cve-search v4.0 releases: perform local searches for known vulnerabilities
cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs.
The main objective of the software is to avoid doing the direct and public lookup into the public CVE databases. This is usually faster to do local lookups and limits your sensitive queries via the Internet.
cve-search includes a back-end to store vulnerabilities and related information, an intuitive web interface for search and managing vulnerabilities, a series of tools to query the system, and a web API interface.
cve-search is used by many organizations including the public CVE services of CIRCL.
cve-search has been significantly improved and especially the Web interface has been rewritten from scratch. Many additional improvements
in the importer script which allow to reimport the full dataset in a fast way. The documentation has been also improved to ease the installation process for new users.
A huge thanks to all the contributors.
git clone https://github.com/cve-search/cve-search.git
sudo pip3 install -r requirements.txt
For the initial run, you need to populate the CVE database by running:
It will fetch all the existing XML files from the Common Vulnerabilities and Exposures database and the Common Platform Enumeration. The initial Common Platform Enumeration (CPE) import might take some time depending on your configuration.
If you want to add the cross-references from NIST, Red Hat and other vendors:
Databases and collections
The MongoDB database is called cvedb and there are 11 collections:
- cves (Common Vulnerabilities and Exposure items) – source NVD NIST
- cpe (Common Platform Enumeration items) – source NVD NIST
- cwe (Common Weakness Enumeration items) – source NVD NIST
- capec (Common Attack Pattern Enumeration and Classification) – source NVD NIST
- ranking (ranking rules per group) – local cve-search
- d2sec (Exploitation reference from D2 Elliot Web Exploitation Framework) – source d2sec.com
- MITRE Reference Key/Maps – source MITRE reference Key/Maps
- ms – (Microsoft Bulletin (Security Vulnerabilities and Bulletin)) – source Microsoft
- exploitdb (Offensive Security – Exploit Database) – source offensive security
- info (metadata of each collection like last-modified) – local cve-search
- via4 VIA4CVE cross-references.
The Redis database has 3 databases:
- 10: The cpe (Common Platform Enumeration) cache – source MongoDB cvedb collection cpe
- 11: The notification database – source cve-search
- 12: The CVE reference database is a cross-reference database to CVE ids against various vendors ID – source NVD NIST/MITRE
The reference database has 3 additional sources:
- MITRE Reference Key/Maps.
- Red Hat RPM to CVE database.
- Red Hat RHSA Oval database.
Updating the database
Repopulating the database
To easily drop and re-populate all the databases
./sbin/db_updater.py -v -f
This will drop all the existing external sources and reimport everything. This operation can take some time and it’s usually only required when new attributes parsing are added in cve-search.
You can search the database using search.py
./bin/search.py -p cisco:ios:12.4
./bin/search.py -p cisco:ios:12.4 -o json
./bin/search.py -f nagios -n
./bin/search.py -p microsoft:windows_7 -o html
If you want to search all the WebEx vulnerabilities and only printing the official references from the supplier.
./bin/search.py -p webex: -o csv -v “cisco”
You can also dump the JSON for a specific CVE ID.
./bin/search.py -c CVE-2010-3333
Copyright (c) 2012 Wim Remes – https://github.com/wimremes/
Copyright (c) 2012-2020 Alexandre Dulaunoy – https://github.com/adulau/
Copyright (c) 2015-2019 Pieter-Jan Moreels – https://github.com/pidgeyl/
Copyright (c) 2020 Paul Tikken – https://github.com/P-T-I