cve-search v4.1 releases: perform local searches for known vulnerabilities
cve-search
cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs.
The main objective of the software is to avoid doing the direct and public lookup into the public CVE databases. This is usually faster to do local lookups and limits your sensitive queries via the Internet.
cve-search includes a back-end to store vulnerabilities and related information, an intuitive web interface for search and managing vulnerabilities, a series of tools to query the system, and a web API interface.
cve-search is used by many organizations including the public CVE services of CIRCL.
Changelog v4.1
Changes
- [version] v4.1.0 released. [Alexandre Dulaunoy]
Fix
- [doc] fix the default link of the public cvepremium.circl.lu. [Alexandre Dulaunoy]
- [view/capec] Non existing CAPEC value was not properly handled. [Alexandre Dulaunoy]
Fix #648
- [json import] ASSIGNER not always present (required) in NVD json feed. [Alexandre Dulaunoy]
Fix #650
Other
- Merge pull request #664 from P-T-I/cve-search-659. [PT]
fix #cve-search-659; wrong date format disables effective sorting on …
- Fix #cve-search-659; wrong date format disables effective sorting on table + inserted cvss3 score to vendor search table. [Paul Tikken Laptop]
- Merge pull request #663 from P-T-I/cve-search-660. [PT]
fix #cve-search-660; fixed the back to top button covering the datata…
- Fix #cve-search-660; fixed the back to top button covering the datatables buttons. [Paul Tikken Laptop]
- Merge pull request #662 from P-T-I/master. [PT]
Proxies fix
- Proxies fix. [Paul Tikken Laptop]
- Proxies fix. [Paul Tikken Laptop]
- Merge pull request #661 from P-T-I/master. [PT]
proxies fix
- Proxies fix. [Paul Tikken Laptop]
- More…
Installation
git clone https://github.com/cve-search/cve-search.git
cd cve-search
sudo pip3 install -r requirements.txt
Install mongodb
Usage
For the initial run, you need to populate the CVE database by running:
./sbin/db_mgmt.py -p
./sbin/db_mgmt_cpe_dictionary.py
./sbin/db_updater.py -c
It will fetch all the existing XML files from the Common Vulnerabilities and Exposures database and the Common Platform Enumeration. The initial Common Platform Enumeration (CPE) import might take some time depending on your configuration.
If you want to add the cross-references from NIST, Red Hat and other vendors:
./sbin/db_mgmt_ref.py
Databases and collections
The MongoDB database is called cvedb and there are 11 collections:
- cves (Common Vulnerabilities and Exposure items) – source NVD NIST
- cpe (Common Platform Enumeration items) – source NVD NIST
- cwe (Common Weakness Enumeration items) – source NVD NIST
- capec (Common Attack Pattern Enumeration and Classification) – source NVD NIST
- ranking (ranking rules per group) – local cve-search
- d2sec (Exploitation reference from D2 Elliot Web Exploitation Framework) – source d2sec.com
- MITRE Reference Key/Maps – source MITRE reference Key/Maps
- ms – (Microsoft Bulletin (Security Vulnerabilities and Bulletin)) – source Microsoft
- exploitdb (Offensive Security – Exploit Database) – source offensive security
- info (metadata of each collection like last-modified) – local cve-search
- via4 VIA4CVE cross-references.
The Redis database has 3 databases:
- 10: The cpe (Common Platform Enumeration) cache – source MongoDB cvedb collection cpe
- 11: The notification database – source cve-search
- 12: The CVE reference database is a cross-reference database to CVE ids against various vendors ID – source NVD NIST/MITRE
The reference database has 3 additional sources:
- MITRE Reference Key/Maps.
- Red Hat RPM to CVE database.
- Red Hat RHSA Oval database.
Updating the database
./sbin/db_updater.py -v
Repopulating the database
To easily drop and re-populate all the databases
./sbin/db_updater.py -v -f
This will drop all the existing external sources and reimport everything. This operation can take some time and it’s usually only required when new attributes parsing are added in cve-search.
You can search the database using search.py
./bin/search.py -p cisco:ios:12.4
./bin/search.py -p cisco:ios:12.4 -o json
./bin/search.py -f nagios -n
./bin/search.py -p microsoft:windows_7 -o html
If you want to search all the WebEx vulnerabilities and only printing the official references from the supplier.
./bin/search.py -p webex: -o csv -v “cisco”
You can also dump the JSON for a specific CVE ID.
./bin/search.py -c CVE-2010-3333
Advanced Tutorial
Copyright (c) 2012 Wim Remes – https://github.com/wimremes/
Copyright (c) 2012-2020 Alexandre Dulaunoy – https://github.com/adulau/
Copyright (c) 2015-2019 Pieter-Jan Moreels – https://github.com/pidgeyl/
Copyright (c) 2020 Paul Tikken – https://github.com/P-T-I
