|
CVE ("Common Vulnerabilities and Exposure") is a system developed to provide structured data for information security vulnerabilities. CVE numbers are everywhere and easy to find. When a security researcher finds a new vulnerability in a software or product, he can request a CVE number that will be assigned to his finding. The format is "CVE-yyyy-nnnn" where "yyyy" is the year of creation and "nnnn" is arbitrary digits. Note that the length is not restricted to 4 digits since 2014. Due to the growing amount of vulnerabilities, it is already possible to find 'CVE-yyyy-nnnnnn' if required for a specific year. There are many ways to search for CVE information online via websites like cvedetails.com. They propose search engines to browse CVE's based on vendors, period, severity, etc. Today, we are living in a connected world where information are accessed online but sometimes, it remains more convenient to have access to local information (stored on your computer). Having a local copy of the CVE database can be very helpful when:
cve-search is a set of Python scripts that imports CVE and CPE ("Common Platform Enumeration") into a local database. If it started with CVE's, today, many other collections are supported and can be integrated together:
The installation is straight forward and integrates perfectly with Kali (my preferred choice). On the installation done and the database populated, we can search for nice stuff. Here are some examples: Searching details for a specific vulnerability: $ ./search.py -c CVE-2014-0160 Searching detail for a specific product: $ search.py -p juniper A full-text index can be generated and maintained to search for specific information across CVE's: $ search_fulltext.py -q backdoor Even if the primary usage is to have command line tools, cve-search comes with a web interface that can be run locally: $ web/index.py * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit) * Restarting with stat
And an API is available to get JSON outputs:
$ curl http://127.0.0.:5000/api/cve/CVE-2015-8446
{
"Modified": "2015-12-10T01:00:11.573-05:00",
"Published": "2015-12-10T01:00:10.387-05:00",
"capec": [
{
"id": "24",
"name": "Filter Failure through Buffer Overflow",
"prerequisites": [
"Ability to control the length of data passed to an active filter."
],
"related_weakness": [
"120",
"119",
"118",
"74",
"20",
"680",
"733",
"697"
],
"solutions": [
<snip>
Other communication channels are also available and maybe more exotic: XMPP or IRC. The command dump_last.py can be used to generate a RSS feed: $ ./dump_last -l 5 -o rss2 They are plenty of other options that could help you to integrate CVE details with your applications or operational tasks. If you don't want to maintain your own copy of the database locally, the Luxembourg CERT (CIRCL) offers a public access to the API. Xavier Mertens |
Xme 687 Posts ISC Handler Jan 30th 2016 |
| Thread locked Subscribe |
Jan 30th 2016 6 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
