vulnerability-lookup is a rewrite of cve-search to support fast vulnerability lookup correlation from different sources, independent vulnerability ID and easily manage coordinated vulnerability disclosure (CVD).
Online vulnerability-lookup available at https://vulnerability.circl.lu.
- A fast lookup API to search for vulnerabilities and find correlation per vulnerability identifier.
- Modular system to import different vulnerability sources.
- An API for adding new vulnerability including ID assigment, state and disclosure.
- CISA Known exploited vulnerability DB (via HTTP)
- NIST NVD CVE importer (via API 2.0)
- CVEProject - cvelist (via git submodule repository)
- Cloud Security Alliance - GSD-Database (via git submodule repository)
- GitHub Advisory Database (via git submodule repository)
- PySec Advisory Database (via git submodule repository)
- OpenSSF Malicious Packages (via git submodule repository)
- Additional sources via CSAF including certbund, CISA, Cisco, nozominetworks, OX, RedHat, Sick, Siemens.
- Recent version of Python 3.10
- Recent version of Poetry
- Kvrocks database
Install documentation is available in INSTALL.md.
- Build the support tools.
- Make sure the downloader exists:
$ (git::main) ./bin-linux-amd64/csaf_downloader -h
Usage:
csaf_downloader [OPTIONS] domain...
Application Options:
-d, --directory=DIR DIRectory to store the downloaded files in
--insecure Do not check TLS certificates from provider
--ignore_sigcheck Ignore signature check results, just warn on mismatch
--client_cert=CERT-FILE TLS client certificate file (PEM encoded data)
--client_key=KEY-FILE TLS client private key file (PEM encoded data)
--client_passphrase=PASSPHRASE Optional passphrase for the client cert (limited, experimental, see doc)
--version Display version of the binary
-n, --no_store Do not store files
-r, --rate= The average upper limit of https operations per second (defaults to unlimited)
-w, --worker=NUM NUMber of concurrent downloads (default: 2)
-t, --time_range=RANGE RANGE of time from which advisories to download
-f, --folder=FOLDER Download into a given subFOLDER
-i, --ignore_pattern=PATTERN Do not download files if their URLs match any of the given PATTERNs
-H, --header= One or more extra HTTP header fields
--validator=URL URL to validate documents remotely
--validator_cache=FILE FILE to cache remote validations
--validator_preset=PRESETS One or more PRESETS to validate remotely (default: [mandatory])
-m, --validation_mode=MODE[strict|unsafe] MODE how strict the validation is (default: strict)
--forward_url=URL URL of HTTP endpoint to forward downloads to
--forward_header= One or more extra HTTP header fields used by forwarding
--forward_queue=LENGTH Maximal queue LENGTH before forwarder (default: 5)
--forward_insecure Do not check TLS certificates from forward endpoint
--log_file=FILE FILE to log downloading to (default: downloader.log)
--log_level=LEVEL[debug|info|warn|error] LEVEL of logging details (default: info)
-c, --config=TOML-FILE Path to config TOML file
Help Options:
-h, --help Show this help message
- Add the full path to the downloader in
config/generic.json
keycsaf_downloader_path
vulnerability-lookup is free software released under the "GNU Affero General Public License v3.0".
Copyright (c) 2023-2024 Computer Incident Response Center Luxembourg (CIRCL)
Copyright (c) 2023-2024 Alexandre Dulaunoy - https://github.com/adulau/
Copyright (c) 2023-2024 Raphael Vinot - https://github.com/Rafiot/