfCVEs write-Output "Feed TimeStamp: $FeedTimeStamp" write-Output "Feed CVE Count: $FeedCVECount" } catch { Report-MetadataLoadFailure $_.Exception.Message } #Query Feed Data try { write-Output "Searching Patterns in CVE Data" $CVEsToReport = @() $CVEList = $FeedData.CVE_Items foreach ($SearchPattern in $SearchPatternList) { foreach ($CVE in $CVEList) { $CVEDescription = $CVE.cve.description.description_data.value if ($CVEDescription -like $SearchPattern) { $CVEID = $CVE.cve.CVE_data_meta.id $CVEsToReport += $CVEID write-Output "$CVEID matches Pattern $SearchPattern" } } } } catch { Report-CVEDataFailure $_.Exception.Message } #Load already reported CVEs from File (if exists) if (test-path "$PSScriptRoot\ReportedCVEs.csv") { $ReportedCSVs = Import-Csv "$PSScriptRoot\ReportedCVEs.csv" -Header CVEID,CVEReportTimeStamp -delimiter ";" } #Report CVEs write-Output "Reporting CVEs" $CVEsToReportCount = $CVEsToReport.count $TotalCVEsReportedCount = $ReportedCSVs.count [int]$NewCVEsToReportCount = 0 [int]$CVEUpdateCount = 0 [int]$CVENoChangeCount = 0 foreach ($CVEID in $CVEsToReport) { $CVEReportTimeStamp = get-date -Format "yyyyMMddHH" $CVE = $CVEList | where {$_.cve.CVE_data_meta.id -eq $CVEID} $CVELastUpdate = $CVE.lastModifiedDate | get-date -Format "yyyyMMddHH" if ($ReportedCSVs.CVEID -contains $CVEID) { $CVEReportDate = ($ReportedCSVs | where {$_.CVEID -match $CVEID}).CVEReportTimeStamp if ($CVELastUpdate -le $CVEReportDate) { write-output "$CVEID already reported and not modified, not sending CVE again" $AddCVEtoReport = $False $CVENoChangeCount++ } if ($CVELastUpdate -ge $CVEReportDate) { write-output "$CVEID already reported but was modified, sending CVE again" $AddCVEtoReport = $True $CVEUpdateCount++ } } else { write-output "$CVEID was not reported yet, new CVE to send" $AddCVEtoReport = $True } if ($AddCVEtoReport -eq $True) { $CVEDescription = $cve.cve.Description.description_data.value $CVEReferences = $cve.cve.references.reference_data.url $CVEAssigner = $cve.cve.CVE_data_meta.assigner $CVEDate = $CVE.publishedDate | get-date -Format "dd.MM.yyyy HH:mm" $CVEModifiedDate = $CVE.lastModifiedDate | get-date -Format "dd.MM.yyyy HH:mm" $CVEMetrics =@{ attackVector = $CVE.impact.baseMetricV3.cvssV3.attackVector; attackComplexity = $CVE.impact.baseMetricV3.cvssV3.attackComplexity; privilegesRequired = $CVE.impact.baseMetricV3.cvssV3.privilegesRequired; userInteraction = $CVE.impact.baseMetricV3.cvssV3.userInteraction; confidentialityImpact = $CVE.impact.baseMetricV3.cvssV3.confidentialityImpact; integrityImpact = $CVE.impact.baseMetricV3.cvssV3.integrityImpact; availabilityImpact = $CVE.impact.baseMetricV3.cvssV3.availabilityImpact; baseScore = $CVE.impact.baseMetricV3.cvssV3.baseScore; baseSeverity = $CVE.impact.baseMetricV3.cvssV3.baseSeverity } $CVEReport += Create-CVEReportEntry $CVEID $CVEDescription $CVEReferences $CVEAssigner $CVEDate $CVEModifiedDate $CVEMetrics $NewCVEsToReportCount++ "$CVEID;$CVEReportTimeStamp" | add-content "$PSScriptRoot\ReportedCVEs.csv" } } #ScriptFinishedTime $StartFinishedStamp = get-date #Write Stats try { $ScriptDuration = ($StartFinishedStamp - $StartTimeStamp).Seconds write-Output "Total CVEs in this Feed: $FeedCVECount" write-output "CVEs matches search patterns: $CVEsToReportCount" write-output "Total reported CVEs: $TotalCVEsReportedCount" write-output "Updated CVEs in this Feed: $CVEUpdateCount" write-output "CVEs with no Update in this Feed: $CVENoChangeCount" write-output "New CVEs to report: $NewCVEsToReportCount" write-output "Script running time in seconds: $ScriptDuration" $StatisticsReport = Create-HTMLStats $FeedCVECount $CVEsToReportCount $TotalCVEsReportedCount $NewCVEsToReportCount $ScriptDuration $SearchPatternList $CVEUpdateCount $CVENoChangeCount } catch { Report-CreateStatisticsFailure $_.Exception.Message } #Create HTML Report try { if ($NewCVEsToReportCount -ge 1) { $HTMLReport = Create-HTMLHeader $HTMLReport += $CVEReport $HTMLReport += $StatisticsReport $HTMLReport += Create-HTMLFooter } else { $HTMLReport = Create-HTMLHeader $HTMLReport += NothingToDoHTML $HTMLReport += $StatisticsReport $HTMLReport += Create-HTMLFooter } } catch { Report-CreateReportFailure $_.Exception.Message } #Send report try { write-output "Sending Report" send-mailmessage -encoding UTF8 -from $Sender -to $Recipient -subject "$Subject" -smtpserver $SMTPServer -BodyAsHtml -Body $HTMLReport -ErrorAction Stop } catch { Report-MailFailure $_.Exception.Message } #Run the CleanUp function CleanUp Zitieren Link zu diesem Kommentar
NorbertFe 2.045 Geschrieben 16. Juni 2023 Melden Teilen Geschrieben 16. Juni 2023 vor 2 Minuten schrieb pz6j89: Ich nutze auf meinem Windows Server 2016 den CVE-Reporter von FrankysWeb vor 2 Minuten schrieb pz6j89: Daher meine Frage hier. Evtl. habt ihr ja eine Idee. Wäre es dann nicht günstiger ggf. direkt den Autor des Skripts in seinem Forum zu fragen? Zitieren Link zu diesem Kommentar
pz6j89 10 Geschrieben 16. Juni 2023 Autor Melden Teilen Geschrieben 16. Juni 2023 Hmmm. Nach deiner Nachricht ist mir aufgefallen dass er ja tatsächlich ein Forum hat Ich hab die Anfrage unterhalb der Seite in die Kommentare damals gepostet. Evtl. ist das deshalb untergegangen. Dann werde ich dass auch da mal im Forum posten Zitieren Link zu diesem Kommentar
Sunny61 806 Geschrieben 16. Juni 2023 Melden Teilen Geschrieben 16. Juni 2023 vor 9 Minuten schrieb pz6j89: Dann werde ich dass auch da mal im Forum posten Und die Antwort bzw. Lösung darfst Du natürlich sehr gerne hier posten, nicht dass es einen weiteren ungelösten Thread gibt. Danke. ;) Zitieren Link zu diesem Kommentar
pz6j89 10 Geschrieben 16. Juni 2023 Autor Melden Teilen Geschrieben 16. Juni 2023 Selbstverständlich. Ich versuche mich auf jeden Fall daran zu erinnern. Zitieren Link zu diesem Kommentar
daabm 1.356 Geschrieben 18. Juni 2023 Melden Teilen Geschrieben 18. Juni 2023 Hab mir das mal angeschaut... (Erzeugt mit https://github.com/daabm/PowerShell/blob/master/Scripts/Test-TcpPorts.ps1 ) Die bieten eine extrem eingeschränkte Auswahl von Cipher Suites an - https://www.ssllabs.com/ssltest/analyze.html?d=nvd.nist.gov Möglicherweise hat Powershell/Invoke-WebRequest damit ein Problem. Für nähere Diagnose fehlt mir grad die Konzentration. Zitieren Link zu diesem Kommentar
Empfohlene Beiträge
Schreibe einen Kommentar
Du kannst jetzt antworten und Dich später registrieren. Falls Du bereits ein Mitglied bist, logge Dich jetzt ein.