Submit your Open Source Tool at the EKOLABS 2016 (ekoparty)
EKOLABS 2016


vCORE_v2_Eg

vFeed – The Open Source Correlated & Cross-Linked Vulnerability XML Database


History

Back in 2008, i was conducting a bunch of penetration testing and as a security consultant i had to document and to explain every findings and vulnerabilities. As you may expected, CVE is the naming identifier to rely on when it comes to describe a vulnerability. However, the more information you provide about your findings the more reliable your report is. So i found myself fighting to aggregate and correlate CVE alongside with other extra information issued from 3rd parties vendors. The idea came then.

While the emergence of the Open Standard helped undeniably to shape a new structured way to communicate about vulnerabilities (just take a look at http://measurablesecurity.mitre.org/ to be amazed), i’ve started working on a simple all-in-one xml feed that provides every kind of information related to a certain vulnerability (explicitly CVE id).

I called the project vDNA (which means Vulnerability DNA)  later renamed to vFeed.  vDNA sounds a bit sloppy.

vFeed is an Open Source / Open Standard new concept naming scheme that provides extra structured detailed 3rd parties references for a CVE entry.

The vFeed concept.

vFeed Core collects the basis xml feed which is generated by a reliable reference (in this case, NVD or CVE) and correlates it across multiple information sources. Here are an example of 3rd parties sources.

openstandard2

The concept is depicted in the following scheme.

vCORE_v2_Eg

Examples of use

  • Using automated XML parser to leverage the capabilities of vFeed cross-linked database
  • Consume the normalized database to get a fully description about a CVE-ID entry
  • Simplify the extraction of related CVE information (could be used with open source tools and offline)
  • Help researchers to conduct survey on Vulnerabilities (tracking vulnerabilities trends about a specific CPE)
  • Best solution to get information on vulnerability in an offline environment.

Benefits of the vFeed effort

  • Built using open source technologies
    • Python
    • sqlite3
    • openCVSS.py v1.3 lib written by Brandon Dixon from 9b+
  • Fully downloadable SQLite local vulnerability database
  • Structured new XML format to describe vulnerabilities
  • Based on major open standards CVE, CPE, CWE, CVSS..
  • Support correlation with 3rd party security references (CVSS, OSVDB, OVAL…)
  • Extended to support correlation with security assessment and patch vendors (Nessus, Exploit-DB, Redhat, Microsoft..)
  • Simple & ready to use Python module with more than 15 methods
  • Should be compliant with SCAP >> http://scap.nist.gov/
  • No SOAP/Web headaches API. vFeed is a fully local database with appropriate python parser to facilite export of CVE vFeed xml.
  • Could provide a first guidance and help for any solution to be CVE/CWE Compatible

Project authorship

NJ OUCHN (@toolswatch). My email is nabil dot ouchn at gmail dot com

Feel free to contact for any matter related to this project.

vFeed Common Vulnerabilities and Exposures (CVE) Compatibility

vFeed has been officially registered as CVE-Compatible >> http://cve.mitre.org/compatible/compatible.html  and http://cve.mitre.org/compatible/questionnaires/166.html

CVE Declaration: vFeed provides a full aggregated, cross-linked and standardized Vulnerability Database based on CVE and other standards (CPE, CWE, CAPEC, OVAL, CVSS). Therefore, it introduces a new simplified XML format that expands the vulnerability coverage and correlation around the CVE. vFeed will definitely continue to support the CVE initiative and to contribute toward the correlation of vulnerability database

Code source

The code source is available at github >>

Download

git clone https://github.com/toolswatch/vFeed.git

Documentation

PDF guide in beta >> https://github.com/toolswatch/vFeed/tree/master/doc

Wiki  >> https://github.com/toolswatch/vFeed/wiki

 vFeed xml sample

Here is sample of the SSL Heartbleed >> http://toolswatch.org/vfeed/CVE_2014_0160.xml

 





7 Responses to vFeed – The Open Source Correlated & Cross-Linked Vulnerability XML Database

  1. Pingback: vFeed® – The Open Source Correlated & Cross-Linked Vulnerability XML Database “re”started | ToolsWatch.org - The Hackers Arsenal Tools | Repository for vFeed and DPE Projects

  2. Pingback: Book Review: Violent Python A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers | ToolsWatch.org - The Hackers Arsenal Tools | Repository for vFeed and DPE Projects

  3. Wonderful article! We are linking to this particularly great article on our site.
    Keep up the good writing.

  4. Anis says:

    Thank you for the great Tool and concept.
    I think of using vFeed in an application that i’m cre

  5. Anis says:

    Thank you for the great Tool and concept.
    I think of using vFeed in an application that i’m creating, and i just want to know if you ensure the upward compatibility between version (i.e dos the database of 4.8 version of vFeed remain valid and compatible with older versions?).
    And what about updating database from your part? is it a Manuel operation or automated?

  6. furqan says:

    hey,thankyou fr the tool,
    i was just wondering weather how to go by to capture xpath queries issued from web application before they actually hit the xml-database.
    actually its for penetration testing project.
    any suggestion would be appritiated guys.

  7. Konstantin says:

    Thank you for great tool.
    Does vFeed of CVEs happens on hourly bases or there is tree weeks time gap between current date and last vulnerability feed. If there is intentional gap what was the reason behind? Is is possible provide vf data as soon as they are available?

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑