How to find different XPATH values by website

Question

# import selenium
from selenium import webdriver
# lets you use the any by element statements
from selenium.webdriver.common.by import By
# start the webdriver for chrome
from selenium.webdriver.chrome.service import Service
# import locate_with for above, below
from selenium.webdriver.support.relative_locator import locate_with
# declare the path as the service using the letter s
s = Service('C:\ChromeDriver\chromedriver.exe')
# declare the web driver using the service as the browser
driver = webdriver.Chrome(service=s)

# declare the URL
url = 'https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42321'
# get the url referenced above using the browser.get
driver.get(url)
# tells the driver to wait 10 seconds so the page can load the "DOM"
driver.implicitly_wait(10)

VN = driver.find_element(By.XPATH, '//h1').text
print("System Impacted: " + VN)
CVSS = driver.find_element(By.XPATH, '//*[@id="title"]/div/div/div/div[3]/div[1]/div/div/label').text
print("CVSS Detail is: " + CVSS)

**AV = driver.find_element(By.XPATH, '//summary[normalize-space()="Network"]').text
print("Attack Vector: " + AV)**

I am attempting to scan a URL and get relative information on the "attack vector" field

One of these is finding the value of the attack vector in different vulnerabilities - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42321

Each xpath is different for a CVE such as:

//summary[normalize-space()="Network"] or 
//summary[normalize-space()="Local"] or 
//summary[normalize-space()="Physical"]

when I input a different URL for the CVE each time, I want to print out one of those attack vectors depending on what the URL catches for the attack vector associated with the CVE

**AV = driver.find_element(By.XPATH, '//summary[normalize-space()="Network"]').text print("Attack Vector: " + AV)** I want it to print either "Network", "Local", or "Physical" according to the vulnerability link. For the instance "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43209" the attack vector would be "local". — Jay, Dec 08 '21 at 21:16
//div[@role='gridcell' and .//summary[contains(.,'Attack Vector')]]/following::div[1]//summary would always find the summary after the Attack vector whether it be Network, Local or Physical. — Arundeep Chohan, Dec 08 '21 at 21:44
I got this error: AV = driver.find_element(By.XPATH, '//div[@role='gridcell' and .//summary[contains(.,'Attack Vector')]]/following::div[1]//summary').text ^^^^^^^^^^^^^^^^^^^^^^ SyntaxError: invalid syntax. Perhaps you forgot a comma? — Jay, Dec 08 '21 at 21:46
Use "//div[@role='gridcell' and .//summary[contains(.,'Attack Vector')]]/following::div[1]//summary" — Arundeep Chohan, Dec 08 '21 at 21:49
You either use "" or '' for the outside and then the opposite for the inside. — Arundeep Chohan, Dec 08 '21 at 21:49
@ArundeepChohan Was there an app for you to find this XCODE, or did you get this off the top of your head? — Jay, Dec 09 '21 at 01:01
@ArundeepChohan Do you have a way to just grab the "7.8" associated with the CVSS for msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43209 when it gets printed? So far I have "print("CVSS Detail is: " + WebDriverWait(driver, 20).until(EC.visibility_of_element_located((By.XPATH, "//label[starts-with(@class, 'ms-Label') and starts-with(., 'CVSS')]"))).text)" but it prints "CVSS Detail is : CVSS:3.1 7.8 / 6.8" — Jay, Dec 09 '21 at 18:03

undetected Selenium · Answer 1 · 2021-12-08T22:07:54.263

You can use the following Locator Strategies:

CVE-2021-42321

Code Block:

driver.get("https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42321")
print("System Impacted: " + WebDriverWait(driver, 20).until(EC.visibility_of_element_located((By.XPATH, "//h1[text()]"))).text)
print("CVSS Detail is: " + WebDriverWait(driver, 20).until(EC.visibility_of_element_located((By.XPATH, "//label[starts-with(@class, 'ms-Label') and starts-with(., 'CVSS')]"))).text)
WebDriverWait(driver, 20).until(EC.element_to_be_clickable((By.XPATH, "//summary[contains(., 'Attack Vector')]//following::summary[1]"))).click()
print("Attack Vector: " + WebDriverWait(driver, 20).until(EC.visibility_of_element_located((By.XPATH, "//summary[contains(., 'Attack Vector')]//following::summary[1]//following-sibling::div[1]/div"))).text)
driver.quit()

Console Output:

System Impacted: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS Detail is: CVSS:3.1 8.8 / 7.7
Attack Vector: The vulnerable component is bound to the network stack and the set of possible attackers extends beyond the other options listed, up to and including the entire Internet. Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers).

CVE-2021-43209

Code Block:

driver.get("https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43209")
print("System Impacted: " + WebDriverWait(driver, 20).until(EC.visibility_of_element_located((By.TAG_NAME, "h1"))).text)
print("CVSS Detail is: " + WebDriverWait(driver, 20).until(EC.visibility_of_element_located((By.XPATH, "//label[starts-with(@class, 'ms-Label') and starts-with(., 'CVSS')]"))).text)
WebDriverWait(driver, 20).until(EC.element_to_be_clickable((By.XPATH, "//summary[contains(., 'Attack Vector')]//following::summary[1]"))).click()
print("Attack Vector: " + WebDriverWait(driver, 20).until(EC.visibility_of_element_located((By.XPATH, "//summary[contains(., 'Attack Vector')]//following::summary[1]//following-sibling::div[1]/div"))).text)
driver.quit()

Console Output:

System Impacted: 3D Viewer Remote Code Execution Vulnerability
CVSS Detail is: CVSS:3.1 7.8 / 6.8
Attack Vector: The vulnerable component is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or remotely (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., tricking a legitimate user into opening a malicious document)

Note: You have to add the following imports :

from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.common.by import By
from selenium.webdriver.support import expected_conditions as EC

Think he wanted the element to the right of it. Like there's a Metric and Value. — Arundeep Chohan, Dec 08 '21 at 22:10
Yes, either it would be Network, Local or Physical and that's the reason I didn't hardcore it. Used `following` and `following-sibling` — undetected Selenium, Dec 08 '21 at 22:12

How to find different XPATH values by website

1 Answers1