从MITRE数据库中获取与特定关键字或关键字列表相对应的所有CVE。
mitrecve的Python项目详细描述
米特里克夫
从MITRE数据库中获取与特定关键字或关键字列表相对应的所有CVE。在
有关完整的文档,请参阅ReadTheDocs
安装
您可以通过pip(PyPI)或从源代码安装mitrecve
。
要使用pip安装:
python3 -m pip install mitrecve
或手动:
^{pr2}$命令行接口
mitrecve --help
> mitrecve
>
> usage:
> mitrecve <package> [--verbose --detail ] [-o FILE]
> mitrecve ( -h | --help | --version )
>
> options:
> -v --verbose Show full output.
> -d --detail Show CVE details.
> -o --output FILE Save output to file.
> -h --help Show this screen.
> --version Show version.
pythonhtml5lib
模块的输出示例:
mitrecve html5lib
>>>>>>>>>>>>>> SEARCH IN MITRE DATABASE <<<<<<<<<<<<<<< -------------- Package: <html5lib> -------------- CVE : CVE-2016-9910 CVE DETAIL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9910 DESCRIPTION The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909. CVE : CVE-2016-9909 CVE DETAIL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9909 DESCRIPTION The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values.
您还可以搜索多个关键字并使用--detail
标志打印(或用-o,--output
标志保存)其他详细信息:
mitrecve recon-ng,harvester --detail
>>>>>>>>>>>>>>> SEARCH IN MITRE DATABASE (Detail)<<<<<<<<<<<<<<< -------------- Package: <recon-ng> -------------- CVE : CVE-2018-20752 DESCRIPTION : An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote code execution for the attacker. NVD LINK : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20752 Reference for CVE: CVE-2018-20752 CVE REFERENCE : https://bitbucket.org/LaNMaSteR53/recon-ng/commits/41e96fd58891439974fb0c920b349f8926c71d4c#chg-modules/reporting/csv.py CVE REFERENCE : https://bitbucket.org/LaNMaSteR53/recon-ng/issues/285/csv-injection-vulnerability-identified-in -------------- Package: <harvester> -------------- CVE : CVE-2011-5197 DESCRIPTION : Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Harvester Systems 2.3.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files. NVD LINK : http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5197 Reference for CVE: CVE-2011-5197 CVE REFERENCE : http://www.exploit-db.com/exploits/18266
美国石油学会
只需导入并使用它。在
>>>frommitrecveimportcrawler>>>frompprintimportpprint>>>pprint(crawler.get_main_page("jython"))[('CVE-2016-4000','https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4000','Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a ''crafted serialized PyFunction object.'),('CVE-2013-2027','https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2027','Jython 2.2.1 uses the current umask to set the privileges of the class ''cache files, which allows local users to bypass intended access ''restrictions via unspecified vectors.')]# cve detail>>>pprint(crawler.get_cve_detail("jython"))[('CVE-2016-4000',# cve name'Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a ''crafted serialized PyFunction object.',# cve description'http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4000',# nist detail['http://advisories.mageia.org/MGASA-2015-0096.html','http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html','http://www.mandriva.com/security/advisories?name=MDVSA-2015:158','https://bugzilla.redhat.com/show_bug.cgi?id=947949','http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html']),# cve reference list('CVE-2013-2027','Jython 2.2.1 uses the current umask to set the privileges of the class ''cache files, which allows local users to bypass intended access ''restrictions via unspecified vectors.','http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2027',['http://advisories.mageia.org/MGASA-2015-0096.html','http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html','http://www.mandriva.com/security/advisories?name=MDVSA-2015:158','https://bugzilla.redhat.com/show_bug.cgi?id=947949','http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html'])]
- 项目
标签: