Skip to content

BulldawgHacks/CVE-Notify

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
CVE-Notify.py
CVE-Notify.py
 
 
README.md
README.md
 
 

Repository files navigation

CVE-Notify

I created the following resources to help outline the implementation of daily CVE updates via the National Vulnerability Database API.

Summary

The CVE-Notify.py script is used to make requests to the NVD API and use the tool Notify from Project Discovery to send the results to the desired application. I have a dedicated Discord channel that I use to send the notifications to.

The nice thing about using Notify is the process to change what application the notifications are sent to. Notify has a wide variety of integrations for notifications, and you would only have to change Notify’s provider-config.yaml file to use a different integration. You can learn more about Notify here: https://github.com/projectdiscovery/notify

I then use a crontab on a Linux cloud instance and configured it to run the script every night at midnight. It will then send all of the CVEs published to the NVD for the previous day to the Discord channel.

Requirements

This script requires the following:

For reference, below is how I personally install these.

#Python Requests Library
pip3 install requests

# Install Go
wget https://go.dev/dl/go1.20.5.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.20.5.linux-amd64.tar.gz
rm go1.20.5.linux-amd64.tar.gz

# Install Notify
go install -v github.com/projectdiscovery/notify/cmd/notify@latest

Provider Configuration File and Discord Webhook

Notify uses a provider configuration file to configure the connection to Discord (or your app of choice). The provider configuration file can be found at $HOME/.config/notify/provider-config.yaml. Below is an outline for the discord integration.

discord:
  - id: "NVD"
    discord_channel: "Channel-Name"
    discord_username: "Username"
    discord_format: "{{data}}"
    discord_webhook_url: "https://discord.com/api/webhooks/XXXXXXXX"

NOTE: The script currently uses an integration id of “NVD” to identify where the notifications should be sent. Remember that if you change the id parameter in the discord configuration, you will need to change it in the script.

You can follow this documentation to learn how to create the Discord webhook: https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks Essentially, you need to copy the Discord channel webhook and place it in provider-config.yaml.

Crontab

I use the following commands to create the crontab:

crontab -e
#opens editor
0 0 * * * python3 /path/to/CVE-Notify.py
#save

“0 0 * * *” defines the script to run every night at midnight.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages