projectdiscovery / cvemap Goto Github PK
View Code? Open in Web Editor NEWNavigate the CVE jungle with ease.
License: MIT License
Navigate the CVE jungle with ease.
License: MIT License
Retrieving a large amount of data is not trivial as it requires users to implement a custom scrolling functionality via limit and offset. It would be much easier to use token-based search, or at least implement the functionality within the go code itself until the rate limit is reached.
Discord discussion at https://discord.com/channels/695645237418131507/1216738608636231790/1216738608636231790
Display detailed change information and reason whenever a CVE is updated in NVD. This would include specifics on what aspects of the CVE were modified (such as the description, severity score, affected products, etc...)
Some sort of a new json part that will include Action, Type, Old Value, New Value (NVD change history headers)
Getting insights into updates made to a CVE, including why they were made, can help us all make smarter choices about our security measures. For example, if a CVE's severity score goes up, it might lead us to rethink how much of a threat it could be. And in general, it will give more meaning to the "modified" status.
In some environments, I must to use a proxy to request APIs, otherwise timeouts often occur.
[FTL] Error getting CVEs: context deadline exceeded (Client.Timeout or context cancellation while reading body)
Hi there,
It would be useful if users could export the data to a file, either as a txt, json or csv file. This would be useful for security teams when it comes to generating reports for key stakeholders within an organisation.
Many thanks,
Rishi
main
$ cvemap -q "ldap remote"
______ _____ ____ ___ ____ ____
/ ___/ | / / _ \/ __ \__ \/ __ \/ __ \
/ /__ | |/ / __/ / / / / / /_/ / /_/ /
\___/ |___/\___/_/ /_/ /_/\__,_/ .___/
/_/
projectdiscovery.io
[FTL] Error getting CVEs: [:RUNTIME] unexpected status code: 400
$ cvemap -q "ldap remote"
______ _____ ____ ___ ____ ____
/ ___/ | / / _ \/ __ \__ \/ __ \/ __ \
/ /__ | |/ / __/ / / / / / /_/ / /_/ /
\___/ |___/\___/_/ /_/ /_/\__,_/ .___/
/_/
projectdiscovery.io
╭────────────────┬──────┬──────────┬─────────┬─────────────────────────┬──────┬──────────╮
│ ID │ CVSS │ SEVERITY │ EPSS │ PRODUCT │ AGE │ TEMPLATE │
├────────────────┼──────┼──────────┼─────────┼─────────────────────────┼──────┼──────────┤
│ CVE-2015-4637 │ 4.3 │ MEDIUM │ 0.00199 │ big-iq_adc │ 3104 │ ❌ │
│ CVE-2020-15376 │ 4.3 │ MEDIUM │ 0.00054 │ fabric_operating_sys... │ 1129 │ ❌ │
│ CVE-2005-2549 │ 7.5 │ HIGH │ 0.08327 │ evolution │ 6730 │ ❌ │
│ CVE-2020-36658 │ 8.1 │ HIGH │ 0.0006 │ apache\ │ 353 │ ❌ │
│ CVE-2020-26182 │ 6.5 │ MEDIUM │ 0.0009 │ emc_networker │ 1185 │ ❌ │
│ CVE-2009-1094 │ 10 │ CRITICAL │ 0.02491 │ jdk │ 5408 │ ❌ │
│ CVE-2022-29141 │ 8.8 │ HIGH │ 0.01294 │ windows_10 │ 614 │ ❌ │
│ CVE-2022-30149 │ 7.5 │ HIGH │ 0.00467 │ windows_10 │ 578 │ ❌ │
│ CVE-2022-29131 │ 8.8 │ HIGH │ 0.01294 │ windows_10 │ 614 │ ❌ │
│ CVE-2022-26919 │ 8.1 │ HIGH │ 0.00813 │ windows_10 │ 639 │ ❌ │
│ CVE-2023-0922 │ 5.9 │ MEDIUM │ 0.00073 │ samba │ 286 │ ❌ │
│ CVE-2023-21676 │ 8.8 │ HIGH │ 0.00417 │ windows_10_1809 │ 369 │ ❌ │
│ CVE-2022-29128 │ 8.8 │ HIGH │ 0.01294 │ windows_10 │ 614 │ ❌ │
│ CVE-2022-22014 │ 8.8 │ HIGH │ 0.01294 │ windows_10 │ 614 │ ❌ │
│ CVE-2023-28283 │ 8.1 │ HIGH │ 0.03538 │ windows_10_1507 │ 250 │ ❌ │
│ CVE-2022-30153 │ 8.8 │ HIGH │ 0.01762 │ windows_10 │ 578 │ ❌ │
│ CVE-2022-30146 │ 7.5 │ HIGH │ 0.00467 │ windows_10 │ 578 │ ❌ │
│ CVE-2022-30143 │ 7.5 │ HIGH │ 0.00467 │ windows_10 │ 578 │ ❌ │
│ CVE-2022-29139 │ 8.8 │ HIGH │ 0.01608 │ windows_10 │ 614 │ ❌ │
│ CVE-2022-30200 │ 7.8 │ HIGH │ 0.00118 │ windows_10 │ 488 │ ❌ │
│ CVE-2022-29129 │ 8.8 │ HIGH │ 0.01294 │ windows_10 │ 614 │ ❌ │
│ CVE-2020-36659 │ 8.1 │ HIGH │ 0.0006 │ apache\ │ 353 │ ❌ │
│ CVE-2022-30141 │ 8.1 │ HIGH │ 0.00839 │ windows_10 │ 578 │ ❌ │
│ CVE-2023-38184 │ 7.5 │ HIGH │ 0.00189 │ windows_10_1507 │ 159 │ ❌ │
│ CVE-2022-29137 │ 8.8 │ HIGH │ 0.01294 │ windows_10 │ 614 │ ❌ │
│ CVE-2022-30161 │ 8.8 │ HIGH │ 0.01762 │ windows_10 │ 578 │ ❌ │
│ CVE-2020-16093 │ 7.5 │ HIGH │ 0.00089 │ lemonldap\ │ 546 │ ❌ │
│ CVE-2022-29130 │ 9.8 │ CRITICAL │ 0.01128 │ windows_10 │ 614 │ ❌ │
│ CVE-2022-22013 │ 8.8 │ HIGH │ 0.01294 │ windows_10 │ 614 │ ❌ │
│ CVE-2022-22012 │ 9.8 │ CRITICAL │ 0.01128 │ windows_10 │ 614 │ ❌ │
│ CVE-2022-30139 │ 7.5 │ HIGH │ 0.00854 │ windows_10 │ 578 │ ❌ │
│ CVE-2018-10548 │ 7.5 │ HIGH │ 0.93248 │ php │ 2086 │ ❌ │
│ CVE-2021-32966 │ 7.5 │ HIGH │ 0.00144 │ interoperability_sol... │ 599 │ ❌ │
│ CVE-2002-0007 │ 10 │ CRITICAL │ 0.01105 │ bugzilla │ 8019 │ ❌ │
│ CVE-2014-5353 │ 3.5 │ LOW │ 0.00439 │ kerberos_5 │ 3316 │ ❌ │
│ CVE-2001-1308 │ 7.5 │ HIGH │ 0.07428 │ iplanet_directory_se... │ 8218 │ ❌ │
│ CVE-2001-1307 │ 7.5 │ HIGH │ 0.02835 │ iplanet_directory_se... │ 8218 │ ❌ │
│ CVE-2001-1306 │ 7.5 │ HIGH │ 0.01494 │ iplanet_directory_se... │ 8218 │ ❌ │
│ CVE-2007-0723 │ 8.5 │ HIGH │ 0.01274 │ mac_os_x │ 6151 │ ❌ │
│ CVE-2014-5354 │ 3.5 │ LOW │ 0.00863 │ kerberos │ 3316 │ ❌ │
│ CVE-2012-0833 │ 2.3 │ LOW │ 0.00244 │ 389_directory_server │ 4212 │ ❌ │
│ CVE-2023-1656 │ 7.5 │ HIGH │ 0.00087 │ ldap_connector │ 291 │ ❌ │
│ CVE-2013-3868 │ 5 │ MEDIUM │ 0.18687 │ active_directory_lig... │ 3777 │ ❌ │
│ CVE-2019-11277 │ 8.1 │ HIGH │ 0.00157 │ cf-deployment │ 1574 │ ❌ │
│ CVE-2020-15841 │ 8.8 │ HIGH │ 0.00404 │ dxp │ 1274 │ ❌ │
│ CVE-2015-7488 │ 5.9 │ MEDIUM │ 0.00214 │ spectrum_scale │ 2910 │ ❌ │
│ CVE-2002-0825 │ 7.5 │ HIGH │ 0.01409 │ nss_ldap │ 7826 │ ❌ │
│ CVE-2021-38266 │ 7.5 │ HIGH │ 0.00295 │ liferay_portal │ 683 │ ❌ │
│ CVE-2005-2301 │ 5 │ MEDIUM │ 0.01689 │ powerdns │ 6754 │ ❌ │
│ CVE-2006-4846 │ 5.1 │ MEDIUM │ 0.07124 │ access_gateway │ 6327 │ ❌ │
╰────────────────┴──────┴──────────┴─────────┴─────────────────────────┴──────┴──────────╯
I can get results if i use something like
-q "ldap+remote"
but that should be a requirement
Note
We should also make sure that advanced text search capabilities are working (i.e using quotes,OR etc) > https://github.com/projectdiscovery/cvemap-api?tab=readme-ov-file#advanced-text-search-using-filters
Ability to set false values to boolean option
cvemap -poc # list cves with poc set to true (as default set to true if not specified)
cvemap -poc=true # list cves with poc set to true
cvemap -poc=false # list cves with poc set to false
This support can be applied to all boolean-based options like:
In my project i want to execute cvemap in a CI/CD pipeline, but it doesnt work. The returned result is empty, im using gitlab-runner 16.8.0 on docker-runner. Why does it happen? I can execute it perfectly in the container but when i use the pipeline it doesnt get data.
The .gitlab-ci.yml
im using is (i've omitted parts and simplified it, the idea of my project is to call cvemap from a python script hence the python image, regardless the omissions cvemap cannot obtain any output):
stages:
- run
run:
stage: run
image: python:latest
script:
- ./cvemap -json
rules:
- when: manual
(Im using a valid api key and i passed it into cvemap following the methods in the documentation (ive omitted it on the screen))
I have tried to install cvemap also with the go installation method and not use the pre-compiled binary but the result is still the same.
I have run cvemap with the -debug -verbose
options but the result is still the same as the one in the screenshot
Obtain not an empty output of cvemap
Set up the infrastructure with the versions provided, put the binary of cvemap inside the gilab repo and use the .gitlab-ci.yml provided and build.
Version : Latest
Issue:
Providing CWE ID is returning
cvemap -cwe-id CWE-502
Error
[FTL] Error getting CVEs: [:RUNTIME] unexpected status code: 400
Hey again,
I think it would be very useful if CVEMAP provided the following data:
Generally this would be helpful information. One of the use cases for me would be to filter vulnerabilities by user-interaction
set to none
as this would allow me to create a list of CVEs from which I can start creating templates for.
Many thanks,
Rishi
CLI option to filter CVEs for given CWE ID.
-cwe, -cwe-id string[] cve to list for given cwe id
Example:
cvemap -l 30 -cwe 416
C:\Users\User1>cvemap -auth
______ _____ ____ ___ ____ ____
/ ___/ | / / _ \/ __ \__ \/ __ \/ __ \
/ /__ | |/ / __/ / / / / / /_/ / /_/ /
\___/ |___/\___/_/ /_/ /_/\__,_/ .___/
/_/
projectdiscovery.io
[INF] Get your free api key by signing up at https://cloud.projectdiscovery.io
[*] Enter PDCP API Key (exit to abort):
[ERR] Invalid API key 'd62*********************************' got error: invalid response from server got {"ai_status":true,"cloud_scans":false,"early_template":false,"email":"[email protected]","message":"Successfully retrieved user profile","name":"","static_scan":false}
[FTL] please recheck or recreate your API key and retry
➜ go install github.com/projectdiscovery/cvemap/cmd/cvemap@latest
go: downloading github.com/projectdiscovery/cvemap v0.0.2
go: downloading github.com/eiannone/keyboard v0.0.0-20220611211555-0d226195f203
go: downloading github.com/projectdiscovery/goflags v0.1.36
go: downloading github.com/jedib0t/go-pretty/v6 v6.4.7
go: downloading github.com/projectdiscovery/gologger v1.1.12
go: downloading github.com/projectdiscovery/utils v0.0.74
go: downloading golang.org/x/sys v0.16.0
go: downloading github.com/cnf/structhash v0.0.0-20201127153200-e1b16c1ebc08
go: downloading golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc
go: downloading github.com/projectdiscovery/retryablehttp-go v1.0.44
go: downloading golang.org/x/term v0.16.0
go: downloading github.com/projectdiscovery/blackrock v0.0.1
go: downloading github.com/Masterminds/semver/v3 v3.2.1
go: downloading github.com/charmbracelet/glamour v0.6.0
go: downloading github.com/cheggaaa/pb/v3 v3.1.4
go: downloading github.com/denisbrodbeck/machineid v1.0.1
go: downloading github.com/google/go-github/v30 v30.1.0
go: downloading github.com/logrusorgru/aurora v2.0.3+incompatible
go: downloading github.com/minio/selfupdate v0.6.1-0.20230907112617-f11e74f84ca7
go: downloading golang.org/x/oauth2 v0.11.0
go: downloading github.com/microcosm-cc/bluemonday v1.0.26
go: downloading github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d
go: downloading github.com/miekg/dns v1.1.57
go: downloading github.com/Mzack9999/go-http-digest-auth-client v0.6.1-0.20220414142836-eb8883508809
go: downloading github.com/projectdiscovery/fastdialer v0.0.55
go: downloading golang.org/x/net v0.20.0
go: downloading github.com/VividCortex/ewma v1.2.0
go: downloading github.com/mattn/go-isatty v0.0.19
go: downloading github.com/muesli/termenv v0.15.1
go: downloading github.com/yuin/goldmark v1.5.4
go: downloading github.com/yuin/goldmark-emoji v1.0.1
go: downloading aead.dev/minisign v0.2.0
go: downloading golang.org/x/crypto v0.18.0
go: downloading github.com/json-iterator/go v1.1.12
go: downloading github.com/mholt/archiver/v3 v3.5.1
go: downloading gopkg.in/djherbis/times.v1 v1.3.0
go: downloading github.com/rivo/uniseg v0.4.4
go: downloading github.com/aymerick/douceur v0.2.0
go: downloading github.com/Mzack9999/gcache v0.0.0-20230410081825-519e28eab057
go: downloading github.com/docker/go-units v0.5.0
go: downloading github.com/projectdiscovery/hmap v0.0.35
go: downloading github.com/projectdiscovery/networkpolicy v0.0.7
go: downloading github.com/projectdiscovery/retryabledns v1.0.52
go: downloading github.com/refraction-networking/utls v1.5.4
go: downloading github.com/ulule/deepcopier v0.0.0-20200430083143-45decc6639b6
go: downloading github.com/zmap/zcrypto v0.0.0-20230422215203-9a665e1e9968
go: downloading github.com/alecthomas/chroma v0.10.0
go: downloading github.com/muesli/reflow v0.3.0
go: downloading github.com/olekukonko/tablewriter v0.0.5
go: downloading github.com/aymanbagabas/go-osc52/v2 v2.0.1
go: downloading github.com/lucasb-eyer/go-colorful v1.2.0
go: downloading github.com/andybalholm/brotli v1.0.6
go: downloading github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5
go: downloading github.com/klauspost/compress v1.16.7
go: downloading github.com/nwaples/rardecode v1.1.3
go: downloading github.com/pierrec/lz4/v4 v4.1.2
go: downloading github.com/ulikunitz/xz v0.5.11
go: downloading github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8
go: downloading github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
go: downloading github.com/modern-go/reflect2 v1.0.2
go: downloading github.com/gorilla/css v1.0.1
go: downloading go.uber.org/multierr v1.11.0
go: downloading github.com/yl2chen/cidranger v1.0.2
go: downloading golang.org/x/text v0.14.0
go: downloading github.com/cloudflare/circl v1.3.7
go: downloading github.com/gaukas/godicttls v0.0.4
go: downloading github.com/quic-go/quic-go v0.37.7
go: downloading github.com/dlclark/regexp2 v1.8.1
go: downloading github.com/zmap/rc2 v0.0.0-20190804163417-abaa70531248
go: downloading github.com/akrylysov/pogreb v0.10.1
go: downloading github.com/syndtr/goleveldb v1.0.0
go: downloading go.etcd.io/bbolt v1.3.7
go: downloading github.com/tidwall/buntdb v1.3.0
go: downloading github.com/weppos/publicsuffix-go v0.30.1-0.20230422193905-8fecedd899db
go: downloading github.com/tidwall/btree v1.4.3
go: downloading github.com/tidwall/gjson v1.14.3
go: downloading github.com/tidwall/grect v0.1.4
go: downloading github.com/tidwall/match v1.1.1
go: downloading github.com/tidwall/rtred v0.1.2
go: downloading github.com/tidwall/tinyqueue v0.1.1
/root/go/pkg/mod/github.com/refraction-networking/[email protected]/cfkem.go:25:2: package crypto/ecdh is not in GOROOT (/usr/local/go/src/crypto/ecdh)
When I try to run this command
cvemap -poc=true -kev=false -epk -field cwe,product,poc -json > cvemap_output.json
It just keeps running and only deliver 99 results.
It should give me all the expected as shown in the terminal which is 96288 cve records in json.
Example: steps to reproduce the behavior:
cvemap -poc=true -kev=false -epk -field cwe,product,poc -json > cvemap_output.json
I can't describe with a screenshot as the tool works fine although the desired result set is not being delivered by the tool.
I'm using cvemap with the -age
option. I noticed that for recent CVEs (published in the same day of running the command) the "age_in_days" field is not present in the JSON and therefore neither in the CLI output.
Examples of output with missing "age_in_days" data:
{
"cve_id": "CVE-2024-3556",
"cve_description": "Rejected reason: Duplicate of CVE-2024-3557",
"severity": "N/A",
"cvss_metrics": {},
"epss": {
"epss_score": 0,
"epss_percentile": 0
},
"vendor_advisory": "",
"is_template": false,
"is_exploited": false,
"assignee": "[email protected]",
"published_at": "2024-04-09T22:15:07.470",
"updated_at": "2024-04-09T22:15:07.470",
"hackerone": {
"rank": 6588,
"count": 0
},
"vuln_status": "rejected",
"is_poc": false,
"is_remote": false,
"is_oss": false
},
{
"cve_id": "CVE-2024-3545",
"cve_description": "Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the
offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.\n\n",
"severity": "N/A",
"cvss_metrics": {},
"epss": {
"epss_score": 0.00043,
"epss_percentile": 0.07895
},
"reference": [
"https://devolutions.net/security/advisories/DEVO-2024-0006"
],
"vendor_advisory": "",
"is_template": false,
"is_exploited": false,
"assignee": "[email protected]",
"published_at": "2024-04-09T19:15:41.380",
"updated_at": "2024-04-09T19:15:41.380",
"hackerone": {
"rank": 6588,
"count": 0
},
"vuln_status": "new",
"is_poc": false,
"is_remote": false,
"is_oss": false
},
I think the field "age_in_days" should be present and set to 0 both in the JSON and in the CLI output.
{
"cve_id": "CVE-2024-3463",
"cve_description": "A vulnerability has been found in SourceCodester Laundry Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /karyawan/edit. The manipulation of the argument karyawan leads to cross site scripti
ng. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259744.",
"severity": "low",
"cvss_score": 3.5,
"cvss_metrics": {
"cvss2": {
"score": 4,
"vector": "CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N",
"severity": "medium"
},
"cvss31": {
"score": 3.5,
"vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"severity": "low"
}
},
"weaknesses": [
{
"cwe_id": "CWE-79",
"cwe_name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
],
"epss": {
"epss_score": 0.00045,
"epss_percentile": 0.13723
},
"reference": [
"https://github.com/fubxx/CVE/blob/main/LaundryManagementSystemXSS.md",
"https://vuldb.com/?ctiid.259744",
"https://vuldb.com/?id.259744",
"https://vuldb.com/?submit.312302"
],
"vendor_advisory": "",
"is_template": false,
"is_exploited": false,
"assignee": "[email protected]",
"published_at": "2024-04-08T20:15:08.723",
"updated_at": "2024-04-09T12:48:04.090",
"hackerone": {
"rank": 6588,
"count": 0
},
"age_in_days": 1,
"vuln_status": "unconfirmed",
"is_poc": false,
"is_remote": true,
"is_oss": false
},
Run cvemap -age '<7'
or cvemap -age '<7' -json
Option:
-list-id, -lid list only the cve ids in the output
Example:
cvemap -silent -lid -limit 5
CVE-2023-5631
CVE-2023-5217
CVE-2023-4966
CVE-2023-4863
CVE-2023-46748
Docs needs to be added at https://github.com/projectdiscovery/docs
Things to covers:
-q
optionIn version 0.0.2 when you did something like
cvemap.exe -poc=true ... -json > file.json
You would get a nice json file with the complete output.
In version 0.0.3 however, cvemap.exe will output the json content to console and the file itself will be empty.
Like in 0.0.2 it should be possible to redirect the output to a file.
Use version 0.0.2 with:
cvemap.exe -json > file.json
See that the json file is correctly created and contains valid json data. There is no screen output.
Use the newest version 0.0.3 and do the same.
You will see the json being outputted to the screen. An empty json file is created.
latest
JSON option doesn't write to STDOUT
Output will be written to test.json file.
cvemap -p jira -l 10 -j > test.json
-o
option can be added to write output to file. -o, -output string file to write output results
The current behavior of cvemap presents an issue wherein the retrieval process fails to produce results when a CVE affects multiple configurations. For instance, consider CVE-2024-21762, impacting both FortiProxy and FortiOS. It is only retrieved when querying specifically for the "fortiproxy" product; however, it remains absent from searches related to "fortios".
Ideally, when a CVE influences multiple configurations, it should be included in the search results if the queried product matches any configuration within the list.
# Issue not returned
cvemap -p fortios
# Issue returned
cvemap -p fortiproxy
# Example CVE causing the issue
cvemap -id CVE-2024-21762
Additional details regarding CVE-2024-21762 can be found at: CVE-2024-21762 NIST Page
v0.0.4
When querying for certain CPEs, no data is returned.
Vulnerability data should be returned.
As an example, run those queries:
cvemap -cpe 'cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:*'
cvemap -cpe 'cpe:2.3:a:apache:tomcat:8.5.62:*:*:*:*:*:*:*'
cvemap -cpe 'cpe:2.3:a:jquery:jquery:1.11.3:*:*:*:*:*:*:*'
Those will not return any data.
But those CPEs are correct, for example searching on the NIST site it will return 66 vulnerabilities (Apache/httpd): NIST
19 (Apache/Tomcat): NIST
And 4 (jQuery): NIST
The CVE IDs listed by NIST can be directly queried, for example cvemap -id CVE-2023-45802
does return as expected data.
But the CPE is not included in the JSON output.
Is there any reason these CPEs are missing?
Querying for specific versions would be my number one use-case.
Option:
-eproduct CVEs to exclude based on products
Example:
cvemap -eproduct chrome,ios_xe
Would be nice if API-token could be provided as argument to "cvemap -auth". Would simplify headless or unattended scenarios.
Hi! The 'age' parameter allows get result with a fixed age of CVE, but period filter are not allowed yet. Like a "Give me all CVEs for 'node.js' in the last 500 days" for filter out potentially old invalid results.
Please, make CVE IDs clickable to nvd website.
Thank you
@Sim4n6
I'm searching and the error states no route can be found to the host, yet I can reach it in my browser. I'm running the latest version of Go and the latest version of cvemap.
I expected it to return a list of CVE's.
cvemap -k -q "Tomcat 8.0.24"
______ _____ ____ ___ ____ ____
/ ___/ | / / _ \/ __ \__ \/ __ \/ __ \
/ /__ | |/ / __/ / / / / / /_/ / /_/ /
\___/ |___/\___/_/ /_/ /_/\__,_/ .___/
/_/
projectdiscovery.io
[INF] Current cvemap version v0.0.4 (latest)
[FTL] Error getting CVEs: GET https://cve.projectdiscovery.io/api/v1/cves/search?limit=50&offset=0&q=Tomcat+8.0.24+is_exploited%3Atrue+sort_desc%3Acve_id giving up after 6 attempts: Get "https://cve.projectdiscovery.io/api/v1/cves/search?limit=50&offset=0&q=Tomcat+8.0.24+is_exploited%3Atrue+sort_desc%3Acve_id": no address found for host
My computer is running Macos Sonoma v14.3.1
Go version: go version go1.22.0 darwin/arm64
Might be nice to have a -hc
option similar to nuclei's to check connectivity, etc.
When doing a lookup by -id it is case sensitive but I believe all CVEs will be uppercase. If someone tries lowercase they might think there just isnt data. Recommendation is to uppercase input as a usability improvement
Ease of use where a user doesnt have to remember if it is cve or CVE
As of now query search + filters can not be used togather, in order to solve this we need to use map filter option with query seach that supports all kind of filter that can be used.
After this change cvemap -h1 -q xss
would become -q '"xss" hackerone.rank:>1 sort_asc:hackerone.rank'
internally, we need to make sure we handle dedup to form the final api request.
Note:
id
, cvss
, severity
are mandatory table headers and can not altered by users.cvemap -f vs
will display id
, cvess
, severity
, vs
headerIn the CISA KEV data there is a key "knownRandomwareCampaignUse" which returns Known or Unknown based on if CISA is tracking the vulnerability being used for ransomware. This is a good datapoint for criticality/prioritizing. Any chance this can be added into the cvemap output?
Example from json output https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
{
"cveID": "CVE-2021-27103",
"vendorProject": "Accellion",
"product": "FTA",
"vulnerabilityName": "Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability",
"dateAdded": "2021-11-03",
"shortDescription": "Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.",
"requiredAction": "Apply updates per vendor instructions.",
"dueDate": "2021-11-17",
"knownRansomwareCampaignUse": "Known",
"notes": ""
}
Some CVE published several days ago does not exists in cvemap and some others returns outdated data.
Here are some examples:
README mentions that "CVE dataset gets updated in every 6 hours"
cvemap -id CVE-2023-46976
cvemap -id CVE-2024-24919
The json already returns references/links related to the CVE, so it could be nice to have them directly in a field in cli output (maybe masked by default ?)
It will help to quickly check a CVE without having to copy/paste the ID on your favorite search engine.
CLI Option:
-h1, -hackerone display cves reported on hackerone
Example:
cvemap -h1 -l 10
______ _____ ____ ___ ____ _____
/ ___/ | / / _ \/ __ `__ \/ __ `/ __ \
/ /__ | |/ / __/ / / / / / /_/ / /_/ /
\___/ |___/\___/_/ /_/ /_/\__,_/ .___/
/_/ projectdiscovery.io
[INF] Current cvemap version v0.0.1 (latest)
╭────────────────┬──────┬──────────┬──────┬─────────┬─────────────────────┬──────────╮
│ ID │ CVSS │ SEVERITY │ RANK │ REPORTS │ PRODUCT │ TEMPLATE │
├────────────────┼──────┼──────────┼──────┼─────────┼─────────────────────┼──────────┤
│ CVE-2020-35946 │ 5.4 │ MEDIUM │ 1 │ 304 │ all_in_one_seo_pack │ ❌ │
│ CVE-2017-15277 │ 6.5 │ MEDIUM │ 2 │ 1102 │ graphicsmagick │ ❌ │
│ CVE-2023-35813 │ 9.8 │ CRITICAL │ 3 │ 33 │ experience_commerce │ ✅ │
│ CVE-2023-29489 │ 6.1 │ MEDIUM │ 4 │ 261 │ cpanel │ ✅ │
│ CVE-2019-11358 │ 6.1 │ MEDIUM │ 5 │ 211 │ jquery │ ❌ │
│ CVE-2015-9251 │ 6.1 │ MEDIUM │ 6 │ 661 │ jquery │ ❌ │
│ CVE-2020-11022 │ 6.1 │ MEDIUM │ 7 │ 205 │ jquery │ ❌ │
│ CVE-2020-11023 │ 6.1 │ MEDIUM │ 8 │ 204 │ jquery │ ❌ │
│ CVE-2021-24891 │ 6.1 │ MEDIUM │ 9 │ 167 │ website_builder │ ✅ │
│ CVE-2020-23064 │ 6.1 │ MEDIUM │ 10 │ 9 │ jquery │ ❌ │
╰────────────────┴──────┴──────────┴──────┴─────────┴─────────────────────┴──────────╯
Note:
rank
and reports
are implicit headers with -h1
option.Note: new api is almost same as before with more control over response.
Ref: https://github.com/projectdiscovery/cvemap-api/issues/57
Expected:
➜ cvemap ✗ cat cve-ids.txt
CVE-1999-1197
CVE-1999-1115
CVE-2005-0043
CVE-1999-1258
CVE-1999-1438
➜ cvemap ✗ ./cvemap -id cve-ids.txt -silent
╭───────────────┬──────┬──────────┬─────────┬──────────────────┬───────┬──────────╮
│ ID │ CVSS │ SEVERITY │ EPSS │ PRODUCT │ AGE │ TEMPLATE │
├───────────────┼──────┼──────────┼─────────┼──────────────────┼───────┼──────────┤
│ CVE-1999-1115 │ 7.2 │ HIGH │ 0.00061 │ apollo_domain_os │ 12075 │ ❌ │
│ CVE-1999-1197 │ 7.2 │ HIGH │ 0.0006 │ sunos │ 12086 │ ❌ │
│ CVE-1999-1258 │ 5 │ MEDIUM │ 0.00256 │ sunos │ 12060 │ ❌ │
│ CVE-1999-1438 │ 7.2 │ HIGH │ 0.0006 │ sunos │ 12022 │ ❌ │
│ CVE-2005-0043 │ 7.5 │ HIGH │ 0.18629 │ itunes │ 6839 │ ❌ │
╰───────────────┴──────┴──────────┴─────────┴──────────────────┴───────┴──────────╯
Hello, I was installing the tool when I encountered this error that it cannot download the packages
Report
/root/go/pkg/mod/github.com/mholt/archiver/[email protected]/gz.go:8:2: github.com/klauspost/[email protected]: reading https://proxy.golang.org/github.com/klauspost/compress/@v/v1.17.5.zip: 403 Forbidden /root/go/pkg/mod/github.com/mholt/archiver/[email protected]/zip.go:16:2: github.com/klauspost/[email protected]: reading https://proxy.golang.org/github.com/klauspost/compress/@v/v1.17.5.zip: 403 Forbidden
/root/go/pkg/mod/github.com/mholt/archiver/[email protected]/tarzst.go:8:2: github.com/klauspost/[email protected]: reading https://proxy.golang.org/github.com/klauspost/compress/@v/v1.17.5.zip: 403 Forbidden /root/go/pkg/mod/github.com/klauspost/[email protected]/gunzip.go:26:2: github.com/klauspost/[email protected]: reading https://proxy.golang.org/github.com/klauspost/compress/@v/v1.17.5.zip: 403 Forbidden
/root/go/pkg/mod/github.com/mholt/archiver/[email protected]/lz4.go:8:2: github.com/pierrec/lz4/[email protected]: reading https://proxy.golang.org/github.com/pierrec/lz4/v4/@v/v4.1.21.zip: 403 Forbidden package command-line-arguments is not a main package
-re, -remote display remotely exploitable cves (AV:N & PR:N | PR:L)
JSON field to use: is_remote: true
filter cves that are remotely exploitable
cvemap -kev -remote
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.