cve-search

cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs.

The main objective of the software is to avoid doing the direct and public lookup into the public CVE databases. This is usually faster to do local lookups and limits your sensitive queries via the Internet.

cve-search includes a back-end to store vulnerabilities and related information, an intuitive web interface for search and managing vulnerabilities, a series of tools to query the system and a web API interface.

cve-search is used by many organizations including the public CVE services of CIRCL.

Changelog v2.9

Changes

• [doc] reference to the ChangeLog updated. [Alexandre Dulaunoy]

Other

• Merge pull request #436 from noraj/patch-2. [Alexandre Dulaunoy]

  add docker ref

• Update README.md. [Alexandre Dulaunoy]

  Make it more markdown friendly.

• Add docker ref. [Alexandre ZANNI]
• Merge pull request #442 from P-T-I/fix_cpe_other. [Alexandre Dulaunoy]

  fix #441

• Fix #441. [Paul Tikken Laptop]
• Merge pull request #444 from P-T-I/capec. [Alexandre Dulaunoy]

  fix #443 and #402 and #414

• Fix #443. [Paul Tikken Laptop]
• Merge pull request #445 from P-T-I/version_bumps. [Alexandre Dulaunoy]

  version bump of cwe and capec

• Version bump of cwe. [Paul Tikken Laptop]
• Merge pull request #438 from AndreC10002/patch-2. [Alexandre Dulaunoy]

  Redis password parameter

• Redis password parameter. [AndreC10002]

  Redis password parameter

Installation

git clone https://github.com/cve-search/cve-search.git
cd cve-search
sudo pip3 install -r requirements.txt
Install mongodb

Usage

For the initial run, you need to populate the CVE database by running:

./sbin/db_mgmt.py -p
./sbin/db_mgmt_cpe_dictionary.py
./sbin/db_updater.py -c

It will fetch all the existing XML files from the Common Vulnerabilities and Exposures database and the Common Platform Enumeration. The initial Common Platform Enumeration (CPE) import might take some time depending on your configuration.

If you want to add the cross-references from NIST, Red Hat and other vendors:

./sbin/db_mgmt_ref.py

Databases and collections

The MongoDB database is called cvedb and there are 11 collections:

• cves (Common Vulnerabilities and Exposure items) – source NVD NIST
• cpe (Common Platform Enumeration items) – source NVD NIST
• cwe (Common Weakness Enumeration items) – source NVD NIST
• capec (Common Attack Pattern Enumeration and Classification) – source NVD NIST
• ranking (ranking rules per group) – local cve-search
• d2sec (Exploitation reference from D2 Elliot Web Exploitation Framework) – source d2sec.com
• MITRE Reference Key/Maps – source MITRE reference Key/Maps
• ms – (Microsoft Bulletin (Security Vulnerabilities and Bulletin)) – source Microsoft
• exploitdb (Offensive Security – Exploit Database) – source offensive security
• info (metadata of each collection like last-modified) – local cve-search
• via4 VIA4CVE cross-references.

The Redis database has 3 databases:

• 10: The cpe (Common Platform Enumeration) cache – source MongoDB cvedb collection cpe
• 11: The notification database – source cve-search
• 12: The CVE reference database is a cross-reference database to CVE ids against various vendors ID – source NVD NIST/MITRE

The reference database has 3 additional sources:

• MITRE Reference Key/Maps.
• Red Hat RPM to CVE database.
• Red Hat RHSA Oval database.

Updating the database

./sbin/db_updater.py -v

Repopulating the database

To easily drop and re-populate all the databases

./sbin/db_updater.py -v -f

This will drop all the existing external sources and reimport everything. This operation can take some time and it’s usually only required when new attributes parsing are added in cve-search.

You can search the database using search.py

./bin/search.py -p cisco:ios:12.4
./bin/search.py -p cisco:ios:12.4 -o json
./bin/search.py -f nagios -n
./bin/search.py -p microsoft:windows_7 -o html

If you want to search all the WebEx vulnerabilities and only printing the official references from the supplier.

./bin/search.py -p webex: -o csv -v “cisco”

You can also dump the JSON for a specific CVE ID.

./bin/search.py -c CVE-2010-3333

Advanced Tutorial