HACKERTOOLS

SECURITY ARSENAL

Back to Tools
PatchaPalooza

PatchaPalooza

ReportingUtilityDiscovery
189 stars
README

PatchaPalooza

patchapalooza.com — the interactive version is live!

This CLI tool has been superseded by patchapalooza.com, a full interactive website for exploring and analyzing Microsoft Patch Tuesday data. It covers everything this tool does — and much more. Head there for the best experience.
This repo remains available as a lightweight CLI alternative but is no longer actively maintained.
image
image

Description

PatchaPalooza uses the power of Microsoft's MSRC CVRF API to fetch, store, and analyze security update data. Designed for cybersecurity professionals, it offers a streamlined experience for those who require a quick yet detailed overview of vulnerabilities, their exploitation status, and more. This tool operates entirely offline once the data has been fetched, ensuring that your analyses can continue even without an internet connection.

Features

  • Retrieve Data: Fetches the latest security update summaries directly from Microsoft.
  • Offline Storage: Stores the fetched data for offline analysis.
  • Detailed Analysis: Analyze specific months or get a comprehensive view across months.
  • CVE Details: Dive deep into specifics of a particular CVE.
  • Exploitation Overview: Quickly identify which vulnerabilities are currently being exploited.
  • CVSS Scoring: Prioritize your patching efforts based on CVSS scores.
  • Categorized Overview: Get a breakdown of vulnerabilities based on their types.

Usage

Run PatchaPalooza without arguments to see an analysis of the current month's data:
python PatchaPalooza.py
For a specific month's analysis:
python PatchaPalooza.py --month MMM --year YYYY
For a specific year's analysis:
python PatchaPalooza.py --fullyear YYYY
For an overall statistical overview:
python PatchaPalooza.py --stats
For an analysis of vulnerabilities with a minimum cvss score (can be combined in all previous use cases):
python PatchaPalooza.py --month MMM --year YYYY --mincvss 8
To display a detailed view of a specific CVE:
python PatchaPalooza.py --detail CVE-ID
To update and store the latest data:
python PatchaPalooza.py --update

Requirements

  • Python 3.x
  • Requests library
  • Termcolor library

Credits / Contributors

@eric-therond
  • add a mincvss argument instead of an hardcoded thresold
  • add a fullyearargument to get statistics for all months of a given year
  • remove the display of not exploited vulnerabilities (can be easily guessed, it's the complement of exploited vulnerabilities)
@dinosn
  • Minor fixes for the listing of Not exploitable cases
Contributions are welcome. Please feel free to fork, modify, and make pull requests or report issues. This tool is built upon the Microsoft's MSRC CVRF API and is inspired by the work of @KevTheHermit.

Author

Alexander Hagenah

Disclaimer

This tool is meant for educational and professional purposes only. No license, so do with it whatever you like.
Quick Actions
View on GitHub
Information
Categories
Reporting, Utility, Discovery
GitHub Stars
189
Status
Verified

Comments & Reviews

(0)

Please login to leave a comment

Login to Comment

No comments yet. Be the first to share your thoughts!