Hi,

For getting the data in enchantments -> dependencies -> references, following is my source code:
vulners_api = vulners.Vulners(api_key=my_key)
CVE_data = vulners_api.document("CVE-2020-11651")
print(CVE_data)

but the result I get is:
{'lastseen': '2020-10-03T12:55:48', 'bulletinFamily': 'NVD', 'description': 'An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.', 'modified': '2020-08-20T01:17:00', 'id': 'CVE-2020-11651', 'published': '2020-04-30T17:15:00', 'href': 'https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11651', 'title': 'CVE-2020-11651', 'type': 'cve', 'cvss': {'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P'}, 'enchantments': {'vulnersScore': 'PENDING'}}

Traceback (most recent call last):
  File "/distr/vulners/seeker.py", line 58, in get_vulns_of
    related = vulners_api.search("order:cvss.score %s %s" % (software, version), limit=20, )
  File "/usr/local/lib/python3.6/dist-packages/vulners/api.py", line 336, in search
    total = max(results.get('total'), total)
AttributeError: 'bytes' object has no attribute 'get'

How to reproduce: I called api search ~100 times with one second delay between requests. Got this error on random requets anytime. Sometimes i can get 10 errors on 100 requests, sometimes just 1. If i up delay to 10 secs - all good.

Hi,
Earlier I was able to use my free api key to get results for a particular os distribution. But that doesn't seem to work anymore. Have the restrictions changed on API usage?

Here's what I'm doing:
vulners_api = vulners.Vulners(api_key=API_KEY)
cve_data = vulners_api.distributive("CentOS", "7")
print(type(cve_data))

Here's what I get:
/usr/local/lib/python3.6/dist-packages/vulners/api.py:155: UserWarning: This method available only for license types: ['professional', 'enterprise', 'oem', 'trial', 'research'], current license set: ['free']
warnings.warn("%s" % results.get('error'))
Traceback (most recent call last):
File "./vulnerstest.py", line 5, in
cve_data = vulners_api.distributive("CentOS", "7")
File "/usr/local/lib/python3.6/dist-packages/vulners/api.py", line 696, in distributive
with ZipFile(BytesIO(zipped_json)) as zip_file:
TypeError: a bytes-like object is required, not 'dict'

The same result can be seen on https://vulners.com/docs

based on the changelog, there are several releases after 1.4.0. Could you tag it properly so that linux distros would pick it up?

we have received a pentoo/pentoo-overlay#432 request and I really would to avoid such snapshots as it adds extra load on us.

Hello, I am working in python 2.7 and have successfully installed the vulners package from PyPi.

I also created an api key with scope of api.

I've tested other examples from the readme page and they seem to work well. I can run the query and then print the results to see the resulting json data.

However, when I try to run the following:

vulners_api = vulners.Vulners(api_key="YOUR_API_KEY_HERE")
all_cve = vulners_api.archive("cve")

The call seems to hang... e.g. >>> all_cve = vulners_api.archieve("cve")
and doesn't return the python prompt. I've let this sit for up to 5min or longer and eventually it seems to just timeout.

from reviewing the code, i'm expecting the all_cve object to be a zip file. I'm assuming that I could then write this to a file locally with something like:

vulners_api = vulners.Vulners(api_key="YOUR_API_KEY_HERE")
all_cve = vulners_api.archive("cve")
with io.open('cve.zip', 'w+b', -1) as file:
    file.write(all_cve)

or

vulners_api = vulners.Vulners(api_key="YOUR_API_KEY_HERE")
with io.open('cve.zip', 'w+b', -1) as file:
    file.write(vulners_api.archive("cve"))

would there be a preference to the write way to write the cve.zip file to disk?

I was reading the documentation here: https://docs.vulners.com/vscanner/

Which mentions installing this library and then running

import vulners

vulners_api = vulners.VulnersVscanner(api_key="YOUR_API_KEY_HERE")

But it keeps saying VulnersVscanner isn't in the module.

I also looked at an older issue here (#25) and noticed someone used:

vulners_api = vulners.VScannerApi(api_key=api_key)

But that doesn't work for me either; I only see vulners.Vulners(...) being accessible in this package (and that's all I see in the source code, too).

Could someone point me in the right direction about which package to install to access the vscanner module?

I installed vulners via pip env install vulners and it is on version 1.5.11

Hi Vulners Team,
I am trying to pull data from cve with vulnerabilities with in a single day .
I tried to import the vulners source code and change the start date and end date with required values and still seeing that I was pulling all the data.
If possible can you please provide me with a code to pull data of all cves that are observed in a single day.
Your help is much appreciated.
Thank you

So I have a question, what if I want an exact CVE for a CPE, For example, cpe:/a:apache:http_server:2.2.8 should return one vulnerability because I specified the version. I have no clue how to do that using this API.

Thanks in advance.

I am use "results = vulners_api.softwareVulnerabilities(product, version)"
When product = httpd - some times i have no result
But if im replace "httpd" to "Apache" API get rigth info.

hi

Im getting the below error when trying to import vulners:

Traceback (most recent call last):
File "C:\Siemplify_Server\bin\Scripting\PythonSDK\IntegrationsVirtualEnvironment\Vulners_V7.0\gek0bccp.u5m.py", line 4, in
import vulners
File "C:\Siemplify_Server\bin\Scripting\PythonSDK\IntegrationsVirtualEnvironment\Vulners_V7.0\lib\site-packages\vulners_init_.py", line 5, in
from vulners.api import Vulners
File "C:\Siemplify_Server\bin\Scripting\PythonSDK\IntegrationsVirtualEnvironment\Vulners_V7.0\lib\site-packages\vulners\api.py", line 26, in
class Vulners(object):
File "C:\Siemplify_Server\bin\Scripting\PythonSDK\IntegrationsVirtualEnvironment\Vulners_V7.0\lib\site-packages\vulners\api.py", line 178, in Vulners
@rate_limited(api_rate_limits)
File "C:\Siemplify_Server\bin\Scripting\PythonSDK\IntegrationsVirtualEnvironment\Vulners_V7.0\lib\site-packages\vulners\common\ratelimit.py", line 101, in decorate
LT.debug('DECORATE')
File "C:\Siemplify_Server\bin\Scripting\PythonSDK\IntegrationsVirtualEnvironment\Vulners_V7.0\lib\site-packages\vulners\common\ratelimit.py", line 80, in debug
time.localtime(self.last_time_called.value)),
ValueError: Invalid format string

any idea why?

thank you

OS: Win 2012 R2
Python: 2.7.15
Vulners API: 1.3.6 (latest)

C:\Users\Administrator\Desktop\api>python
Python 2.7.15 (v2.7.15:ca079a3ea3, Apr 30 2018, 16:30:26) [MSC v.1500 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import vulners
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "vulners\__init__.py", line 5, in <module>
    from vulners.api import Vulners
  File "vulners\api.py", line 22, in <module>
    class Vulners(object):
  File "vulners\api.py", line 126, in Vulners
    @rate_limited(api_rate_limits)
  File "vulners\common\ratelimit.py", line 101, in decorate
    LT.debug('DECORATE')
  File "vulners\common\ratelimit.py", line 80, in debug
    time.localtime(self.last_time_called.value)),
ValueError: Invalid format string

Hi, I've encountered an IDE error "Code is unreachable - Pylance"

It is caused by __call__ method in Endpoint class, which just raising RuntimeError. Adding an annotation to it (I set it to None because there's nothing to return, but any other will work too) will fix this error:

I did not create a PR because I'm not sure which branch is the main one for Python library

How to get the value x-vulners-ratelimit-reqlimit?
To limit the number of requests per second to vulners.com to the optimal value.
Can you make the VulnersAPI module itself control this timer, transparent to the user?

Currently only CPEv2 can be used in function cpeVulnerabilities

Hello.
I can't find information about the os parameter of kbAudit method.
I've tried a lot of options and I realized that only "Windows <X> Version <X>" is suitable.
Example:

Input:
os='Windows 10 Version 1903'
kb_list=['KB5343465', 'KB854344', 'KB4516115']
-------------------------
Output
'kbMissed': ['KB4495666', 'KB4498524', 'KB4517389', 'KB4521863']
'cvelist': ['CVE-2019-1318']

But haven't that "Version format" in my data. I only have OS Build number (Example 10.0.18362).
Is there any way to get the result through OS Build number?

Hello.

I have Ubuntu 18.04.1 LTS & Python 3.6.7. I guess this is a bug.

pip3 install -U vulners
Collecting vulners
  Using cached https://files.pythonhosted.org/packages/43/b3/c09774d2725eb93c98f8055591b4d90b469495886e9573ae26a68db0e790/vulners-1.4.0-py3-none-any.whl
Collecting six (from vulners)
  Using cached https://files.pythonhosted.org/packages/73/fb/00a976f728d0d1fecfe898238ce23f502a721c0ac0ecfedb80e0d88c64e9/six-1.12.0-py2.py3-none-any.whl
Collecting requests (from vulners)
  Using cached https://files.pythonhosted.org/packages/7d/e3/20f3d364d6c8e5d2353c72a67778eb189176f08e873c9900e10c0287b84b/requests-2.21.0-py2.py3-none-any.whl
Collecting idna<2.9,>=2.5 (from requests->vulners)
  Using cached https://files.pythonhosted.org/packages/14/2c/cd551d81dbe15200be1cf41cd03869a46fe7226e7450af7a6545bfc474c9/idna-2.8-py2.py3-none-any.whl
Collecting chardet<3.1.0,>=3.0.2 (from requests->vulners)
  Using cached https://files.pythonhosted.org/packages/bc/a9/01ffebfb562e4274b6487b4bb1ddec7ca55ec7510b22e4c51f14098443b8/chardet-3.0.4-py2.py3-none-any.whl
Collecting certifi>=2017.4.17 (from requests->vulners)
  Using cached https://files.pythonhosted.org/packages/9f/e0/accfc1b56b57e9750eba272e24c4dddeac86852c2bebd1236674d7887e8a/certifi-2018.11.29-py2.py3-none-any.whl
Collecting urllib3<1.25,>=1.21.1 (from requests->vulners)
  Using cached https://files.pythonhosted.org/packages/62/00/ee1d7de624db8ba7090d1226aebefab96a2c71cd5cfa7629d6ad3f61b79e/urllib3-1.24.1-py2.py3-none-any.whl
Installing collected packages: six, idna, chardet, certifi, urllib3, requests, vulners
Successfully installed certifi-2018.11.29 chardet-3.0.4 idna-2.8 requests-2.21.0 six-1.12.0 urllib3-1.24.1 vulners-1.4.0

~/Documents/OKRs/okrs on  master! ⌚ 0:57:20
$ ipython                
Python 3.6.7 (default, Oct 22 2018, 11:32:17) 
Type 'copyright', 'credits' or 'license' for more information
IPython 7.2.0 -- An enhanced Interactive Python. Type '?' for help.

In [1]: import vulners                                                          

In [2]: api = 'api key'                                                         

In [3]: vulners_api = vulners.Vulners(api_key=api)                              
---------------------------------------------------------------------------
AttributeError                            Traceback (most recent call last)
<ipython-input-3-cc52c8878696> in <module>
----> 1 vulners_api = vulners.Vulners(api_key=api)

~/.local/lib/python3.6/site-packages/vulners/api.py in __init__(self, api_key, proxies, persistent)
     66         self.__opener = requests.session()
     67         if persistent:
---> 68             self.__opener.cookies = PersistentCookieJar()
     69         # Setup pool size and Keep Alive
     70         adapter = requests.adapters.HTTPAdapter(

~/.local/lib/python3.6/site-packages/vulners/common/cookiejar.py in __init__(self, file_path, *args, **kwargs)
     44         super(PersistentCookieJar, self).__init__(*args, **kwargs)
     45 
---> 46         self.__file_path = file_path or os.path.join(self.__get_temp_dir(), self.__get_module_name())
     47 
     48         # Try to recover from file if it does exist

~/.local/lib/python3.6/site-packages/vulners/common/cookiejar.py in __get_module_name(self)
     66         :return: string, Python module name
     67         """
---> 68         full_module_file_path = six.text_type(sys.modules['__main__'].__file__)
     69         path_hash = hashlib.sha1(full_module_file_path.encode('utf-8')).hexdigest()
     70         return "%s.cookiejar" % path_hash

AttributeError: module '__main__' has no attribute '__file__'

In [4]:       

Hi
Please, add ability to notify when the agent is detected vulnerable packege.
Alert by email, telegram, etc...

Hello!
Do you plan to audit Unix hosts for vulnerabilities by your API?

I have been able to pull down the data locally, but am not sure how to use it in an offline environment:

Download whole database collection and work with data locally
import vulners

vulners_api = vulners.Vulners(api_key="YOUR_API_KEY_HERE")
all_cve = vulners_api.archive("cve")

What is the syntax to use a local copy of the data for offline auditing?

Description:
Search results contains issues that are unrelated. It is happening for multiple queries. This issue is currently not working both on the REST API as well as the search query in web application.
Steps to Reproduce:

1. Use the REST API or use the search functionality in the web app.
2. Enter the following query:
   bulletinFamily:exploit AND apache pdfbox 2.0.1
3. Reasoning:
   The result contains KiTTY Portable 0.65.0.2p which is unrelated to apache pdfbox
4. Note:
   There are also other query that leads to unrelated results. For example, please try:
   bulletinFamily:exploit AND Jetty: Java based HTTP, Servlet, SPDY, WebSocket Server AND 9.2.14.v20151106

For example, the following request:

vulners_api.cpeVulnerabilities("cpe:/o:microsoft:windows_7:-:sp1:x86")

Provides the following error:
UserWarning: Software name or version is not provided warnings.warn("%s" % results.get('error'))

Trying out the v2 API to scan IP's. When I attempt to create a project I get a forbidden url error. Do you know why this would be?

project = vulners_api.create_project(name="my project", File "<string>", line 11, in create_project File "/Library/Python/3.8/site-packages/vulners-2.0.0-py3.8.egg/vulners/base.py", line 209, in _send_request File "/Library/Python/3.8/site-packages/requests/models.py", line 943, in raise_for_status raise HTTPError(http_error_msg, response=self) requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://vulners.com/api/v3/proxy/vscanner/projects