Tag Archives: json

Downloading and analyzing NVD CVE feed

In previous post “New National Vulnerability Database visualizations and feeds” I mentioned JSON NVD feed.

NVD JSON feed parse python

Let’s see what data it contains, how to download and analyse it. First of all, we need to download all files with CVEs from NVD database and save them to some directory.

nvd feed json download

Unfortunately, there is no way to download all the content at once. Only one year archives. We need to get urls first. Url looks like this: https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2017.json.zip. Then we will download them all.

Continue reading

New National Vulnerability Database visualizations and feeds

Recently, the National Institute of Standards and Technology (NIST) introduced a new version of National Vulnerability Database (NVD) website.

NIST NVD new site

I will not say that I liked this redesign:

new NVD website

IMHO, old website with US flag was much prettier and useful:

old NVD website

But the very fact that the site is developing, I really like very much. Let’s see what’s new there.

Continue reading

Downloading entire Vulners.com database in 5 minutes

Today I once again would like to talk about Vulners.com and why, in my opinion, it is the best vulnerability database that exist nowadays and a real game-changer.

The main thing is transparency. Using Vulners you not only can search for security content (see “Vulners – Google for hacker“), but download freely all available content from the database for your own offline analysis. And more than this, you can even see how Vulners actually works and evaluate how fresh and full the content is.

Vulners collections

Why you may need to download full security content database? For example, you may want to create something like vulnerability quadrants.

Vulnerability Quadrant

Continue reading

Vulners Subsriptions and Apache Struts RCE

If you work in IT Security Department of any large software developing company, you were probably searching for Apache Struts in your environment on this week.

And it’s all because of CVE-2017-5638:

Apache Struts is a free, open-source, Model-View-Controller (MVC) framework for creating elegant, modern Java web applications, which supports REST, AJAX, and JSON.
In a blog post published Monday, Cisco’s Threat intelligence firm Talos announced the team observed a number of active attacks against the zero-day vulnerability (CVE-2017-5638) in Apache Struts

This is a good example, that shows the usefulness of the Vulners.com service.

Just open cvelist:CVE-2017-5638 query and you will see all the objects related to this issue. This request works even before this CVE number appear on NVD and Mitre databases!

Vulners Apache Struts2 RCE

Here are: description of the vulnerability from The Hacker News, manual on how to use this vulnerability to gain server access from myhack58, Nessus local windows and remote cgi detection plugins.

Continue reading

Processing Vulners collections using Python

Vulners collection is a zip archive containing all available objects of some type (e.g. CentOS security bulletins or OpenVAS detection plugins) from the Vulners Knowledge Base. Let’s see how to work with this data using powerful Python scripting language. You can read more about Vulners itself at “Vulners – Google for hacker“.

Vulners Collections and python

All collections are listed at https://vulners.com/#stats:

Vulners Stats

Note a gray icon with black arrow. Press it to download particular vulners collection.

OpenVAS collection link: https://vulners.com/api/v3/archive/collection/?type=openvas

If you need to get all objects for further analysis, you don’t need to make huge amount simmilar Search API requests. You just need to download one file. It’s takes less time and efforts and makes less load on Vulners service.
Continue reading