GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → stevespringett → vulndb-data-mirror

stevespringett / vulndb-data-mirror

Licence: Apache-2.0 license
A simple Java command-line utility to mirror the entire contents of VulnDB.

Programming Languages

java
68154 projects - #9 most used programming language
shell
77523 projects

Labels

vulndbcveappsecscasoftware-securitysoftware-composition-analysis

Projects that are alternatives of or similar to vulndb-data-mirror

zap-sonar-plugin
Integrates OWASP Zed Attack Proxy reports into SonarQube
Stars: ✭ 66 (+83.33%)
Mutual labels:  appsec, software-security
vulnerablecode
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
Stars: ✭ 269 (+647.22%)
Mutual labels:  vulndb, cve
Nist Data Mirror
A simple Java command-line utility to mirror the CVE JSON data from NIST.
Stars: ✭ 135 (+275%)
Mutual labels:  cve, appsec
vulnerability-db
Vulnerability database and package search for sources such as OSV, NVD, GitHub and npm.
Stars: ✭ 36 (+0%)
Mutual labels:  cve, sca
hakbot-origin-controller
Vendor-Neutral Security Tool Automation Controller (over REST)
Stars: ✭ 30 (-16.67%)
Mutual labels:  appsec, software-security
threatmodel-sdk
A Java library for parsing and programmatically using threat models
Stars: ✭ 68 (+88.89%)
Mutual labels:  appsec, software-security
scancode.io
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
Stars: ✭ 66 (+83.33%)
Mutual labels:  sca, software-composition-analysis
dependency-check-plugin
Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).
Stars: ✭ 107 (+197.22%)
Mutual labels:  appsec, software-security
dep-scan
Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!
Stars: ✭ 346 (+861.11%)
Mutual labels:  cve, sca
Sbt Dependency Check
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (+419.44%)
Mutual labels:  cve, appsec
Pigat
pigat ( Passive Intelligence Gathering Aggregation Tool ) 被动信息收集聚合工具
Stars: ✭ 140 (+288.89%)
Mutual labels:  cve
Linuxflaw
This repo records all the vulnerabilities of linux software I have reproduced in my local workspace
Stars: ✭ 140 (+288.89%)
Mutual labels:  cve
Peiqi Wiki Poc
鹿不在侧,鲸不予游🐋
Stars: ✭ 179 (+397.22%)
Mutual labels:  cve
cve-2016-1764
Extraction of iMessage Data via XSS
Stars: ✭ 52 (+44.44%)
Mutual labels:  cve
Cve 2020 16898
CVE-2020-16898 (Bad Neighbor) Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule
Stars: ✭ 207 (+475%)
Mutual labels:  cve
Wprecon
WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.
Stars: ✭ 135 (+275%)
Mutual labels:  cve
cwe-tool
A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.
Stars: ✭ 40 (+11.11%)
Mutual labels:  cve
Awesome Csirt
Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.
Stars: ✭ 132 (+266.67%)
Mutual labels:  cve
Cve Search
cve-search - a tool to perform local searches for known vulnerabilities
Stars: ✭ 1,765 (+4802.78%)
Mutual labels:  cve
Cve Check Tool
Original Automated CVE Checking Tool
Stars: ✭ 172 (+377.78%)
Mutual labels:  cve
View All Similar Projects ➔

Build Status Maven Central License

VulnDB Data Mirror

A simple Java command-line utility to mirror the entire contents of the VulnDB service from Risk Based Security.

The intended purpose of vulndb-data-mirror is to be able to replicate the VulnDB vulnerabiity data inside a company firewall so that local (faster) access to data can be achieved.

In addition to mirroring functionality, VulnDB Data Mirror includes a parser that can automatically convert JSON data to model objects (defined as POJO's). This greatly eases the ramp-up time needed to consume the VulnDB data in a programmatic way.

The VulnDB service utilizes a paginated REST API that must be walked for each type of feed. Due to the large data-set the service provides, it may take an hour or more to mirror the contents.

For best results, use vulndb-data-mirror with cron or another scheduler to keep the mirrored data fresh.

A subscription to VulnDB is required for use. Contact VulnDB for evaluation and subscription information. VulnDB Data Mirror or it's creator are not affiliated with VulnDB or Risk Based Security. This is a community-driven project that acknowledges the value of third-party vulnerability intelligence to enhance or supplement publicly disclosed information.

By using VulnDB Data Mirror, you accept that it will be used in a manner that conforms to the VulnDB terms of service.

Distribution

VulnDB Data Mirror is distributed two different ways.

Pre-compiled binaries are available. This distribution is intended to be extracted and executed in order to run and maintain a working VulnDB mirror. This is the recommended method for most users.

The standalone library is available in the Maven Central Repository. This distribution is useful for programmatic access to the mirroring or parsing functionality.

<dependency>
    <groupId>us.springett</groupId>
    <artifactId>vulndb-data-mirror</artifactId>
    <version>1.0.1</version>
</dependency>

Usage

Windows

vulndb-data-mirror.bat --consumer-key mykey --consumer-secret mysecret --dir "c:\path\to\mirror"

Unix/Linux

vulndb-data-mirror.sh --consumer-key mykey --consumer-secret mysecret --dir "/path/to/mirror"

When running, the console output will resemble:

VulnDB API Status:
--------------------------------------------------------------------------------
Organization Name.............: Example Inc.
Name of User Requesting.......: Jane Doe
Email of User Requesting......: [email protected]
Subscription Expiration Date..: 2018-12-31
API Calls Allowed per Month...: 25000
API Calls Made This Month.....: 1523
--------------------------------------------------------------------------------

Mirroring Vendors feed...
  Processing 18344 of 18344 results
Mirroring Products feed...
  Processing 136853 of 136853 results
Mirroring Vulnerabilities feed...
  Processing 142500 of 166721 results

Getting Help

Execute vulndb-data-mirror.bar or vulndb-data-mirror.sh (without options)

usage: vulndb-data-mirror
    --consumer-key <key>          The Consumer Key provided by VulnDB
    --consumer-secret <secret>    The Consumer Secret provided by VulnDB
    --dir <dir>                   The target directory to store contents
 -prod,--mirror-products          Mirror the products data feed
 -vend,--mirror-vendors           Mirror the vendors data feed
 -vuln,--mirror-vulnerabilities   Mirror the vulnerabilities data feed
 -stat,--status-only              Displays VulnDB API status only

Mirror Recovery

VulnDB Data Mirror can recover from several types of errors. Upon a successful request to VulnDB, this utility will store a timestamp and the last successful page number processed. Pagination of VulnDB defaults to retrieving 100 records at a time. In the event of a network or service error, it is possible to start again where the mirroring left off.

This information is stored in update.properties located in the specified mirror directory.

VulnDB API License

The process of mirroring the contents of VulnDB takes several thousand requests. You may estimate the number of requests required by dividing 100 by the total number of results in each of the three feeds. After mirroring is complete, make a backup of the contents so that a full mirror does not have to take place again. VulnDB may be licensed based on the number of API calls made to the service. Check with the vendor for details.

Compiling

mvn clean package

Related Projects

Copyright & License

vulndb-data-mirror is Copyright (c) Steve Springett. All Rights Reserved.

VulnDB is Copyright (c) Risk Based Security. All Rights Reserved.

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the License file for the full license.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].