I have already wrote earlier how to automatically retrieve data from the Vulners.com vulnerability database: if you need objects of some particular type, it’s better use Collection API, if you want to get different types of objects using advanced queries, your choice is Search API v.3.
But what if we want to get, not all the objects, but only new or modified ones in a some date range? How can we do it in Vulners?
Search queries
Each object in Vulners (vulnerability, patch, bulletin, etc.) has a publication date, and modification date. You can see it if you open some Vulners object in json format, for example CVE-2017-6301:
"published": "2017-02-23T23:59:00",
"modified": "2017-02-24T14:45:17",
Moreover in graphical mode, you can switch between the modification of the dates to see what has been changed (like in Time Machine):
This parameter you can set in the search query, for modification date:
https://vulners.com/search?query=modified:2017-02-23T23:59:00
Or for publication date:
https://vulners.com/search?query=published:2017-02-23T00:00:00
If we want to specify a range of date, we write square brackets:
- https://vulners.com/search?query=published:[2017-02-27%20TO%202017-02-28]
- https://vulners.com/search?query=modified:[2017-02-27%20TO%202017-02-28]
Unfortunately, it is impossible to specify the hours, minutes and seconds in the date range =(
Collections
What if you want to pick up objects of the same type using the Collection API? It is also possible! All the required parameters can be found here (for authenticated vulners.com users):
As you can see, there are “datefrom” and “dateto” parameters. Thus all CVE ids from 21 to 22 February, can be downloaded using this command:
wget "https://vulners.com/api/v3/archive/collection/?type=cve&datefrom=2017-02-21&dateto=2017-02-22" -O cve.zip
We can see that CVE IDs in in the archive have correct dates:
zcat cve.zip | egrep "(published|modified)\":"
"published": "2017-02-20T03:59:04", "modified": "2017-02-21T14:42:36", "published": "2017-02-20T03:59:04", "modified": "2017-02-21T14:43:21", "published": "2017-02-20T03:59:04", "modified": "2017-02-21T14:45:37", "published": "2017-02-20T03:59:04", "modified": "2017-02-21T14:43:08", "published": "2017-02-21T21:59:00", "modified": "2017-02-21T21:59:00", "published": "2017-02-20T03:59:04", "modified": "2017-02-21T14:42:51",
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.