This Python tool compares the official public list of CVEs from cve.mitre.org and the list of Detectify modules to find CVEs that don't have a modules yet.
git clone https://github.com/gwen001/detectify-cves
cd detectify-cves
pip3 install -r requirements.txt
1/ Once cloned, go to the script directory:
cd detectify-cves
2/ Get the full CVEs database:
wget https://cve.mitre.org/data/downloads/allitems.csv
3/ Get the full Detectify modules list (you need a crowdsourced Detectify account):
- login on Detectify: https://cs.detectify.com/login
- Browse to
Scanner moduleson the left menu: https://cs.detectify.com/dashboard/modules - Check the background requests performed by your browser and find
https://fedeo.cs.detectify.com/graphqlwith a fat JSON response ~1.5Mo. - Save the output (with no HTTP headers) in the script directory as
detectify-modules.json
$ python3 detectify-cves.py -s wordpress
usage: detectify-cves.py [-h] [-s SEARCH] [-l LIMIT] [-d DETECTIFY]
options:
-h, --help show this help message and exit
-s SEARCH, --search SEARCH
search a specific keyword
-l LIMIT, --limit LIMIT
display only n first results
-d DETECTIFY, --detectify DETECTIFY
related to Detectify modules: 0:no module available, 1:module available (default), -1:doesn't matter
Feel free to open an issue if you have any problem with the script.