koutto / cvedetails-lookup Goto Github PK
View Code? Open in Web Editor NEWPerform CVE lookup on cvedetails.com
Perform CVE lookup on cvedetails.com
Not sure what the problem, cvedetails change break the parsing?
└──╼ $python3 cvedetails-lookup.py --product IIS --version 7.5
[*] Looking for "IIS 7.5" in cvedetails.com database...
Traceback (most recent call last):
File "cvedetails-lookup.py", line 274, in <module>
versions_results = parse_html_table_versions(resp)
File "cvedetails-lookup.py", line 141, in parse_html_table_versions
for row in table_results.findAll('tr')[1:]:
AttributeError: 'NoneType' object has no attribute 'findAll'
Suggestion. Could you please add support to write something like "not available" while exporting to CSV.
i.e,
ID;CVSS;Date;Description;URL;Exploit
not available;not available;not available;not available;not available;not available
It would be cool if this had the option to use wildcards such as * in front of so the product doesn't have to match completely for example:
[*] Looking for "Siemens Simatic S7-1500 Cpu Firmware 1.0.1" in cvedetails.com database...
[+] Exact match found in the database
[*] IDs summary: Vendor=Siemens [109] | Product=Simatic S7-1500 Cpu Firmware [27236] | Version=1.0.1 [161817]
[*] Fetch results for version id 161817 ...
[+] Total number of CVEs fetched: 10
[*] Results ordered by published date (desc):
Sometimes exports don't give out the full product name so S7-1500 doesn't retrieve any results.
python3 cvedetails-lookup.py --vendor 'Siemens' --product 'S7-1500' --version '1.0.1'
[*] Looking for "Siemens S7-1500 1.0.1" in cvedetails.com database...
[!] No exact match for this product/version. Checking for CVE in newer versions...
[!] The product "Siemens S7-1500" is not referenced in cvedetails.com database !```
Hi,
It would be very useful to show only CVEs with a minimum CVSS passed as argument.
I would like for instance to show only CVEs with score greater than 5:
$ ./cvedetails-lookup.py --vendor Icinga --product Icinga --version '2.8.1'
[*] Looking for "Icinga Icinga 2.8.1" in cvedetails.com database...
[+] Exact match found in the database
[*] IDs summary: Vendor=Icinga [11416] | Product=Icinga [20917] | Version=2.8.1 [351579]
[*] Fetch results for version id 351579 ...
[+] Total number of CVEs fetched: 3
[*] Results ordered by published date (desc):
+---------------+------+------------+----------------------------------------------------------------------------------+----------------------------------------------+----------+
| ID | CVSS | Date | Description | URL | Exploit? |
+---------------+------+------------+----------------------------------------------------------------------------------+----------------------------------------------+----------+
| CVE-2018-6536 | 4.9 | 2018-02-02 | An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an | http://www.cvedetails.com/cve/CVE-2018-6536/ | None |
| | | | icinga2.pid file after dropping privileges to a non-root account, which might | | |
| | | | allow local users to kill arbitrary processes by leveraging access to this non- | | |
| | | | root account for icinga2.pid modification before a root script executes a | | |
| | | | "kill `cat /pathname/icinga2.pid`" command, as demonstrated by | | |
| | | | icinga2.init.d.cmake. | | |
+---------------+------+------------+----------------------------------------------------------------------------------+----------------------------------------------+----------+
| CVE-2018-6535 | 4.3 | 2018-02-27 | An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time | http://www.cvedetails.com/cve/CVE-2018-6535/ | None |
| | | | password comparison function can disclose the password to an attacker. | | |
+---------------+------+------------+----------------------------------------------------------------------------------+----------------------------------------------+----------+
| CVE-2018-6533 | 7.2 | 2018-02-27 | An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf | http://www.cvedetails.com/cve/CVE-2018-6533/ | None |
| | | | file, Icinga 2 can be run as root. Following this the program can be used to run | | |
| | | | arbitrary code as root. This was fixed by no longer using init.conf to determine | | |
| | | | account information for any root-executed code (a larger issue than | | |
| | | | CVE-2017-16933). | | |
+---------------+------+------------+----------------------------------------------------------------------------------+----------------------------------------------+----------+
as of 2021/06/05, this information is outdated , as cvedetails seems to be back in business
cvedetails does not seem to be a reliable/trusted and current source for cve security information anymore, so using this tool may provide incomple information (depending on search)
That website is at least missing cve data since 11/2019 .
Ownership information for that site at https://www.cvedetails.com/about-contact.php is wrong.
You get "Could not find any vulnerabilities matching the requested criteria" at https://www.cvedetails.com/browse-by-date.php for 11/2019 and afterwards.
Furthermore, see :
Attention CVEdetails.com users!
CVEdetails.com is owned by a third party since July 2016. They do not maintain the site and it's no longer functioning properly (they didn't even update the about page for years). You can try our new free vulnerability intelligence service to view CVEs, exploits, advisories and much more about security issues. See https://www.vulniq.com.
please update your tool for using another datasource or make it print a warning - or stop publishing it.
Noticed this last month. Most cve queries don't return any data from cve.com. Could this be a modification on their side? Deleted data? Was something modified that requires the way the script makes queries to be modified?
A good example is the one on the readme section: "python3 cvedetails-lookup.py --product IIS --version 7.5". It returns no data.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.