-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathapp.R
134 lines (115 loc) · 4.36 KB
/
app.R
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# EPSScall
# Russ McRee, russ at holisticinfosec dot io
# v1 09JUN2022
library(DT)
library(jsonlite)
library(plotly)
library(shiny)
library(shinyjs)
library(shinythemes)
library(tidyverse)
ui <- fluidPage(theme = shinytheme("cerulean"),
useShinyjs(),
id = "form",
navbarPage(title = "EPSScall"),
sidebarLayout(
sidebarPanel(
h3("Queries:"),
textInput("txt1", "CVE:", ""),
textInput("txt2", "Date:", ""),
textInput("txt3", "EPSS greater than:", ""),
textInput("txt4", "Percentile greater than:", ""),
actionButton("search", "Search"),
downloadButton("download", "Download"),
br(),
br(),
actionButton("resetAll", "Reset all"),
br(),
br(),
p(strong("Notes:"),br(),
"Input", strong("CVE"), "as CVE-YYYY-nnnn", br(),
"Input", strong("Date"), "as YYYY-MM-DD", br(),
"Input", strong("EPSS greater than"), "as 0.nn and",
strong("Percentile greater than"), "as 0.nn"),
p(strong("Project:"),br(),
a("GitHub", href = "https://github.com/holisticinfosec/EPSScall"), br(),
a("Author", href = "https://twitter.com/holisticinfosec"))),
mainPanel(
tabsetPanel(type = "tabs",
tabPanel("Query", br(),
p("The Exploit Prediction Scoring System (EPSS)
is an open, data-driven effort for estimating
the likelihood (probability) that a software
vulnerabilities will be exploited in the wild."),
p("The EPSS", a("model",
href = "https://www.first.org/epss/model"),
"produces a probability score
between 0 and 1 (0 and 100%). The higher the
score, the greater the probability that a
vulnerability will be exploited."),
p("Reference:",
a("EPSS API", href = "https://www.first.org/epss/api")),
h3("Search Results"),
DT::dataTableOutput("tblOutput")),
tabPanel("Timeline", br(), dataTableOutput("timeOutput")),
tabPanel("Graph", br(), br(), p("Currently, only one CVE can be plotted at a time."),
plotlyOutput("graph"),
tags$style(type="text/css",
".shiny-output-error { visibility: hidden; }",
".shiny-output-error:before { visibility: hidden; }"
)
)
)
)
))
server <- function(input, output, session) {
# EPSS CVEs logic
get_cves <- function(search) {
url <- paste0("https://api.first.org/data/v1/epss?","cve=", input$txt1,
"&date=",input$txt2,"&epss-gt=", input$txt3,"&percentile-gt=",
input$txt4)
EPSS_list <- fromJSON(url, flatten = TRUE)
df <- EPSS_list$data
}
cves <- reactive({
query <- isolate(input$txt1)
get_cves(query)
})
output$tblOutput <- DT::renderDT(cves())
output$download <- downloadHandler(
filename = function(){"EPSSresults.csv"},
content = function(fname){
write.csv(cves(), fname)
})
# timeline logic
get_timeline <- function(search) {
url <- paste0("https://api.first.org/data/v1/epss?","cve=", input$txt1,
"&scope=time-series")
time_list <- fromJSON(url, flatten = FALSE)
df <- as.data.frame(time_list$data$`time-series`)
}
timeline <- reactive({
queryT <- isolate(input$txt1)
get_timeline(queryT)
})
output$timeOutput <- DT::renderDT(timeline())
# visualize timeline logic
output$graph <- renderPlotly({
url <- paste0("https://api.first.org/data/v1/epss?","cve=", input$txt1,
"&scope=time-series")
time_list <- fromJSON(url, flatten = FALSE)
df <- as.data.frame(time_list$data$`time-series`)
x <- df$date
y <- df$epss
data <- data.frame(x, y)
plot_ly(data, x = ~x, y = ~y, type = 'scatter', mode = 'lines')%>%
layout(title = list(text = "Timeline", x = 0.3),
xaxis = list(title = list(text ='Date')),
yaxis = list(title = list(text ='EPSS')))
})
# Reset input
observeEvent(input$resetAll, {
reset("form")
})
}
shinyApp(ui, server)