koutto / cvedetails-lookup Goto Github PK
View Code? Open in Web Editor NEWPerform CVE lookup on cvedetails.com
cvedetails-lookup's People
Contributors
Stargazers
Watchers
Forkers
cyrinux marciopocebon 5l1v3r1 dwtcourses cbk914 yashomer1994 actorexpose coding-ai belowtheroot marlinho98 ab2pentest r4gn4r0k-seccvedetails-lookup's Issues
Break?
Not sure what the problem, cvedetails change break the parsing?
└──╼ $python3 cvedetails-lookup.py --product IIS --version 7.5
[*] Looking for "IIS 7.5" in cvedetails.com database...
Traceback (most recent call last):
File "cvedetails-lookup.py", line 274, in <module>
versions_results = parse_html_table_versions(resp)
File "cvedetails-lookup.py", line 141, in parse_html_table_versions
for row in table_results.findAll('tr')[1:]:
AttributeError: 'NoneType' object has no attribute 'findAll'
csv indicators for not found queries to cvedetails.com
Suggestion. Could you please add support to write something like "not available" while exporting to CSV.
i.e,
ID;CVSS;Date;Description;URL;Exploit
not available;not available;not available;not available;not available;not available
Wildcard option
It would be cool if this had the option to use wildcards such as * in front of so the product doesn't have to match completely for example:
[*] Looking for "Siemens Simatic S7-1500 Cpu Firmware 1.0.1" in cvedetails.com database...
[+] Exact match found in the database
[*] IDs summary: Vendor=Siemens [109] | Product=Simatic S7-1500 Cpu Firmware [27236] | Version=1.0.1 [161817]
[*] Fetch results for version id 161817 ...
[+] Total number of CVEs fetched: 10
[*] Results ordered by published date (desc):
Sometimes exports don't give out the full product name so S7-1500 doesn't retrieve any results.
python3 cvedetails-lookup.py --vendor 'Siemens' --product 'S7-1500' --version '1.0.1'
[*] Looking for "Siemens S7-1500 1.0.1" in cvedetails.com database...
[!] No exact match for this product/version. Checking for CVE in newer versions...
[!] The product "Siemens S7-1500" is not referenced in cvedetails.com database !```Minimum score filtering
Hi,
It would be very useful to show only CVEs with a minimum CVSS passed as argument.
I would like for instance to show only CVEs with score greater than 5:
$ ./cvedetails-lookup.py --vendor Icinga --product Icinga --version '2.8.1'
[*] Looking for "Icinga Icinga 2.8.1" in cvedetails.com database...
[+] Exact match found in the database
[*] IDs summary: Vendor=Icinga [11416] | Product=Icinga [20917] | Version=2.8.1 [351579]
[*] Fetch results for version id 351579 ...
[+] Total number of CVEs fetched: 3
[*] Results ordered by published date (desc):
+---------------+------+------------+----------------------------------------------------------------------------------+----------------------------------------------+----------+
| ID | CVSS | Date | Description | URL | Exploit? |
+---------------+------+------------+----------------------------------------------------------------------------------+----------------------------------------------+----------+
| CVE-2018-6536 | 4.9 | 2018-02-02 | An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an | http://www.cvedetails.com/cve/CVE-2018-6536/ | None |
| | | | icinga2.pid file after dropping privileges to a non-root account, which might | | |
| | | | allow local users to kill arbitrary processes by leveraging access to this non- | | |
| | | | root account for icinga2.pid modification before a root script executes a | | |
| | | | "kill `cat /pathname/icinga2.pid`" command, as demonstrated by | | |
| | | | icinga2.init.d.cmake. | | |
+---------------+------+------------+----------------------------------------------------------------------------------+----------------------------------------------+----------+
| CVE-2018-6535 | 4.3 | 2018-02-27 | An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time | http://www.cvedetails.com/cve/CVE-2018-6535/ | None |
| | | | password comparison function can disclose the password to an attacker. | | |
+---------------+------+------------+----------------------------------------------------------------------------------+----------------------------------------------+----------+
| CVE-2018-6533 | 7.2 | 2018-02-27 | An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf | http://www.cvedetails.com/cve/CVE-2018-6533/ | None |
| | | | file, Icinga 2 can be run as root. Following this the program can be used to run | | |
| | | | arbitrary code as root. This was fixed by no longer using init.conf to determine | | |
| | | | account information for any root-executed code (a larger issue than | | |
| | | | CVE-2017-16933). | | |
+---------------+------+------------+----------------------------------------------------------------------------------+----------------------------------------------+----------+
cvedetails.com back in business - was security alert: cvedetails.com missing CVE entries since 11/2019
as of 2021/06/05, this information is outdated , as cvedetails seems to be back in business
cvedetails does not seem to be a reliable/trusted and current source for cve security information anymore, so using this tool may provide incomple information (depending on search)
That website is at least missing cve data since 11/2019 .
Ownership information for that site at https://www.cvedetails.com/about-contact.php is wrong.
You get "Could not find any vulnerabilities matching the requested criteria" at https://www.cvedetails.com/browse-by-date.php for 11/2019 and afterwards.
Furthermore, see :
Attention CVEdetails.com users!
CVEdetails.com is owned by a third party since July 2016. They do not maintain the site and it's no longer functioning properly (they didn't even update the about page for years). You can try our new free vulnerability intelligence service to view CVEs, exploits, advisories and much more about security issues. See https://www.vulniq.com.
please update your tool for using another datasource or make it print a warning - or stop publishing it.
Quering for cves returns no data for most products
Noticed this last month. Most cve queries don't return any data from cve.com. Could this be a modification on their side? Deleted data? Was something modified that requires the way the script makes queries to be modified?
A good example is the one on the readme section: "python3 cvedetails-lookup.py --product IIS --version 7.5". It returns no data.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.