vFeed


Tools

Published on June 29th, 2013 | by NJ Ouchn

0

vFeed – The Open Source Cross-Linked Local Vulnerability Database version Beta 0.3.9 released

vFeed framework is an open source naming scheme concept that provides extra structured detailed third-party references and technical characteristics for a CVE entry through an extensible XML schema.

It also improves the reliability of CVEs by providing a flexible and comprehensive vocabulary for describing the relationship with other security references and standards.

openstandard2

Changelog v0.3.9

  • Added the support of Metasploit Ids. Now vFeed reports msf exploit id, link to file and title
  • Added the support of CAPEC. When the reference exists, the CAPEC id and link are reported accordingly with its associated CWE
  • checkCWE extended to support the CWE title. Sometimes, it’s comfortable to deal with human words than ids 😉
  • checkRISK extended to support Top Categories as CWE/SANS 2011, OWASP 2010 etc. Whenever the CVE is flagged with specific categories (see api.py at _isTopAlert),the topAlert value is filled with categories name such as OWASP Top Ten 2010 Category A1 – Injection or 2011 Top 25 – Insecure Interaction Between Components
  • checkCVSS extended to support the CVSS Vector.
  • To reflect the newest cross references, 3 new methods have been added
    • checkMSF to check for Metasploit sploits or plugins
    • checkCAPEC to enumerate the CWE associated (and indirectly CVE) CAPEC ids
    • checkCATEGORY to list the whole Top Categories associated with CWE and indirectly CVE. This method is useful if topAlert doesnt report any known Top List.
    • Updated checkRISK, checkCWE and checkCVSS
    • updated exportXML to reflect the changes.
  • vfeed.db regenerated from scratch to support the newest changes.
  • Documentation as usual in progress.
  • Check the sample files vFeedAPI_calls_1.py and vFeedAPI_calls_2.py to quickly understand everything works.

Download / fork / contribute

Tags: , , , , , , , ,


About the Author

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"



Back to Top ↑