Category Archives: Vulnerability Databases

Tracking changes in CERT bulletins and Nessus plugins using Vulners Time Machine

If you useĀ Vulners.com vulnerability search engine, you probably know that it has a real “Time Machine”.

Vulners Time Machine cases

Each time Vulners sees some changes on a source page it creates a new version of security object. And you can see the full history of changes in a nice GUI:

Vulners Time Machine

In most cases, the vendor just corrects typos or adds more details. But sometimes the message can change significantly.

CERT.org

CERT.org Meltdown and Spectre

For example, in a case of latest Meltdown and Spectre vulnerability. Initial cert.org VU:584653 recommendation was “Replace CPU hardware”. šŸ™‚

Continue reading

Exploitability attributes of Nessus plugins: good, bad and Vulners

Exploitability is one of the most important criteria for prioritizing vulnerabilities. Let’s see how good is the exploit-related data of Tenable Nessus NASL plugins and whether we can do it better.

Nessus exploitability

What are the attributes related to exploits? To understand this, I parsed all nasl plugins and got the following results.

Continue reading

CWEs in NVD CVE feed: analysis and complaints

As you probably know, one of the ways to describe the nature of some software vulnerability is to provide corresponding CWE (Common Weakness Enumeration) ids. Let’s see the CWE links in NVD CVE base.

NVD CWEs

I have already wrote earlier how to deal with NVD feed using python in “Downloading and analyzing NVD CVE feed“. You can easily get CWEs idsĀ iteratingĀ over cve_dict['CVE_Items'].

Continue reading

Vulners NASL Plugin Feeds for OpenVAS 9

As I already wrote earlier, you canĀ easily add third party nasl plugins to OpenVAS. So, my friends from Vulners.com realised generation of NASL plugins for OpenVAS using own security content. I’ve tested it for scanning CentOS 7 host. And it works =)

Vulners OpenVAS vulnerabilities

Let’s see the whole process.

Continue reading

Downloading and analyzing NVD CVE feed

In previous post “New National Vulnerability Database visualizations and feeds” I mentioned JSON NVD feed.

NVD JSON feed parse python

Let’s see what data it contains, how to download and analyse it. First of all, we need to download all files with CVEs from NVD database and save them to some directory.

nvd feed json download

Unfortunately, there is no way to download all the content at once. Only one year archives. We need to get urls first. Url looks like this:Ā https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2017.json.zip. Then we will download them all.

Continue reading