Simple REST-style web service for the CVE searching.
You must have running ruby, git, mongodb and nginx in your local machine.
curl --ssl -s https://raw.githubusercontent.com/SpiderLabs/cve_server/master/scripts/install.sh | bash -
-
Search for an specific CVE using its ID
-
Search for several CVEs
-
Search for CVEs related to a CPE without versions
-
List all the available CPEs with versions
-
Search for CVEs related to a CPE with versions
- http://localhost:port/v1/cpe_with_version/samba:samba:4.0.0
- http://localhost:port/v1/cpe_with_version/samba:samba:4.0.0,apache:http_server:2.4.4
- Don't forget to encode the URI if that has special characters, example:
- URI::encode('/v1/cpe_with_version/cisco:ios:15.4%282%29t1')
-
List all the available CPEs with versions
- Clone our repository.
git clone https://github.com/SpiderLabs/cve_server.git
- Install the ruby dependencies.
bundle install
- Download the raw data from the National Vulnerability Database. The supported NVD reports are XML 2.0 (by default) and JSON 1.0 files.
./bin/nvd_downloader
or
./bin/nvd_downloader -f json
- Configure your database.
vi config/database.yml
- Create and populate the database for you environment.
RACK_ENV=development ./bin/seed
or
RACK_ENV=development ./bin/seed -f json
The -f flag with the json option will populate the database using the experimental JSON reports from NVD and it renames the score key to base_score in the cvss (v2) field, it also includes the cvssv3 information and some changes for the links in the references field.
- Start the server.
RACK_ENV=development puma
CVEServer is released under the MIT License