Published on July 15th, 2013 | by NJ Ouchn0
vFeed The Open Source Cross Linked VDB v0.4.0 released (Support of OpenVAS, DISA/IAVM…)
vFeed framework is an open source naming scheme concept that provides extra structured detailed third-party references and technical characteristics for a CVE entry through an extensible XML schema.
It also improves the reliability of CVEs by providing a flexible and comprehensive vocabulary for describing the relationship with other security references and standards
- Built using open source technologies
- Fully downloadable SQLite local vulnerability database
- Structured new XML format to describe vulnerabilities
- Based on major open standards CVE, CPE, CWE, CVSS..
- Support correlation with 3rd party security references (CVSS, OSVDB, OVAL…)
- Extended to support correlation with security assessment and patch vendors (Nessus, Exploit-DB, Redhat, Microsoft..)
- Simple & ready to use Python module with more than 15 methods
- Refactored the exportXML method as a separate class vFeedXML (exportxml.py). The method export() could be invoked to generate the appropriate vFeed XML format
- Changed methods name to something “pythonic compliant names” according to Andres Riancho (Thanks to David Mirza for python documentation). Format is now get_cve, get_cpe etc instead of the awful checkCVE, checkCPE …(Issue Ref: https://github.com/toolswatch/vFeed/issues/13)
- Added the support to DISA/IAVM database (Information Assurance Vulnerability Alert) advisories from DoD-CERT. When available, the IAVM id and DISA VMSkey are reported
- Added the support to CERT-VN (CERT Vulnerability Notes Database (VU)). When available, the CERT-VU and Link are reported.
- Added the support to SCIP database effort from folks at www.scip.ch. The ids and link are reported (thanks to Marc Ruef @mruef for the help)
- Added the support to OpenVAS (www.openvas.org). Whenever a reference exists, the ID, script file(s), family(s) and title are reported
- Added the support to Cisco Security Advisories (http://tools.cisco.com/security/center/publicationListing.x)
- Added the support to Ubuntu USN Security Notices (http://www.ubuntu.com/usn/)
- Added the support to Gentoo GLSA http://www.gentoo.org/security/en/glsa/
- Added the support to Fedora Security advisories (http://www.redhat.com/archives/fedora-announce-list/)
- To reflect the newest cross references, the following new methods have been added
- get_iavm to check for DISA/IAVM ids associated with a CVE
- get_scip to check for SCIP database ids
- get_certvn to enumerate the CERT-VN ids
- get_openvas to list the OpenVAS Vulnerability scanner scripts. It always classy to have both Nessus and OpenVAS scripts 😉
- get_cisco to list cisco patchs
- get_ubuntu to list ubuntu patchs
- get_gento. You bet, it’s for listing the Gentoo patchs
- get_fedora to list the fedora patchs
- Despite the fact the OSVDB ids was already mapped with vFeed since the beginning, a new method get_osvdb has been added to enumerate them when available.
- Added get_milw0rm method even if the website is deprecated (for old time’s sake)
- Introduced vfeedcli.py instead of awful script name vFeed_Calls_1.py. From now on, vFeed CLI should be used to get CVE attributes
- Slightly modified the get_cve keys to (summary, published and modified). Check the vfeedcli.py code source.
- vFeed XML format slightly modified. It’s still easy to read and to parse.
- Minor bug fixed (when a CVE is missed, vFeed exits)
- vfeed.db regenerated to support the newest changes
- Documentation should be updated the reflect the major methods name changes