Skip to content
This repository has been archived by the owner on May 14, 2024. It is now read-only.

CERTCC/Vulnerability-Data-Archive-Tools

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Important

With the introduction of the VINCE API, the CERT Vulnerability Data Archive has been archived and these tools are no longer supported. We're leaving them available as an archive repository for those who might still want to parse the archived data.

Vulnerability Data Archive Tools

This is our attempt at providing a simple means of interacting with the CERT Vulnerability Data Archive. At this time we have no plans to provide any full-fledged applications. Instead we are offering a simple VulDb() Python class that can load the vulnerability data contained in the archive. It's up to you to decide how to use it. Anyone with some basic Python skills should be able to make use of this package.

Getting Started

Install Prerequisites

Get virtualenv if you don't already have it

$ pip install virtualenv

Get the Vulnerability Data Archive Tools:

git clone https://github.com/CERTCC/Vulnerability-Data-Archive-Tools.git

So we'll assume that you now have the code in ./Vulnerability-Data-Archive-Tools

Set Up Your Environment

Change into the directory with the code:

cd ./Vulnerability-Data-Archive-Tools/src

Create a virtualenv:

$ cd Vulnerability-Data-Archive-Tools
$ virtualenv vuldata_demo_env
New python executable in cert_vuldata/bin/python
Installing setuptools, pip, wheel...done.

Activate it:

$ . vuldata_demo_env/bin/activate

Install requirements:

(vuldata_demo_env)$ pip install -r requirements.txt

Install the CERT Vulnerability Data Archive Tools package:

(vuldata_demo_env)$ python setup.py install

Get the Data

You can clone the Vulnerability Data Archive using git:

git clone https://github.com/CERTCC/Vulnerability-Data-Archive.git

Or just download and unzip this:

https://github.com/CERTCC/Vulnerability-Data-Archive/archive/master.zip

Using the Tools

Try the demo:

$ cert_vuldata_demo --help
usage: cert_vuldata_demo [-h] datapath

positional arguments:
  datapath    path to CERT Vulnerability Data Archive

optional arguments:
  -h, --help  show this help message and exit

Ok, so you have to point it at the data:

(vuldata_demo_env)$ cert_vuldata_demo Vulnerability-Data-Archive/data

Watch it go...the demo prints a series of reports just to show you what you can do with this data:

  1. a count of the vul records read
  2. a list of all records for which "Google" appears as an affected vendor
  3. a count of vulnerability reports created by year
  4. the number of CVE IDs associated with vulnerability reports
66316

### Google Vuls by Date ###
2002-02-08 VU#864643 SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes
2005-12-27 VU#181038 Microsoft Windows Metafile handler SETABORTPROC GDI Escape vulnerability
...
2015-10-13 VU#943167 Voice over LTE implementations contain multiple vulnerabilities
2016-01-19 VU#916896 Oracle Outside In 8.5.2 contains multiple stack buffer overflows

Year, NumVulReportsCreated
1998, 639
1999, 765
...
2015, 188
2016, 23

NumCVEs, VulCount
0, 44848
1, 19863
...
63, 1
66, 1

Build Your Own Awesome

This is where your creativity comes in. Want to see all the vuls we cataloged with prime numbered CVEs? How about counting how many times we've said "We are currently unaware of a practical solution to this problem."? You've got ideas for analysis and questions to answer. That's why you're reading this. So to get started, you can follow the examples in cert_vuldata/demo.py, or just start with something like

from cert_vuldata.vuldb import VulDb

vulrecords = VulDb('Vulnerability-Archive-Data/data')
vulrecords.load()

# a VulDb object is basically a dict
for vu_id, record in vulrecords.iteritems():
    do_something_with(record)