关于CVID
CVID,全称为CVE Vulnerability Information Downloader,即CVE漏洞信息下载器,该工具支持从NIST(CVSS)、first.org(EPSS)和CISA下载信息,并将它们合并为一个列表。除此之外,该工具还可以利用来自OpenVAS等漏洞扫描程序的报告信息来丰富漏洞数据,以确定修复的优先级。该工具还包含了一个PowerBI模板,以丰富数据的查看形式。
通用漏洞评分系统(CVSS)是一个自由开放的行业标准,用于评估计算机系统安全漏洞的严重性。而漏洞预测评分系统(EPSS)用于估计软件漏洞在野被利用的可能性。CISA则主要负责发布已知漏洞列表。
CVID可以从上述三个漏洞信息来源下载信息,并组合成一个列表,并使用PowerBI等工具将漏洞扫描程序的结果与脚本在存储库中下载的信息相结合。该工具支持输出JSON和CSV格式数据,并将其存储到SQLite数据库中。
工具下载
广大研究人员可以使用下列命令将该项目源码克隆至本地:
git clone https://github.com/trinitor/CVE-Vulnerability-Information-Downloader.git(向右滑动、查看更多)
工具配置
1、获取一个NIST API密钥:【https://nvd.nist.gov/developers/request-an-api-key】;
2、复制env_example.env文件;
3、编辑.env文件并添加API密钥;
4、可选:编辑docker-compose文件并调整cron计划任务;
5、可选:编辑data/vulnerability-tables-logstash/config/logstash.conf文件;
6、运行命令:docker-compose up -d;
7、脚本执行完后就可以在data/vulnerability-tables-cron/output/中查看到输出文件了;
工具运行
我们可以直接执行下列命令来运行工具脚本:
docker exec -it vulnerability-tables-cron bash /opt/scripts/download.sh(向右滑动、查看更多)
PowerBI仪表盘
该项目包含了一个个带有PowerBI模板文件的演示文件夹。它可以生成一个仪表盘,我们可以根据自己的需要进行调整:
OpenVAS报告必须采用csv格式才能导入工作:
PowerBI将使用创建的CVE.json文件并创建一个关系:
工具输出文件
工具运行之后,将会生成一些输出文件:
316K CISA_known_exploited.csv452K CISA_known_exploited.json50M CVSS.csv179M CVSS.json206M CVE.json56M CVE.csv6.7M EPSS.csv12M EPSS.json49M database.sqlite
其中可以查看到针对每一个CVE漏洞的详细信息:
grep -i 'CVE-2021-44228' CVE.json | jq{"CVE": "CVE-2021-44228","CVSS2_accessComplexity": "AV:N/AC:M/Au:N/C:C/I:C/A:C","CVSS2_accessVector": "NETWORK","CVSS2_authentication": "MEDIUM","CVSS2_availabilityImpact": "NONE","CVSS2_baseScore": "COMPLETE","CVSS2_baseSeverity": "COMPLETE","CVSS2_confidentialityImpact": "COMPLETE","CVSS2_exploitabilityScore": "9.3","CVSS2_impactScore": "null","CVSS2_integrityImpact": "8.6","CVSS2_vectorString": "10","CVSS3_attackComplexity": "null","CVSS3_attackVector": "null","CVSS3_availabilityImpact": "null","CVSS3_baseScore": "null","CVSS3_baseSeverity": "null","CVSS3_confidentialityImpact": "null","CVSS3_exploitabilityScore": "null","CVSS3_impactScore": "null","CVSS3_integrityImpact": "null","CVSS3_privilegesRequired": "null","CVSS3_scope": "null","CVSS3_userInteraction": "null","CVSS3_vectorString": "null","CVSS3_acInsufInfo": "null","CVSS3_obtainAllPrivilege": "null","CVSS3_obtainUserPrivilege": "null","CVSS3_obtainOtherPrivilege": "null","CVSS3_userInteractionRequired": "null","EPSS": "0.97095","EPSS_Percentile": "0.99998","CISA_dateAdded": "2021-12-10","CISA_RequiredAction": "For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available."}(向右滑动、查看更多)
项目地址
CVID:https://github.com/trinitor/CVE-Vulnerability-Information-Downloader
参考资料:
https://aka.ms/pbiSingleInstaller
https://nvd.nist.gov/developers/request-an-api-key
https://www.first.org/epss/user-guide
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://nvd.nist.gov/developers/vulnerabilities
精彩推荐
如有侵权请联系:admin#unsafe.sh