Merge pull request #208 from adulau/master

    ./sbin/db_updater.py -c

It will fetch all the existing XML files from the Common Vulnerabilities

and Exposures database and the Common Platform Enumeration.

and Exposures database and the Common Platform Enumeration. The initial

Common Platform Enumeration (CPE) import might take some time depending

of your configuration.

If you want to add the cross-references from NIST, Red Hat and other vendors:

    ./sbin/db_mgmt_ref.py

A more detailed documentation can be found in the Documentations folder of the project.

* capec (Common Attack Pattern Enumeration and Classification) - source NVD NIST

* ranking (ranking rules per group) - local cve-search

* d2sec (Exploitation reference from D2 Elliot Web Exploitation Framework) - source d2sec.com

* [vFeed](https://github.com/toolswatch/vFeed) (cross-references to CVE ids (e.g. OVAL, OpenVAS, ...)) - source [vFeed](https://github.com/toolswatch/vFeed) - proprietary feed - [MITRE Reference Key/Maps](https://cve.mitre.org/data/refs/) is preferred

* [MITRE Reference Key/Maps](https://cve.mitre.org/data/refs/) - source MITRE reference Key/Maps

* ms - (Microsoft Bulletin (Security Vulnerabilities and Bulletin)) - source [Microsoft](http://www.microsoft.com/en-us/download/details.aspx?id=36982)

* exploitdb (Offensive Security - Exploit Database) - source [offensive security](https://github.com/offensive-security/exploit-database)

* info (metadata of each collection like last-modified) - local cve-search

* 11: The notification database - source cve-search

* 12: The [CVE reference database](https://cve.mitre.org/data/refs/) is a cross-reference database to CVE ids against various vendors ID - source NVD NIST/MITRE

The reference database has 3 additional sources:

* [MITRE Reference Key/Maps](https://cve.mitre.org/data/refs/).

* Red Hat RPM to CVE database.

* Red Hat RHSA Oval database.

Updating the database

---------------------

if not args.c:

    sys.exit("CVE id missing")

ref_urls = {"MS": "https://technet.microsoft.com/library/security/"}

ref_urls = {"MS": "https://technet.microsoft.com/library/security/",

            "SECUNIA": "http://secunia.com/advisories/",

            "SREASON": "http://securityreason.com/security_alert",

            "CERT": "http://www.cert.org/advisories",

            "BID": "http://www.securityfocus.com/bid/",

            "AIXAPART": "",

            "ALLAIRE": "",

            "APPLE": "",

            "ASCEND": "",

            "ATSTAKE": "",

            "AUSCERT": "",

            "BEA": "",

            "BINDVIEW": "",

            "SECTRACK": "http://www.securitytracker.com/id/",

            "MANDRIVA": "http://www.mandriva.com/security/advisories?name="}

refs = r.smembers(args.c)

for ref in refs:

    if args.u:

        (provider, refid) = ref.split(":", 1)

        if provider in ref_urls:

        if provider in ref_urls.keys():

            print ("{}{}".format(ref_urls[provider], refid))

        elif provider == 'CONFIRM':

            print ("{}".format(refid))

argParser = argparse.ArgumentParser(description='Dump database in JSON format')

argParser.add_argument('-r', default=False, action='store_true', help='Include ranking value')

argParser.add_argument('-v', default=False, action='store_true', help='Include vfeed map')

argParser.add_argument('-v', default=False, action='store_true', help='Include vfeed map') # TODO change

argParser.add_argument('-c', default=False, action='store_true', help='Include CAPEC information')

argParser.add_argument('-l', default=False, type=int, help='Limit output to n elements (default: unlimited)')

args = argParser.parse_args()

rankinglookup = args.r

vfeedlookup = args.v

reflookup = args.v

capeclookup = args.c

l = cves.last(rankinglookup=rankinglookup, vfeedlookup=vfeedlookup, capeclookup=capeclookup)

l = cves.last(rankinglookup=rankinglookup, reflookup=reflookup, capeclookup=capeclookup)

for cveid in db.getCVEIDs(limit=args.l):

    item = l.getcve(cveid=cveid)

      <tr><td>cpeother</td> <td>CVE-Search</td> <td>CVE-Search has a script to fill this database, using the original CPE's and generating titles for them.</td></tr>

      <tr><td>cwe</td> <td>NVD NIST</td> <td>Information about Common Weaknesses, as published by NIST</td></tr>

      <tr><td>d2sec</td> <td>d2sec.com</td> <td>Information about CVE's, as released by d2sec</td></tr>

      <tr><td>vfeed</td> <td>vFeed</td> <td>Information about CVE's, as released by vFeed</td></tr>

      <tr><td>vendor</td> <td>NVD NIST</td> <td>Vendor statements, released by NIST</td></tr>

      <tr><td>info</td> <td>CVE-Search</td> <td>Information about the Mongo Database updates.</td></tr>

    </table>

| cpeother   | CVE-Search | CVE-Search has a script to fill this database, using the original CPE's and generating titles for them. |

| cwe        | NVD NIST   | Information about Common Weaknesses, as published by NIST |

| d2sec      | d2sec.com  | Information about CVE's, as released by d2sec |

| vfeed      | vFeed      | Information about CVE's, as released by vFeed |

| vendor     | NVD NIST   | Vendor statements, released by NIST |

| info       | CVE-Search | Information about the Mongo Database updates. |