Light WebApplication to download the latest CVE information from the NIST and gain insight into it.
Uses full text searching on the information provided from the nist and uses a custom algorithm to rate the chance of a CVE being relevant to the given organisation based on word matching in the description.
Comes with a simple web interface which revolves around simplicity and usability, the goal is to have a interface which allows an analyst use less than two minutes per day to identify new CVEs.
Please note that it is important to fill out the assets database properly for the matching to be performed.
Installation
git clone https://github.com/Tango43/Cve-Fox
cd Cve-Fox
sudo -H bash install.sh
cd frontend
python3 app.py
Proceed to "Machine IP:5000" and default user/password is: "admin:admin123", they can modified in app.py if required. This tool is not intented to be published on the internet and should be only run in a closed environment as there was very little security consideration taken when developing.
Insert Assets
Modify backend/assets/test.csv to contain the desired information regarding the assets.
Run the following command to inject assets to mongodb:
python3 assettomongo.py assets/test.csv
Todo: - Make it easier to add new assets