cve-search

cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into MongoDB to facilitate the search and processing of CVEs.

The main objective of the software is to avoid doing the direct and public lookup into the public CVE databases. This is usually faster to do local lookups and limits your sensitive queries via the Internet.

cve-search includes a back-end to store vulnerabilities and related information, an intuitive web interface for searching and managing vulnerabilities, a series of tools to query the system, and a web API interface.

cve-search is used by many organizations including the public CVE services of CIRCL.

Changelog v5.0

cve-search v5.0.0 released with major improvements for the NVD NIST API import, other improvements and many bugs fixed.

The update is now done via CveXplore.

• Configurable DownloadMaxWorkers (#890) by @oh2fih in #998
• Update requirements.txt by @nsmfoo in #1002
• Rewrite of database update to use NVD NIST API from cvexplore lib by @P-T-I in #1010
• wrong key when populating redis cache by @P-T-I in #1019
• mongodb connections by @P-T-I in #1022
• Pass mongodb connection string when initialize CveXplore by @baonq-me in #1030
• Use count_documents() to count mongo documents instead of old and deprecated count() by @baonq-me in #1032
• Fixed Inappropriate Logical Expression by @fazledyn-or in #1031
• Improve CVEs search speed in bin/search.py by @baonq-me in #1033
• Fix counting results when searching for CVE using cli by @baonq-me in #1034

Installation

git clone https://github.com/cve-search/cve-search.git
cd cve-search
sudo pip3 install -r requirements.txt
Install mongodb

Usage

For the initial run, you need to populate the CVE database by running:

./sbin/db_mgmt.py -p
./sbin/db_mgmt_cpe_dictionary.py
./sbin/db_updater.py -c

It will fetch all the existing XML files from the Common Vulnerabilities and Exposures database and the Common Platform Enumeration. The initial Common Platform Enumeration (CPE) import might take some time depending on your configuration.

If you want to add the cross-references from NIST, Red Hat and other vendors:

./sbin/db_mgmt_ref.py

Databases and collections

The MongoDB database is called cvedb and there are 11 collections:

• cves (Common Vulnerabilities and Exposure items) – source NVD NIST
• cpe (Common Platform Enumeration items) – source NVD NIST
• cwe (Common Weakness Enumeration items) – source NVD NIST
• capec (Common Attack Pattern Enumeration and Classification) – source NVD NIST
• ranking (ranking rules per group) – local cve-search
• d2sec (Exploitation reference from D2 Elliot Web Exploitation Framework) – source d2sec.com
• MITRE Reference Key/Maps – source MITRE reference Key/Maps
• ms – (Microsoft Bulletin (Security Vulnerabilities and Bulletin)) – source Microsoft
• exploitdb (Offensive Security – Exploit Database) – source offensive security
• info (metadata of each collection like last-modified) – local cve-search
• via4 VIA4CVE cross-references.

The Redis database has 3 databases:

• 10: The cpe (Common Platform Enumeration) cache – source MongoDB cvedb collection cpe
• 11: The notification database – source cve-search
• 12: The CVE reference database is a cross-reference database to CVE ids against various vendors ID – source NVD NIST/MITRE

The reference database has 3 additional sources:

• MITRE Reference Key/Maps.
• Red Hat RPM to CVE database.
• Red Hat RHSA Oval database.

Updating the database

./sbin/db_updater.py -v

Repopulating the database

To easily drop and re-populate all the databases

./sbin/db_updater.py -v -f

This will drop all the existing external sources and reimport everything. This operation can take some time and it’s usually only required when new attributes parsing are added in cve-search.

You can search the database using search.py

./bin/search.py -p cisco:ios:12.4
./bin/search.py -p cisco:ios:12.4 -o json
./bin/search.py -f nagios -n
./bin/search.py -p microsoft:windows_7 -o html

If you want to search all the WebEx vulnerabilities and only printing the official references from the supplier.

./bin/search.py -p webex: -o csv -v “cisco”

You can also dump the JSON for a specific CVE ID.

./bin/search.py -c CVE-2010-3333

Advanced Tutorial

Copyright (c) 2012 Wim Remes – https://github.com/wimremes/
Copyright (c) 2012-2020 Alexandre Dulaunoy – https://github.com/adulau/
Copyright (c) 2015-2019 Pieter-Jan Moreels – https://github.com/pidgeyl/
Copyright (c) 2020 Paul Tikken – https://github.com/P-T-I