vFeed


Tools

Published on August 11th, 2015 | by NJ Ouchn

0

vFeed Correlated Vulnerability Database API major update 0.6 released

vFeed Framework is a CVE, CWE and OVAL Compatible naming scheme concept that provides extra structured detailed third-party references and technical characteristics for a CVE entry through an extensible XML/JSON schema.

It also improves the reliability of CVEs by providing a flexible and comprehensive vocabulary for describing the relationship with other standards and security references.

The associated vFeed.db (The Correlated Vulnerability and Threat Database) is a detective and preventive security information repository used for gathering vulnerability and mitigation data from scattered internet sources into an unified database.

Changelog 0.6.0

  • Reviewed and re-wrote the code to be as much as possible PEP8 compliant
  • Update the vFeed License. It is very important to read it.
  • Introduced a new simple vFeed menu with the following options:
    • –method: Digs into the database and enumerate information related to CVE. See (–list)
    • –list: Lists the available –method functions. You can refer to the wiki documentation for more information
    • –export : Exports metadata to either JSON or XML formats
    • –stats : Displays the vFeed.db statistics
    • –search: Simple vFeed search utility. It supports CVE, CPE, CWE, OVAL and free text
    • –update: To update the vFeed.db Correlated Vulnerability Database.
    • –banner: Displays vFeed banners. Dont ask me. It is useless 🙂
  • Refactored the main vFeed class api.py into small dedicated classes:
    • info.py: Used to render information about CVE alongside other open standards (CWE, CPE, CAPEC).
    • ref.py: Can be leveraged to get information about references and cross-linked sources (IAVM, SCIP..)
    • risk.py: Used to display the CVSS v2 and severity.
    • patches.py: Mostly used to enumerate hotfixes from 3rd party vendors such as Microsoft, Redhat, Suse etc
    • scanners.py : Leveraged to list information about scanners scripts related to CVEs such as Nessus, OpenVAS ..
    • exploit.py : Used to list information about exploits PoC related to CVEs such as Metasploit, Exploit-DB ..
    • rules.py : Can be leveraged to display the IDS/IPS rules to prevent from the attack such as Snort or Suricata
    • json_dump.py : This class will generate a detailed CVE JSON output.
  • vFeed now returns JSON responses. It will be much easier to integrate with 3rd party utilities and software.
  • Added the support of CWE, OVAL and free text to search.py class.
  • Added URL links to the references (CVE, CWE, CAPEC, 3rd party references ..)
  • Changed name of get_risk method to get_severity
  • Exported JSON/XML files are moved to export repository.
  • Added api_calls.py API calls sample to demonstrate how easy to use vFeed from within your code.
  • Deprecated the value of “PCI Compliance” from risk.py class. This will be supported later.
  • Deprecated the method get_milw0rm as the source does not longer exist
  • Todo : The XML export will be added later.
  • The documentation updated. Visit Documentation Page

Tags: , , , , ,


About the Author

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"



Back to Top ↑