CVID:一款功能强大的CVE漏洞信息收集与下载工具
2023-4-7 19:4:57 Author: FreeBuf(查看原文) 阅读量:35 收藏

 关于CVID 

CVID,全称为CVE Vulnerability Information Downloader,即CVE漏洞信息下载器,该工具支持从NIST(CVSS)、first.org(EPSS)和CISA下载信息,并将它们合并为一个列表。除此之外,该工具还可以利用来自OpenVAS等漏洞扫描程序的报告信息来丰富漏洞数据,以确定修复的优先级。该工具还包含了一个PowerBI模板,以丰富数据的查看形式。

通用漏洞评分系统(CVSS)是一个自由开放的行业标准,用于评估计算机系统安全漏洞的严重性。而漏洞预测评分系统(EPSS)用于估计软件漏洞在野被利用的可能性。CISA则主要负责发布已知漏洞列表。

CVID可以从上述三个漏洞信息来源下载信息,并组合成一个列表,并使用PowerBI等工具将漏洞扫描程序的结果与脚本在存储库中下载的信息相结合。该工具支持输出JSON和CSV格式数据,并将其存储到SQLite数据库中。

 工具下载 

广大研究人员可以使用下列命令将该项目源码克隆至本地:

git clone https://github.com/trinitor/CVE-Vulnerability-Information-Downloader.git

(向右滑动、查看更多)

 工具配置 

1、获取一个NIST API密钥:【https://nvd.nist.gov/developers/request-an-api-key】;

2、复制env_example.env文件;

3、编辑.env文件并添加API密钥;

4、可选:编辑docker-compose文件并调整cron计划任务;

5、可选:编辑data/vulnerability-tables-logstash/config/logstash.conf文件;

6、运行命令:docker-compose up -d;

7、脚本执行完后就可以在data/vulnerability-tables-cron/output/中查看到输出文件了;

 工具运行 

我们可以直接执行下列命令来运行工具脚本:

docker exec -it vulnerability-tables-cron bash /opt/scripts/download.sh

(向右滑动、查看更多

 PowerBI仪表盘 

该项目包含了一个个带有PowerBI模板文件的演示文件夹。它可以生成一个仪表盘,我们可以根据自己的需要进行调整:

OpenVAS报告必须采用csv格式才能导入工作:

PowerBI将使用创建的CVE.json文件并创建一个关系:

 工具输出文件 

工具运行之后,将会生成一些输出文件:

316K   CISA_known_exploited.csv
452K CISA_known_exploited.json
50M CVSS.csv
179M CVSS.json
206M CVE.json
56M CVE.csv
6.7M EPSS.csv
12M EPSS.json
49M database.sqlite

其中可以查看到针对每一个CVE漏洞的详细信息:

grep -i 'CVE-2021-44228' CVE.json | jq
{
"CVE": "CVE-2021-44228",
"CVSS2_accessComplexity": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS2_accessVector": "NETWORK",
"CVSS2_authentication": "MEDIUM",
"CVSS2_availabilityImpact": "NONE",
"CVSS2_baseScore": "COMPLETE",
"CVSS2_baseSeverity": "COMPLETE",
"CVSS2_confidentialityImpact": "COMPLETE",
"CVSS2_exploitabilityScore": "9.3",
"CVSS2_impactScore": "null",
"CVSS2_integrityImpact": "8.6",
"CVSS2_vectorString": "10",
"CVSS3_attackComplexity": "null",
"CVSS3_attackVector": "null",
"CVSS3_availabilityImpact": "null",
"CVSS3_baseScore": "null",
"CVSS3_baseSeverity": "null",
"CVSS3_confidentialityImpact": "null",
"CVSS3_exploitabilityScore": "null",
"CVSS3_impactScore": "null",
"CVSS3_integrityImpact": "null",
"CVSS3_privilegesRequired": "null",
"CVSS3_scope": "null",
"CVSS3_userInteraction": "null",
"CVSS3_vectorString": "null",
"CVSS3_acInsufInfo": "null",
"CVSS3_obtainAllPrivilege": "null",
"CVSS3_obtainUserPrivilege": "null",
"CVSS3_obtainOtherPrivilege": "null",
"CVSS3_userInteractionRequired": "null",
"EPSS": "0.97095",
"EPSS_Percentile": "0.99998",
"CISA_dateAdded": "2021-12-10",
"CISA_RequiredAction": "For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available."
}

(向右滑动、查看更多

 项目地址 

CVIDhttps://github.com/trinitor/CVE-Vulnerability-Information-Downloader

参考资料:

https://aka.ms/pbiSingleInstaller

https://nvd.nist.gov/developers/request-an-api-key

https://www.first.org/epss/user-guide

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

https://nvd.nist.gov/developers/vulnerabilities

精彩推荐


文章来源: http://mp.weixin.qq.com/s?__biz=MjM5NjA0NjgyMA==&mid=2651221846&idx=4&sn=143cd5c3f1dbb239d27364f525e86791&chksm=bd1dfddd8a6a74cb46c7aae49e0c040dbcc88736b177dc46a1b6d9cce7d097062bbbc61cf5ee#rd
如有侵权请联系:admin#unsafe.sh