Loading README.md +1 −0 Original line number Diff line number Diff line Loading @@ -98,6 +98,7 @@ The MongoDB database is called cvedb and there are 11 collections: * ms - (Microsoft Bulletin (Security Vulnerabilities and Bulletin)) - source [Microsoft](http://www.microsoft.com/en-us/download/details.aspx?id=36982) * exploitdb (Offensive Security - Exploit Database) - source [offensive security](https://github.com/offensive-security/exploit-database) * info (metadata of each collection like last-modified) - local cve-search * via4 [VIA4CVE](https://github.com/cve-search/VIA4CVE) cross-references. The Redis database has 3 databases: Loading bin/search.py +92 −59 Original line number Diff line number Diff line Loading @@ -94,7 +94,7 @@ if sLatest: sorttype = -1 def printCVE(item, indent=None): def printCVE_json(item, indent=None): date_fields = ['cvss-time', 'Modified', 'Published'] for field in date_fields: if field in item: Loading @@ -121,24 +121,14 @@ def printCVE(item, indent=None): item['capec'] = cves.getcapec(cweid=(item['cwe'].split('-')[1])) print(json.dumps(item, sort_keys=True, default=json_util.default, indent=indent)) if cveSearch: for cveid in db.getCVEs(cves=cveSearch): printCVE(cveid) sys.exit(0) # Basic freetext search (in vulnerability summary). # Full-text indexing is more efficient to search across all CVEs. if vFreeSearch: try: for item in db.getFreeText(vFreeSearch): printCVE(item, indent=2) except: sys.exit("Free text search not enabled on the database!") sys.exit(0) def printCVE_html(item): print("<h2>" + item['id'] + "<br></h2>CVSS score: " + str(item['cvss']) + "<br>" + "<b>" + str(item['Published']) + "<b><br>" + item['summary'] + "<br>") print("References:<br>") for entry in item['references']: print(entry + "<br>") print("<hr><hr>") # Search Product (best to use CPE notation, e.g. cisco:ios:12.2 if vSearch: for item in db.cvesForCPE(vSearch): if csvOutput: def printCVE_csv(item): # We assume that the vendor name is usually in the hostame of the # URL to avoid any match on the resource part refs = [] Loading @@ -157,17 +147,8 @@ if vSearch: csvoutput.writerow([item['id'], str(item['Published']), item['cvss'], item['summary'], refs]) else: csvoutput.writerow([item['id'], str(item['Published']), item['cvss'], item['summary'], refs, nl]) elif htmlOutput: print("<h2>" + item['id'] + "<br></h2>CVSS score: " + str(item['cvss']) + "<br>" + "<b>" + str(item['Published']) + "<b><br>" + item['summary'] + "<br>") print("References:<br>") for entry in item['references']: print(entry + "<br>") print("<hr><hr>") # bson straight from the MongoDB db - converted to JSON default # representation elif jsonOutput: printCVE(item) elif xmlOutput: def printCVE_xml(item): c = SubElement(r, 'id') c.text = item['id'] c = SubElement(r, 'Published') Loading @@ -182,9 +163,11 @@ if vSearch: for e in item['vulnerable_configuration']: c = SubElement(r, 'vulnerable_configuration') c.text = SaxEscape(e) elif cveidOutput: def printCVE_id(item): print(item['id']) else: def printCVE_human(item): print("CVE\t: " + item['id']) print("DATE\t: " + str(item['Published'])) print("CVSS\t: " + str(item['cvss'])) Loading @@ -202,6 +185,56 @@ if vSearch: print(cves.getcpe(cpeid=entry)) print("\n\n") if cveSearch: for item in db.getCVEs(cves=cveSearch): if csvOutput: printCVE_csv(item) elif htmlOutput: printCVE_html(item) # bson straight from the MongoDB db - converted to JSON default # representation elif jsonOutput: printCVE_json(item) elif xmlOutput: printCVE_xml(item) elif cveidOutput: printCVE_id(item) else: printCVE_human(item) if htmlOutput: print("</body></html>") sys.exit(0) # Basic freetext search (in vulnerability summary). # Full-text indexing is more efficient to search across all CVEs. if vFreeSearch: try: for item in db.getFreeText(vFreeSearch): printCVE_json(item, indent=2) except: sys.exit("Free text search not enabled on the database!") sys.exit(0) # Search Product (best to use CPE notation, e.g. cisco:ios:12.2 if vSearch: for item in db.cvesForCPE(vSearch): if csvOutput: printCVE_csv(item) elif htmlOutput: printCVE_html(item) # bson straight from the MongoDB db - converted to JSON default # representation elif jsonOutput: printCVE_json(item) elif xmlOutput: printCVE_xml(item) elif cveidOutput: printCVE_id(item) else: printCVE_human(item) if htmlOutput: print("</body></html>") sys.exit(0) Loading lib/__init__.py 0 → 100644 +1 −0 Original line number Diff line number Diff line Loading
README.md +1 −0 Original line number Diff line number Diff line Loading @@ -98,6 +98,7 @@ The MongoDB database is called cvedb and there are 11 collections: * ms - (Microsoft Bulletin (Security Vulnerabilities and Bulletin)) - source [Microsoft](http://www.microsoft.com/en-us/download/details.aspx?id=36982) * exploitdb (Offensive Security - Exploit Database) - source [offensive security](https://github.com/offensive-security/exploit-database) * info (metadata of each collection like last-modified) - local cve-search * via4 [VIA4CVE](https://github.com/cve-search/VIA4CVE) cross-references. The Redis database has 3 databases: Loading
bin/search.py +92 −59 Original line number Diff line number Diff line Loading @@ -94,7 +94,7 @@ if sLatest: sorttype = -1 def printCVE(item, indent=None): def printCVE_json(item, indent=None): date_fields = ['cvss-time', 'Modified', 'Published'] for field in date_fields: if field in item: Loading @@ -121,24 +121,14 @@ def printCVE(item, indent=None): item['capec'] = cves.getcapec(cweid=(item['cwe'].split('-')[1])) print(json.dumps(item, sort_keys=True, default=json_util.default, indent=indent)) if cveSearch: for cveid in db.getCVEs(cves=cveSearch): printCVE(cveid) sys.exit(0) # Basic freetext search (in vulnerability summary). # Full-text indexing is more efficient to search across all CVEs. if vFreeSearch: try: for item in db.getFreeText(vFreeSearch): printCVE(item, indent=2) except: sys.exit("Free text search not enabled on the database!") sys.exit(0) def printCVE_html(item): print("<h2>" + item['id'] + "<br></h2>CVSS score: " + str(item['cvss']) + "<br>" + "<b>" + str(item['Published']) + "<b><br>" + item['summary'] + "<br>") print("References:<br>") for entry in item['references']: print(entry + "<br>") print("<hr><hr>") # Search Product (best to use CPE notation, e.g. cisco:ios:12.2 if vSearch: for item in db.cvesForCPE(vSearch): if csvOutput: def printCVE_csv(item): # We assume that the vendor name is usually in the hostame of the # URL to avoid any match on the resource part refs = [] Loading @@ -157,17 +147,8 @@ if vSearch: csvoutput.writerow([item['id'], str(item['Published']), item['cvss'], item['summary'], refs]) else: csvoutput.writerow([item['id'], str(item['Published']), item['cvss'], item['summary'], refs, nl]) elif htmlOutput: print("<h2>" + item['id'] + "<br></h2>CVSS score: " + str(item['cvss']) + "<br>" + "<b>" + str(item['Published']) + "<b><br>" + item['summary'] + "<br>") print("References:<br>") for entry in item['references']: print(entry + "<br>") print("<hr><hr>") # bson straight from the MongoDB db - converted to JSON default # representation elif jsonOutput: printCVE(item) elif xmlOutput: def printCVE_xml(item): c = SubElement(r, 'id') c.text = item['id'] c = SubElement(r, 'Published') Loading @@ -182,9 +163,11 @@ if vSearch: for e in item['vulnerable_configuration']: c = SubElement(r, 'vulnerable_configuration') c.text = SaxEscape(e) elif cveidOutput: def printCVE_id(item): print(item['id']) else: def printCVE_human(item): print("CVE\t: " + item['id']) print("DATE\t: " + str(item['Published'])) print("CVSS\t: " + str(item['cvss'])) Loading @@ -202,6 +185,56 @@ if vSearch: print(cves.getcpe(cpeid=entry)) print("\n\n") if cveSearch: for item in db.getCVEs(cves=cveSearch): if csvOutput: printCVE_csv(item) elif htmlOutput: printCVE_html(item) # bson straight from the MongoDB db - converted to JSON default # representation elif jsonOutput: printCVE_json(item) elif xmlOutput: printCVE_xml(item) elif cveidOutput: printCVE_id(item) else: printCVE_human(item) if htmlOutput: print("</body></html>") sys.exit(0) # Basic freetext search (in vulnerability summary). # Full-text indexing is more efficient to search across all CVEs. if vFreeSearch: try: for item in db.getFreeText(vFreeSearch): printCVE_json(item, indent=2) except: sys.exit("Free text search not enabled on the database!") sys.exit(0) # Search Product (best to use CPE notation, e.g. cisco:ios:12.2 if vSearch: for item in db.cvesForCPE(vSearch): if csvOutput: printCVE_csv(item) elif htmlOutput: printCVE_html(item) # bson straight from the MongoDB db - converted to JSON default # representation elif jsonOutput: printCVE_json(item) elif xmlOutput: printCVE_xml(item) elif cveidOutput: printCVE_id(item) else: printCVE_human(item) if htmlOutput: print("</body></html>") sys.exit(0) Loading
