Patton-cli

patton-cli is a Patton Client, born with the objective to be a Swiss knife for system admins and security auditors, it could be filled with many different sources and report in many formats, being a great choice for scripting.

Installation

Note

patton-cli needs a patton-server, so be sure that you have the server already running!

With pip

This is the easiest way of installing patton-cli:

> python3.6 -m pip install patton-cli

With Docker

patton-cli module includes a Dockerfile to generate a docker image. It can install patton-cli from either the pypi release, the github head, or from the current working directory. It accepts a build-arg for chose. Run one of:

docker build -t patton-cli . --build-arg source=cwd
docker build -t patton-cli . --build-arg source=github
docker build -t patton-cli . --build-arg source=pypi

There’s already a published image ready to pull and run.

Getting help

patton-cli has self-explained doc:

> patton -h

usage: patton [-h] [-v] [--patton-host PATTON_HOST] [-F {table,json,csv}] [-q]
          [-i FROM_FILE] [-o OUTPUT_FILE]
          [-e {python,alpine,simple_parser,auto,nmap,dpkg}] [-s] [-D] [-B]
          [-t {auto,nmap}] [-f]
          [INPUT_LIST [INPUT_LIST ...]]

Patton cli

positional arguments:
  INPUT_LIST

optional arguments:
  -h, --help            show this help message and exit
  -v                    log level
  --patton-host PATTON_HOST
                        patton server host
  -F {table,json,csv}, --display-format {table,json,csv}
                        display format options
  -q, --quiet           do not display any information in stdout
  -i FROM_FILE, --from-file FROM_FILE
                        output file for results
  -o OUTPUT_FILE, --output-file OUTPUT_FILE
                        results file. formats: csv, json, raw
  -e {python,alpine,simple_parser,auto,nmap,dpkg}, --source-type {python,alpine,simple_parser,auto,nmap,dpkg}
                        use specific source parser
  -s, --skip-on-fail    doesn't abort execution on dependency check fail

Working modes:
  -D, --dependency      check libraries and versions (default)
  -B, --banner          check banners (currently experimental)

Specific option for banners:
  -t {auto,nmap}, --banner-type {auto,nmap}
                        http, ftp, ...-
  -f, --follow          read from stdin and do a continuously check

Examples:

  * Checking specific library and output as table:
    > patton django:1.2 flask:1.1.0

  * Checking Python installed dependencies and output as CSV:
    > pip freeze | patton -F csv
    or
    > patton -F csv -i requirements.txt

  * Checking ubuntu dependencies display as table and dump in json file:
    > dpkg -l | patton -e dpkg -F table -o results.json

Usage examples

Quick example

> patton django:1.9

+------------+-------------------------------------+---------------------+
| Name       | CPEs                                | CVEs                |
+------------+-------------------------------------+---------------------+
| django:1.9 | cpe:/a:djangoproject:django:1.9:rc2 | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7234 (5.8) |
|            | ----------------------------------- | ------------------- |
|            | cpe:/a:djangoproject:django:1.9:rc2 | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7234 (5.8) |
|            | ----------------------------------- | ------------------- |
|            | cpe:/a:djangoproject:django:1.9:rc2 | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7234 (5.8) |
|            | ----------------------------------- | ------------------- |
|            | cpe:/a:djangoproject:django:1.9:rc2 | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7234 (5.8) |
|            | ----------------------------------- | ------------------- |
|            | cpe:/a:djangoproject:django:1.9:rc1 | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            | ----------------------------------- | ------------------- |
|            | cpe:/a:djangoproject:django:1.9:rc1 | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            | ----------------------------------- | ------------------- |
|            | cpe:/a:djangoproject:django:1.9:rc1 | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            | ----------------------------------- | ------------------- |
|            | cpe:/a:djangoproject:django:1.9:rc1 | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            | ----------------------------------- | ------------------- |
|            | cpe:/a:djangoproject:django:1.9:b1  | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            | ----------------------------------- | ------------------- |
|            | cpe:/a:djangoproject:django:1.9:b1  | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
+------------+-------------------------------------+---------------------+

Getting vulnerabilities from different sources

From Ubuntu

> dpkg -l | patton -e dpkg

From Brew

> brew list --versions | patton

From Alpine

> apk version -v | patton -e alpine

From python requirements

> pip freeze | patton -e python

or

> cat requirements.txt | patton -e python

or

> patton -i requirements.txt -e python

From Golang requirements

> cat Gopkg.lock | patton -e golang

Formatting the output

Patton-cli can display results in these formats:

  • Table
  • JSON
  • CSV
> cat requirements.txt | patton -e python -F csv
> cat requirements.txt | patton -e python -F json
> cat requirements.txt | patton -e python -F table

Exporting results

Patton-cli can export the results in format:

  • Raw (table)
  • JSON
  • CSV

The format of file is determined by the extension:

> cat requirements.txt | patton -e python -o report.json
> cat requirements.txt | patton -e python -o report.csv
> cat requirements.txt | patton -e python -o report.raw

Quiet mode

If you don’t want that Patton-cli reports anything by the terminal, you can use -q option:

> cat requirements.txt | patton -e python -q -o report.csv

Some funny examples

Listing dependencies and check te vulns:

> dpkg -l | tee patton -e dpkg -q -o reports.csv

Finding critical vulnerabilities:

> dpkg -l | patton -e dpkg -F csv | grep "10\.0" > critial_vulns.txt