Skip to content

btarraso/vulnerability-lookup

 
 

Repository files navigation

vulnerability-lookup

vulnerability-lookup is a rewrite of cve-search to support fast vulnerability lookup correlation from different sources, independent vulnerability ID and easily manage coordinated vulnerability disclosure (CVD).

Online vulnerability-lookup available at https://vulnerability.circl.lu.

Features

  • A fast lookup API to search for vulnerabilities and find correlation per vulnerability identifier.
  • Modular system to import different vulnerability sources.
  • An API for adding new vulnerability including ID assigment, state and disclosure.

Sources and Feeders

Requirements

Installation

Install documentation is available in INSTALL.md.

Import CSAF sources

  1. Build the support tools.
  2. Make sure the downloader exists:
$ (git::main) ./bin-linux-amd64/csaf_downloader -h
Usage:
  csaf_downloader [OPTIONS] domain...

Application Options:
  -d, --directory=DIR                             DIRectory to store the downloaded files in
      --insecure                                  Do not check TLS certificates from provider
      --ignore_sigcheck                           Ignore signature check results, just warn on mismatch
      --client_cert=CERT-FILE                     TLS client certificate file (PEM encoded data)
      --client_key=KEY-FILE                       TLS client private key file (PEM encoded data)
      --client_passphrase=PASSPHRASE              Optional passphrase for the client cert (limited, experimental, see doc)
      --version                                   Display version of the binary
  -n, --no_store                                  Do not store files
  -r, --rate=                                     The average upper limit of https operations per second (defaults to unlimited)
  -w, --worker=NUM                                NUMber of concurrent downloads (default: 2)
  -t, --time_range=RANGE                          RANGE of time from which advisories to download
  -f, --folder=FOLDER                             Download into a given subFOLDER
  -i, --ignore_pattern=PATTERN                    Do not download files if their URLs match any of the given PATTERNs
  -H, --header=                                   One or more extra HTTP header fields
      --validator=URL                             URL to validate documents remotely
      --validator_cache=FILE                      FILE to cache remote validations
      --validator_preset=PRESETS                  One or more PRESETS to validate remotely (default: [mandatory])
  -m, --validation_mode=MODE[strict|unsafe]       MODE how strict the validation is (default: strict)
      --forward_url=URL                           URL of HTTP endpoint to forward downloads to
      --forward_header=                           One or more extra HTTP header fields used by forwarding
      --forward_queue=LENGTH                      Maximal queue LENGTH before forwarder (default: 5)
      --forward_insecure                          Do not check TLS certificates from forward endpoint
      --log_file=FILE                             FILE to log downloading to (default: downloader.log)
      --log_level=LEVEL[debug|info|warn|error]    LEVEL of logging details (default: info)
  -c, --config=TOML-FILE                          Path to config TOML file

Help Options:
  -h, --help                                      Show this help message
  1. Add the full path to the downloader in config/generic.json key csaf_downloader_path

License

vulnerability-lookup is free software released under the "GNU Affero General Public License v3.0".

Copyright (c) 2023-2024 Computer Incident Response Center Luxembourg (CIRCL)
Copyright (c) 2023-2024 Alexandre Dulaunoy - https://github.com/adulau/
Copyright (c) 2023-2024 Raphael Vinot - https://github.com/Rafiot/

Releases

No releases published

Packages

No packages published

Languages

  • Python 72.7%
  • HTML 27.2%
  • Shell 0.1%