Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/he1m4n6a/cve-db

一个用于生成cve数据库的程序并提供简单的http协议查询接口
https://github.com/he1m4n6a/cve-db

Last synced: 22 days ago
JSON representation

一个用于生成cve数据库的程序并提供简单的http协议查询接口

Awesome Lists containing this project

README

        

> 在SDL安全设计中,常常会做三方组件的CVE安全分析,基于这样的背景,决定开发一款能抓取CVE的数据并提供查询接口的程序。比如可以结合笔者的另一款工具[dcweb](https://github.com/he1m4n6a/dcweb),就可以快速构建三方组件的安全扫描。

# 简介

CVE-DB 是一款抓取 https://nvd.nist.gov/ cve数据的工具,主要有两种功能:

1、抓取和更新cve数据保存在本地数据库

2、提供http接口查询cve数据

# 安装

```bash
CGO_ENABLED=0 GOARCH=amd64 GOOS=linux go build -a -o cve-db .
```

GOOS参数可以指定生成的二进制文件格式,包含三个平台选项:

- linux

- windows

- drawin

# 使用

## 命令行参数

1.获取帮助信息

```bash
$ ./cve-db -h
```

2.更新或者插入cve数据

```bash
$ ./cve-db -u
```

3.开启http服务器

```
$ ./cve-db -s
```

## 配置文件config.cfg

配置文件需要放在`/etc/config.cfg`路径下,如需修改到其他路径,可修改代码`config.go`第12行

```bash
const Path = "/etc/config.cfg"
```

配置文件样例:

```xml
DBEngine = mysql
DBServer = 127.0.0.1:3306
DBName = cvedb
DBUser = root
DBPasswd = 123456
DebugSQL = false
Bind = 0.0.0.0
Port = 8000
HTTPProxy =
Year = 2012
```

- 前面6个参数关于mysql的,开启`DebugSQL`会打印mysql执行过程。
- `Bind`和`Port`是配置服务器开启的地址和端口,默认监听`0.0.0.0:8000`
- HTTPProxy设置下载代理,格式eg:`http://proxy.example.com:8080`
- Year是配置从`哪一年`开始抓取`到至今`的cve漏洞,默认是从爬取所有数据(`2002`开始)

# httpserver接口

1.获取单个cve漏洞的信息

```bash
$ curl http://127.0.0.1:8000/cves/cve-2020-0003| jq "."
```

返回结果:

```json
{
"CveID": "CVE-2020-0003",
"NvdJSON": {
"CveID": "CVE-2020-0003",
"Descriptions": [
{
"Lang": "en",
"Value": "In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-140195904"
}
],
"Cvss2": {
"VectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"AccessVector": "LOCAL",
"AccessComplexity": "HIGH",
"Authentication": "NONE",
"ConfidentialityImpact": "PARTIAL",
"IntegrityImpact": "PARTIAL",
"AvailabilityImpact": "PARTIAL",
"BaseScore": 3.7,
"Severity": "LOW",
"ExploitabilityScore": 1.9,
"ImpactScore": 6.4,
"ObtainAllPrivilege": false,
"ObtainUserPrivilege": false,
"ObtainOtherPrivilege": false,
"UserInteractionRequired": true
},
"Cvss3": {
"VectorString": "",
"AttackVector": "",
"AttackComplexity": "",
"PrivilegesRequired": "",
"UserInteraction": "",
"Scope": "",
"ConfidentialityImpact": "",
"IntegrityImpact": "",
"AvailabilityImpact": "",
"BaseScore": 0,
"BaseSeverity": "",
"ExploitabilityScore": 0,
"ImpactScore": 0
},
"Cwes": [
{
"CweID": "CWE-367"
}
],
"Cpes": [
{
"URI": "cpe:/o:google:android:8.0",
"FormattedString": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
"WellFormedName": "wfn:[part=\"o\", vendor=\"google\", product=\"android\", version=\"8\\.0\", update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]",
"Part": "o",
"Vendor": "google",
"Product": "android",
"Version": "8\\.0",
"Update": "ANY",
"Edition": "ANY",
"Language": "ANY",
"SoftwareEdition": "ANY",
"TargetSW": "ANY",
"TargetHW": "ANY",
"Other": "ANY",
"VersionStartExcluding": "",
"VersionStartIncluding": "",
"VersionEndExcluding": "",
"VersionEndIncluding": "",
"EnvCpes": []
}
],
"Affects": [
{
"Vendor": "google",
"Product": "android",
"Version": "8.0"
}
],
"References": [
{
"Source": "",
"Link": "https://source.android.com/security/bulletin/2020-01-01"
}
],
"Certs": [],
"PublishedDate": "2020-01-08T19:15:00Z",
"LastModifiedDate": "2020-01-29T21:15:00Z"
}
}
```

2.通过cpe获取对应cve的信息

```bash
$ curl -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"name": "cpe:/o:google:android:8.0"}' http://127.0.0.1:8000/cpes | jq "."
```

返回结果:

```json
[
{
"CveID": "CVE-2020-0001",
"NvdJSON": {
"CveID": "CVE-2020-0001",
"Descriptions": [
{
"Lang": "en",
"Value": "In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-140055304"
}
],
"Cvss2": {
"VectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"AccessVector": "LOCAL",
"AccessComplexity": "LOW",
"Authentication": "NONE",
"ConfidentialityImpact": "COMPLETE",
"IntegrityImpact": "COMPLETE",
"AvailabilityImpact": "COMPLETE",
"BaseScore": 7.2,
"Severity": "HIGH",
"ExploitabilityScore": 3.9,
"ImpactScore": 10,
"ObtainAllPrivilege": false,
"ObtainUserPrivilege": false,
"ObtainOtherPrivilege": false,
"UserInteractionRequired": false
},
"Cvss3": {
"VectorString": "",
"AttackVector": "",
"AttackComplexity": "",
"PrivilegesRequired": "",
"UserInteraction": "",
"Scope": "",
"ConfidentialityImpact": "",
"IntegrityImpact": "",
"AvailabilityImpact": "",
"BaseScore": 0,
"BaseSeverity": "",
"ExploitabilityScore": 0,
"ImpactScore": 0
},
"Cwes": [
{
"CweID": "CWE-269"
}
],
"Cpes": [
{
"URI": "cpe:/o:google:android:8.0",
"FormattedString": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
"WellFormedName": "wfn:[part=\"o\", vendor=\"google\", product=\"android\", version=\"8\\.0\", update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]",
"Part": "o",
"Vendor": "google",
"Product": "android",
"Version": "8\\.0",
"Update": "ANY",
"Edition": "ANY",
"Language": "ANY",
"SoftwareEdition": "ANY",
"TargetSW": "ANY",
"TargetHW": "ANY",
"Other": "ANY",
"VersionStartExcluding": "",
"VersionStartIncluding": "",
"VersionEndExcluding": "",
"VersionEndIncluding": "",
"EnvCpes": []
},
......snip......
```

3.通过cpe获取对应cve的id

```bash
curl -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"name": "cpe:/o:google:android:8.0"}' http://127.0.0.1:8000/cpes/ids | jq "."
```

返回结果:

```json
[
"CVE-2020-0003",
"CVE-2020-0001",
"CVE-2020-0002",
"CVE-2020-0005",
"CVE-2020-0006",
"CVE-2020-0004",
"CVE-2020-0007",
"CVE-2020-0008",
"CVE-2020-0014",
"CVE-2020-0015",
"CVE-2020-0017",
"CVE-2020-0018",
"CVE-2020-0022",
"CVE-2020-0026",
"CVE-2020-0027",
"CVE-2020-0034",
"CVE-2020-0033",
"CVE-2020-0032",
"CVE-2020-0035",
"CVE-2020-0037",
"CVE-2020-0036",
"CVE-2020-0039",
"CVE-2020-0038",
"CVE-2020-10829",
"CVE-2020-10831",
"CVE-2020-10836",
"CVE-2020-10839",
"CVE-2020-10842",
"CVE-2020-10843",
"CVE-2020-10845",
"CVE-2020-10844",
"CVE-2020-10850",
"CVE-2020-10848",
"CVE-2020-10852",
"CVE-2020-10854",
"CVE-2020-10849",
"CVE-2020-8860",
"CVE-2020-11605"
]
```