vFeed – The Open Source Correlated & Cross-Linked Vulnerability XML Database
Back in 2008, i was conducting a bunch of penetration testing and as a security consultant i had to document and to explain every findings and vulnerabilities. As you may expected, CVE is the naming identifier to rely on when it comes to describe a vulnerability. However, the more information you provide about your findings the more reliable your report is. So i found myself fighting to aggregate and correlate CVE alongside with other extra information issued from 3rd parties vendors. The idea came then.
While the emergence of the Open Standard helped undeniably to shape a new structured way to communicate about vulnerabilities (just take a look at http://measurablesecurity.mitre.org/ to be amazed), i’ve started working on a simple all-in-one xml feed that provides every kind of information related to a certain vulnerability (explicitly CVE id).
I called the project vDNA (which means Vulnerability DNA) later renamed to vFeed. vDNA sounds a bit sloppy.
vFeed is an Open Source / Open Standard new concept naming scheme that provides extra structured detailed 3rd parties references for a CVE entry.
The vFeed concept.
vFeed Core collects the basis xml feed which is generated by a reliable reference (in this case, NVD or CVE) and correlates it across multiple information sources. Here are an example of 3rd parties sources.
- Security standards
- Vulnerability Assessment & Exploitation IDs (Metasploit, Saint Corporation, Nessus Scripts, ZDI, Exploit-DB, milw0rm)
- Vendors Security Alerts
- Microsoft MS
The concept is depicted in the following scheme.
Examples of use
- Using automated XML parser to leverage the capabilities of vFeed cross-linked database
- Consume the normalized database to get a fully description about a CVE-ID entry
- Simplify the extraction of related CVE information (could be used with open source tools and offline)
- Help researchers to conduct survey on Vulnerabilities (tracking vulnerabilities trends about a specific CPE)
- Best solution to get information on vulnerability in an offline environment.
Benefits of the vFeed effort
- Built using open source technologies
- openCVSS.py v1.3 lib written by Brandon Dixon from 9b+
- Fully downloadable SQLite local vulnerability database
- Structured new XML format to describe vulnerabilities
- Based on major open standards CVE, CPE, CWE, CVSS..
- Support correlation with 3rd party security references (CVSS, OSVDB, OVAL…)
- Extended to support correlation with security assessment and patch vendors (Nessus, Exploit-DB, Redhat, Microsoft..)
- Simple & ready to use Python module with more than 15 methods
- Should be compliant with SCAP >> http://scap.nist.gov/
- No SOAP/Web headaches API. vFeed is a fully local database with appropriate python parser to facilite export of CVE vFeed xml.
- Could provide a first guidance and help for any solution to be CVE/CWE Compatible
NJ OUCHN (@toolswatch). My email is nabil dot ouchn at gmail dot com
Feel free to contact for any matter related to this project.
vFeed Common Vulnerabilities and Exposures (CVE) Compatibility
vFeed has been officially registered as CVE-Compatible >> http://cve.mitre.org/compatible/compatible.html and http://cve.mitre.org/compatible/questionnaires/166.html
CVE Declaration: vFeed provides a full aggregated, cross-linked and standardized Vulnerability Database based on CVE and other standards (CPE, CWE, CAPEC, OVAL, CVSS). Therefore, it introduces a new simplified XML format that expands the vulnerability coverage and correlation around the CVE. vFeed will definitely continue to support the CVE initiative and to contribute toward the correlation of vulnerability database
The code source is available at github >>
git clone https://github.com/toolswatch/vFeed.git
PDF guide in beta >> https://github.com/toolswatch/vFeed/tree/master/doc
vFeed xml sample
Here is sample of the SSL Heartbleed >> http://toolswatch.org/vfeed/CVE_2014_0160.xml