{"id":20448501,"url":"https://github.com/shadawck/mitrecve","last_synced_at":"2025-04-13T01:27:26.327Z","repository":{"id":57442018,"uuid":"254099015","full_name":"shadawck/mitrecve","owner":"shadawck","description":"Get all cve corresponding to a specific keyword or a list of keywords from the mitre database (https://cve.mitre.org/)","archived":false,"fork":false,"pushed_at":"2022-08-20T10:19:14.000Z","size":8790,"stargazers_count":16,"open_issues_count":2,"forks_count":7,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-26T19:12:10.787Z","etag":null,"topics":["api","cli","cve","cve-scanning","cve-search","dependencies","mitre","mitre-api","mitre-attack","security","security-scanner","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/shadawck.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-04-08T13:41:25.000Z","updated_at":"2024-12-16T14:10:31.000Z","dependencies_parsed_at":"2022-09-26T17:21:02.189Z","dependency_job_id":null,"html_url":"https://github.com/shadawck/mitrecve","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shadawck%2Fmitrecve","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shadawck%2Fmitrecve/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shadawck%2Fmitrecve/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shadawck%2Fmitrecve/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shadawck","download_url":"https://codeload.github.com/shadawck/mitrecve/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248317708,"owners_count":21083528,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","cli","cve","cve-scanning","cve-search","dependencies","mitre","mitre-api","mitre-attack","security","security-scanner","security-tools"],"created_at":"2024-11-15T10:35:23.111Z","updated_at":"2025-04-13T01:27:26.285Z","avatar_url":"https://github.com/shadawck.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# MITRECVE  \r\n\r\n[![PyPI version](https://badge.fury.io/py/mitrecve.svg)](https://badge.fury.io/py/mitrecve) [![Requirements Status](https://requires.io/github/shadawck/mitrecve/requirements.svg?branch=master)](https://requires.io/github/shadawck/mitrecve/requirements/?branch=master) [![Documentation Status](https://readthedocs.org/projects/shadawck/badge/?version=latest)](https://mitrecve.readthedocs.io/en/latest/?badge=latest)\r\n\r\nGet all CVE corresponding to a specific keyword or list of keywords from the [MITRE](https://cve.mitre.org/) database.\r\n\r\nFor a complete documentation look at [ReadTheDocs](https://mitrecve.readthedocs.io/en/latest/)\r\n\r\n## Install\r\n\r\nYou can install ```mitrecve``` either via pip (PyPI) or from source.\r\nTo install using pip:\r\n\r\n```bash\r\npython3 -m pip install mitrecve\r\n```\r\n\r\nOr manually:\r\n\r\n```sh\r\ngit clone https://github.com/remiflavien1/mitrecve\r\ncd mitrecve\r\npython3 setup.py install\r\n# Or\r\npython3 -m pip install .\r\n```\r\n\r\n## CLI\r\n\r\n```sh\r\nMitreCVE\r\n\r\nBasic usage:\r\n  mitrecve crawl \u003cpackage\u003e [--detail ] [--format FORMAT]\r\n  mitrecve show \u003cresult\u003e\r\n  mitrecve ( -h | --help | --version )\r\n\r\noptions:\r\n    -f --format FORMAT   Choose output format (json)\r\n    -d --detail          Show CVE details\r\n    -h --help            Show this screen\r\n       --version         Show version\r\n```\r\n\r\nExample of output for the python ```html5lib``` module:\r\n\r\n```sh\r\nmitrecve crawl html5lib\r\n```\r\n\r\n```sh\r\n-------------- Package: \u003chtml5lib\u003e  --------------\r\n\r\nCVE : CVE-2016-9910\r\nCVE DETAIL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9910\r\nDESCRIPTION The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909.\r\n\r\n\r\nCVE : CVE-2016-9909\r\nCVE DETAIL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9909\r\nDESCRIPTION The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the \u003c (less than) character in attribute values.\r\n```\r\n\r\nYou can also search for multiple keywords and print (and/or save with ```-o,--output``` flag) additional details with  ```--detail``` flag:\r\n\r\n```sh\r\nmitrecve crawl recon-ng,harvester --detail\r\n```\r\n\r\n```sh\r\nCVE : CVE-2018-20752\r\nDESCRIPTION : An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote code execution for the attacker.\r\nNVD LINK : https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20752\r\nCNA : MITRE Corporation\r\nRELEASE DATE : 2019/02/04\r\n\r\nReference for CVE: CVE-2018-20752\r\n        CVE REFERENCE : https://bitbucket.org/LaNMaSteR53/recon-ng/commits/41e96fd58891439974fb0c920b349f8926c71d4c#chg-modules/reporting/csv.py\r\n        CVE REFERENCE : https://bitbucket.org/LaNMaSteR53/recon-ng/issues/285/csv-injection-vulnerability-identified-in\r\n\r\n\r\n\r\n-------------- Package: \u003charvester\u003e --------------\r\nCVE : CVE-2011-5197\r\nDESCRIPTION : Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Harvester Systems 2.3.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files.\r\nNVD LINK : https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5197\r\nCNA : MITRE Corporation\r\nRELEASE DATE : 2012/09/23\r\n\r\nReference for CVE: CVE-2011-5197\r\n        CVE REFERENCE : http://www.exploit-db.com/exploits/18266\r\n\r\n```\r\n\r\n# API\r\n\r\nJust import and use it.\r\n\r\n```python\r\n\u003e\u003e\u003e from mitrecve import crawler\r\n\u003e\u003e\u003e from pprint import pprint\r\n\r\n\u003e\u003e\u003e cve_simple = crawler.get_main_page(\"jython\") \r\n\u003e\u003e\u003e pprint(cve_simple)\r\n```\r\n\r\n```yaml\r\n{0: {'DESC': 'Jython before 2.7.1rc1 allows attackers to execute arbitrary '\r\n             'code via a crafted serialized PyFunction object.',\r\n     'ID': 'CVE-2016-4000',\r\n     'URL': 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4000',\r\n     '__PACKAGE': 'jython'},\r\n 1: {'DESC': 'Jython 2.2.1 uses the current umask to set the privileges of the '\r\n             'class cache files, which allows local users to bypass intended '\r\n             'access restrictions via unspecified vectors.',\r\n     'ID': 'CVE-2013-2027',\r\n     'URL': 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2027',\r\n     '__PACKAGE': 'jython'}}\r\n```\r\n\r\n# cve detail\r\n\r\n```python\r\n\u003e\u003e\u003e pprint(crawler.get_cve_detail(cve_simple))\r\n```\r\n\r\n```yaml\r\n{0: {'CNA': 'MITRE Corporation',\r\n     'CVE_REF_URL': ['http://www.securityfocus.com/bid/105647',\r\n                     'http://bugs.jython.org/issue2454',\r\n                     'http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html',\r\n                     'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864859',\r\n                     'https://hg.python.org/jython/file/v2.7.1rc1/NEWS',\r\n                     'https://hg.python.org/jython/rev/d06e29d100c0',\r\n                     'https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html',\r\n                     'http://www.debian.org/security/2017/dsa-3893',\r\n                     'https://security.gentoo.org/glsa/201710-28',,\r\n                     'https://security-tracker.debian.org/tracker/CVE-2016-4000',\r\n                     'https://snyk.io/vuln/SNYK-JAVA-ORGPYTHON-31451',\r\n                     'https://www.oracle.com/security-alerts/cpuapr2020.html',\r\n                     'https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html',\r\n                     'https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html',\r\n                     'https://lists.apache.org/thread.html/0919ec1db20b1022f22b8e78f355667df74d6142b463ff17d03ad533@%3Cdevnull.infra.apache.org%3E'],\r\n     'DESC': 'Jython before 2.7.1rc1 allows attackers to execute arbitrary '\r\n             'code via a crafted serialized PyFunction object.',\r\n     'ID': 'CVE-2016-4000',\r\n     'NVD_URL': 'https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4000',\r\n     'RELEASE_DATE': '2016/04/12'},\r\n 1: {'CNA': 'Red Hat, Inc.',\r\n     'CVE_REF_URL': ['http://advisories.mageia.org/MGASA-2015-0096.html',\r\n                     'http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html',\r\n                     'http://www.mandriva.com/security/advisories?name=MDVSA-2015:158',\r\n                     'https://bugzilla.redhat.com/show_bug.cgi?id=947949',\r\n                     'http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html'],\r\n     'DESC': 'Jython 2.2.1 uses the current umask to set the privileges of the '\r\n             'class cache files, which allows local users to bypass intended '\r\n             'access restrictions via unspecified vectors.',\r\n     'ID': 'CVE-2013-2027',\r\n     'NVD_URL': 'https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2027',\r\n     'RELEASE_DATE': '2013/02/19'}}\r\n```\r\n\r\n## Troubleshooting\r\n\r\n### Lxml not found ( python \u003c= 3.6 )\r\n\r\nMake sure pip resolve all the dependencies. If not working install package manually :\r\n\r\n```sh\r\npip3 install lxml cssselect\r\n```\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshadawck%2Fmitrecve","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshadawck%2Fmitrecve","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshadawck%2Fmitrecve/lists"}