How to build a CVEDetails alternative website?

Step 1. Clone and setup follow the guide on CVEDataFeed repository
> git clone https://github.com/cuongmx/CVEDataFeed.git
Step 2. Create a mongodb, use something like mlab or MongoDB Atlas
Step 3. Setup environments and run command to import database from NVD
> python3 cvedatafeed.py importonline
Step 4. Build a frontend to browser all collection from the MongoDB (like https://cvedata.com)
The dashboard on CVEData.com

0. A story

No update from Nov 2019 on CVEDetails
Google just show some popular sites which not like CVEDetails
No answer on reddit
No hope
Very impulsive :-s
NVD data source from Serkan Özkan’s slide on Blackhat 2012
CPE name from NVD

1. NVD Datasource

NVD update every 2 hours
Json data and keep update

2. CPE Name

CPE
cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:* is used to define the Linux Kernel product, version 2.4.7 by Linux vendor, type is Operating system. CPE:2.3 is version of CVE.

3. Some others

The comparison result, more details in github
#testFilter("exec code",[r"(code|command).*(execution|execute)", r"(execution|execute).*(code|command)"])
#out: 10552/10552
#testFilter("dos",[r"denial of service"])
#out: 8260/8260
#testFilter("overflow",[r"overflow", r"(restrict|crash|invalid|violat|corrupt).*(buffer|stack|heap|memory)", r"(buffer|stack|heap|memory).*(restrict|crash|invalid|violat|corrupt)"])
#out: 5242/5814
#testFilter("priv",[r"(gain|escalat).*privil", r"privil.*(gain|escalat)"])
#out: 1910/1910
privilegesRequired, userInteraction and scope are missing field of CVSS2

4. CVEData architect

  • Full automation, no need operation
  • Good Vendor, Good Infrastructure
  • Free or cheap
CVEData Architect
  • Protector, https: Cloudflare ~ free
  • Front-end: Django run on Google App Engine ~ free for 1000 hours/months :-S
  • Back-end: Google Cloud Functions run in Cloud Scheduler ~ free 3 jobs
  • DB: MongoDB Atlas, Free max 500MB data, total size about 700 MB, however I have voucher for 1year ~ free 1 year (hope CVEData live over 1 year :-P)
  • Monitor: UptimeRobot ~ free
  • Source repo: Github

5. Next step

  • Build bug trending to catch bugbounty trending $_$
  • CVE Awards: best cve, hotest cve, voting,…
  • Add more datasource to get CVE’s author and build Hall of Fame for CVE.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
cuongmx

cuongmx

112 Followers

I'm a developer working in cyber security. My regularly IDE is MS Word.