Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.

Stars: ✭ 71 (-47.41%)

Mutual labels: cve

Kurukshetra

Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.

Stars: ✭ 131 (-2.96%)

Mutual labels: appsec

Cve 2019 12086 Jackson Databind File Read

Stars: ✭ 110 (-18.52%)

Mutual labels: cve

Pidrila

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

Stars: ✭ 125 (-7.41%)

Mutual labels: appsec

Gitlab rce

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

Stars: ✭ 104 (-22.96%)

Mutual labels: cve

Patrowlhears

PatrowlHears - Vulnerability Intelligence Center / Exploits

Stars: ✭ 89 (-34.07%)

Mutual labels: cve

Securityrat

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

Stars: ✭ 115 (-14.81%)

Mutual labels: appsec

Cve 2019 0708 Tool

A social experiment

Stars: ✭ 87 (-35.56%)

Mutual labels: cve

Oob Server

A Bind9 server for pentesters to use for Out-of-Band vulnerabilities

Stars: ✭ 125 (-7.41%)

Mutual labels: appsec

Purify

All-in-one tool for managing vulnerability reports from AppSec pipelines

Stars: ✭ 72 (-46.67%)

Mutual labels: appsec

Middleware Vulnerability Detection

CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15

Stars: ✭ 1,378 (+920.74%)

Mutual labels: cve

Bag Of Holding

An application to assist in the organization and prioritization of software security activities.

Stars: ✭ 114 (-15.56%)

Mutual labels: appsec

Awesome Csirt

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

Stars: ✭ 132 (-2.22%)

Mutual labels: cve

View All Similar Projects ➔

NIST Data Mirror

A simple Java command-line utility to mirror the NVD (CPE/CVE JSON) data from NIST.

The intended purpose of nist-data-mirror is to be able to replicate the NIST vulnerabiity data inside a company firewall so that local (faster) access to NIST data can be achieved.

nist-data-mirror does not rely on any third-party dependencies, only the Java SE core libraries. It can be used in combination with [OWASP Dependency-Check] in order to provide Dependency-Check a mirrored copy of NIST data.

For best results, use nist-data-mirror with cron or another scheduler to keep the mirrored data fresh.

Usage

Building

mvn clean package

Running

java -jar nist-data-mirror.jar <mirror-directory>

To use a proxy provide http.proxyHost / http.proxyPort system properties.

Downloading

If you do not wish to download sources and compile yourself, [pre-compiled binaries] are available for use. NIST Data Mirror is also available on the Maven Central Repository.

<dependency>
    <groupId>us.springett</groupId>
    <artifactId>nist-data-mirror</artifactId>
    <version>1.5.1</version>
</dependency>

Docker

A Dockerfile is included, and the image is available on Docker Hub as sspringett/nvdmirror. This was created to assist in debugging other issues. While the image does create an httpd instance that mirrors the NVD CVE data feeds - note that it also creates a backup for all changed files and there is currently no automatic cleanup.

$ mvn clean package
$ docker build --rm -t sspringett/nvdmirror .
$ mkdir target/docs
$ docker run -dit \
  --name mirror \
  -p 80:80 \
  --mount type=bind,source="$(pwd)"/target/docs/,target=/usr/local/apache2/htdocs \
  sspringett/nvdmirror

The httpd server will take a minute to spin up as it is mirroring the initial NVD files.

To use a proxy during build time provide the http_proxy, https_proxy and no_proxy environment variables as build arguments (e.g. --build-arg http_proxy="${http_proxy}". For the runtime you can pass the http.proxyHost and http.proxyPort values in _JAVA_OPTIONS.

For example.

_JAVA_OPTIONS="-Dhttps.proxyHost=yourproxyhost.domain -Dhttps.proxyPort=3128 -Dhttp.proxyHost=yourproxyhost.domain
      -Dhttp.proxyPort=3128 -Dhttp.nonProxyHosts="localhost|*.domain"

The image is designed to be executed as a random non-root user and can be deployed on container orchestration platforms such as Kubernetes and OpenShift.

Related Projects

VulnDB Data Mirror

Copyright & License

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the [LICENSE] [Apache 2.0] file for the full license.

owasp dependency-check apache 2.0 pre-compiled binaries

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 135

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (10) 🔗