cve-search

cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs.

The main objective of the software is to avoid doing the direct and public lookup into the public CVE databases. This is usually faster to do local lookups and limits your sensitive queries via the Internet.

cve-search includes a back-end to store vulnerabilities and related information, an intuitive web interface for search and managing vulnerabilities, a series of tools to query the system, and a web API interface.

cve-search is used by many organizations including the public CVE services of CIRCL.

Changelog v4.0

cve-search has been significantly improved and especially the Web interface has been rewritten from scratch. Many additional improvements
in the importer script which allow to reimport the full dataset in a fast way. The documentation has been also improved to ease the installation process for new users.

A huge thanks to all the contributors.

You can have a look at all the changes on the public instance running at https://cvepremium.circl.lu/ and the API documentation.

Installation

git clone https://github.com/cve-search/cve-search.git
cd cve-search
sudo pip3 install -r requirements.txt
Install mongodb

Usage

For the initial run, you need to populate the CVE database by running:

./sbin/db_mgmt.py -p
./sbin/db_mgmt_cpe_dictionary.py
./sbin/db_updater.py -c

It will fetch all the existing XML files from the Common Vulnerabilities and Exposures database and the Common Platform Enumeration. The initial Common Platform Enumeration (CPE) import might take some time depending on your configuration.

If you want to add the cross-references from NIST, Red Hat and other vendors:

./sbin/db_mgmt_ref.py

Databases and collections

The MongoDB database is called cvedb and there are 11 collections:

• cves (Common Vulnerabilities and Exposure items) – source NVD NIST
• cpe (Common Platform Enumeration items) – source NVD NIST
• cwe (Common Weakness Enumeration items) – source NVD NIST
• capec (Common Attack Pattern Enumeration and Classification) – source NVD NIST
• ranking (ranking rules per group) – local cve-search
• d2sec (Exploitation reference from D2 Elliot Web Exploitation Framework) – source d2sec.com
• MITRE Reference Key/Maps – source MITRE reference Key/Maps
• ms – (Microsoft Bulletin (Security Vulnerabilities and Bulletin)) – source Microsoft
• exploitdb (Offensive Security – Exploit Database) – source offensive security
• info (metadata of each collection like last-modified) – local cve-search
• via4 VIA4CVE cross-references.

The Redis database has 3 databases:

• 10: The cpe (Common Platform Enumeration) cache – source MongoDB cvedb collection cpe
• 11: The notification database – source cve-search
• 12: The CVE reference database is a cross-reference database to CVE ids against various vendors ID – source NVD NIST/MITRE

The reference database has 3 additional sources:

• MITRE Reference Key/Maps.
• Red Hat RPM to CVE database.
• Red Hat RHSA Oval database.

Updating the database

./sbin/db_updater.py -v

Repopulating the database

To easily drop and re-populate all the databases

./sbin/db_updater.py -v -f

This will drop all the existing external sources and reimport everything. This operation can take some time and it’s usually only required when new attributes parsing are added in cve-search.

You can search the database using search.py

./bin/search.py -p cisco:ios:12.4
./bin/search.py -p cisco:ios:12.4 -o json
./bin/search.py -f nagios -n
./bin/search.py -p microsoft:windows_7 -o html

If you want to search all the WebEx vulnerabilities and only printing the official references from the supplier.

./bin/search.py -p webex: -o csv -v “cisco”

You can also dump the JSON for a specific CVE ID.

./bin/search.py -c CVE-2010-3333

Advanced Tutorial

Copyright (c) 2012 Wim Remes – https://github.com/wimremes/
Copyright (c) 2012-2020 Alexandre Dulaunoy – https://github.com/adulau/
Copyright (c) 2015-2019 Pieter-Jan Moreels – https://github.com/pidgeyl/
Copyright (c) 2020 Paul Tikken – https://github.com/P-T-I