Here are some scripts that can be used for offline vulnerability discovery and management based on a list of known CPEs.
This project consists in retrieving a complete lists of software CPEs, searching for vulnerabilities compatible with one of them, then search if the customer has the affected cpe. If this occurs, the client and the vulnerabilty are memorized in a database table.
Those scripts are made for working with a database, wich contains the following tables:
customer: pretty basic, must be implemented by usercpearchive: it stores the list of known cpescustomers_cpe: associates a customer with a specific cpe, maintained by the usercves: the list of vulnerabilitesclientscve: it associates a customer, a cpe and its vulnerability
The project is composed by four scripts:
VulnSaver.py: a script to save discovered vulnerabilities into a database- the script uses the [nist]'s (https://nvd.nist.gov/) api
- for space issues, the list of vulnerabilities is limited to those of yesterday
- the vulnerability database api documentation can be found here
- usage:
VulnSaver.py
flaskAPI.py: A simple API that facilitates the maintenance of thecustomers_cpetable- it works via GET requests
- it inserts the customer id (
customerId) and the cpe id (cpeId) in thecustomers_cpetable - the script must be deployed into a web server
CpeArchiver.py: a tool to store every CPE found in a xml file into a database- usage:
CpeArchiver.py filename.xml - the xml file for the cpes dictionary (better use format 2.3) can be downloaded here
- usage:
VulnNotifier.py: a tool to notify if a client has a cpe with an associated vulnerability- usage:
VulnNotifier.py
- usage:
The module used in this project are the following:
- cpe
- psycopg2
- flask
The modules installation can be done executing sudo sh setup/install-dependencies.sh
It would be useful to automate the scripts' execution to improve efficiency.
Another (obvious) suggestion is using the whole project in a linux environment.