Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/athiththan11/wso2-cve-extractor

CLI Tool to extract the related WSO2 Security Advisory information of CVE
https://github.com/athiththan11/wso2-cve-extractor

cve scraper wso2

Last synced: 2 months ago
JSON representation

CLI Tool to extract the related WSO2 Security Advisory information of CVE

Awesome Lists containing this project

README 

        
# WSO2 CVE Extractor



A command line tool to extract (scrape) CVE information from NVD and related `WSO2 Security Advisory` information.



## Build, Install & Run



### Build & Install



Clone or download the repo and execute the following command (from the root directory) to install relevant dependencies.



```sh

npm install

```



### Run



You can run the tool by following either methods



#### Method 01



Execute the following command (from the root directory) to link the tool with the shell



```sh

npm link

```



and use the following command pattern to execute the tool



```sh

wso2-cve-extractor [list of CVEs] [--save]

```



For example:



- Execute the following command to scrape the CVE and WSO2 Security Advisory information of `CVE-2020-24589`



    ```sh

    wso2-cve-extractor CVE-2020-24589

    ```



- Execute the following command to scrape multiple CVEs



    ```sh

    wso2-cve-extractor CVE-2020-24589 CVE-2020-25600

    ```



- Execute the following command to scrape and save the output in a JSON file



    ```sh

    wso2-cve-extractor CVE-2020-24589 CVE-2020-25600 --save

    ```



#### Method 02



Execute the following command from the root directory



```sh

node index.js CVE-2020-24589

```



## Output



Extracted information is presented in JSON format. Given below is a sample output



```json

[

    { "cve": "CVE-2020-24600", "info": false },

    {

        "cve": "CVE-2020-24595",

        "info": {

            "name": "CVE-2020-24595",

            "nvd": {

                "description": "Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control.",

                "link": "https://nvd.nist.gov/vuln/detail/CVE-2020-24595"

            },

            "cwes": ["CWE-863"]

        }

    },

    {

        "cve": "CVE-2020-24589",

        "info": {

            "name": "CVE-2020-24589",

            "nvd": {

                "description": "The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.",

                "link": "https://nvd.nist.gov/vuln/detail/CVE-2020-24589",

                "wso2": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742"

            },

            "wso2": {

                "published": "Published: 17th August 2020",

                "products": ["WSO2 API Manager : 3.1.0 or earlier", "WSO2 API Microgateway : 2.2.0"],

                "git": [

                    "https://github.com/wso2/carbon-governance/pull/341",

                    "https://github.com/wso2/carbon-governance/pull/340",

                    "https://github.com/wso2/carbon-governance/pull/339"

                ]

            },

            "cwes": ["CWE-776"]

        }

    }

]

```