Python script for monitoring www.cvedetails.com vulnerabilities database
$ git clone https://github.com/Amet13/vulncontrol
$ cd vulncontrol/
First go here, find your software and add links to products.txt
.
Script parameters:
-t
Telegram token and ID (no usage by default)-d
Date in formatYYYY-MM-DD
(today by default, it can be incorrectly works with custom data, because cvedetails has bad API)-m
Min CVSS (by default 0)
Then you can run script in two ways.
First way without Telegram support:
$ ./vulncontrol.py
There are no available vulnerabilities at 2017-02-28
$ ./vulncontrol.py -d 2017-02-18 -m 5
CVE-2017-6074 9.3 http://www.cvedetails.com/cve/CVE-2017-6074/
CVE-2017-6001 7.6 http://www.cvedetails.com/cve/CVE-2017-6001/
CVE-2017-5986 7.1 http://www.cvedetails.com/cve/CVE-2017-5986/
Telegram alert not sent
Second way with Telegram support:
- go to @BotFather and create
/newbot
, for exampleVulncontrolBot
- then you have token like
111111111:ABCDE...
- after go to @MyTelegramID_bot and
/start
it - then you have your telegram ID like
123456789
Now you can run script with your token and ID:
$ ./vulncontrol.py -t 111111111:ABCDE 123456789
There are no available vulnerabilities at 2017-02-28
$ ./vulncontrol.py -t 111111111:ABCDE 123456789 -d 2017-02-18 -m 5
CVE-2017-6074 9.3 http://www.cvedetails.com/cve/CVE-2017-6074/
CVE-2017-6001 7.6 http://www.cvedetails.com/cve/CVE-2017-6001/
CVE-2017-5986 7.1 http://www.cvedetails.com/cve/CVE-2017-5986/
Telegram alert sent
Check your Telegram messages:
You can add script to you monitoring system (Nagios/Icinga2, Zabbix, etc) or cron.
Example for cron:
$ crontab -e
* */12 * * * /path/to/vulncontrol.py -t 111111111:ABCDE 123456789 -m 5
Code | Description |
---|---|
0 | There are no available vulnerabilities |
1 | Vulnerabilities available, Telegram alert not sent |
2 | Vulnerabilities available, Telegram alert sent |
3 | Vulnerabilities available, Telegram alert not sent, check your token and ID |
You can customize result
with more keys.
Available keys:
cve_id
cvss_score
cwe_id
exploit_count
publish_date
summary
update_date
url
Example of JSON-output:
{
"cve_id": "CVE-2017-5551",
"cvss_score": "3.6",
"cwe_id": "264",
"exploit_count": "0",
"publish_date": "2017-02-06",
"summary": "The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097.",
"update_date": "2017-02-09",
"url": "http://www.cvedetails.com/cve/CVE-2017-5551/"
}
curl "https://www.cvedetails.com/json-feed.php?key1=value1&key2=value2..."
Custom parameters:
Key | Value | Description |
---|---|---|
year | 2017 | Year |
month | 1-12 | Month |
vendor_id | 33 | Vendor ID |
product_id | 47 | Product ID |
orderby | 1-3 | Sort type (1 - Publish Date, 2 - Last Update Date, 3 - CVE ID) |
cvssscoremin | 0-10 | Min CVSS |
cvssscoremax | 0-10 | Max CVSS |
numrows | 0-30 | Number of rows |
Boolean parameters (0 by default, 1 - yes):
Key | Value | Description |
---|---|---|
hasexp | 0 | Has exploits |
opec | 0 | Code execution |
opov | 0 | Overflows |
opcsrf | 0 | Cross Site Request Forgery |
opfileinc | 0 | File inclusion |
opgpriv | 0 | Gain privilege |
opsqli | 0 | Sql injection |
opxss | 0 | Cross site scripting |
opdirt | 0 | Directory traversal |
opmemc | 0 | Memory corruption |
ophttprs | 0 | Http response splitting |
opbyp | 0 | Bypass something |
opginf | 0 | Gain information |
opdos | 0 | Denial of service |