What is vFeed
Installation
On kali
Other
git clone https://github.com/toolswatch/vFeed.git |
git clone https://github.com/toolswatch/vFeed.git
Register and download vfeed.db
Register here: http://www.vfeed.io/pricing/
Usage
help
python vfeedcli.py -h
usage: vfeedcli.py [-h] [-v] [-m Method CVE] [-e type CVE] [-s id]
[--stats get_stats / get_latest] [-u] [--list] [--banner]
[--migrate]
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-m Method CVE, --method Method CVE
Invoking multiple vFeed methods.
-e type CVE, --export type CVE
Export to XML or JSON the CVE id
-s id, --search id Search utility for CVE,CPE,CWE, OVAL or free text
--stats get_stats / get_latest
View the vFeed Database statistics
<span style="color: #ff0000;"> -u, --update Update the Vulnerability and Threat Database < deprecated </span>
--list Enumerate the list of available methods
--banner Print vFeed banner
--migrate Migration to MongoDB |
python vfeedcli.py -h
usage: vfeedcli.py [-h] [-v] [-m Method CVE] [-e type CVE] [-s id]
[--stats get_stats / get_latest] [-u] [--list] [--banner]
[--migrate]
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-m Method CVE, --method Method CVE
Invoking multiple vFeed methods.
-e type CVE, --export type CVE
Export to XML or JSON the CVE id
-s id, --search id Search utility for CVE,CPE,CWE, OVAL or free text
--stats get_stats / get_latest
View the vFeed Database statistics
<span style="color: #ff0000;"> -u, --update Update the Vulnerability and Threat Database < deprecated </span>
--list Enumerate the list of available methods
--banner Print vFeed banner
--migrate Migration to MongoDB
Show version
python vfeedcli.py -v
.:. vFeed - The Correlated Vulnerability and Threat Database .:. (ver 0.6.8) |
python vfeedcli.py -v
.:. vFeed - The Correlated Vulnerability and Threat Database .:. (ver 0.6.8)
Show statistics
python vfeedcli.py --stats get_stats
---------------------------------------------------------------
vFeed.db Statistics
Distinct values of CVEs and associated third party references
Database build (latest update date): 8222016
---------------------------------------------------------------
[+] Vulnerability Information and References
[-] Common Vulnerability Enumeration (CVE): 78527
[-] Affected Products or Common Platform Enumeration (CPE): 191239
[-] Common Weakness Enumeration (CWE) types: 496
[-] Common Attack Pattern Enumeration and Classification (CAPEC) types: 234
[-] SecurityFocus BID: 33349
[-] OSVDB - Open Source Vulnerability Database advisories: 22373
[-] CERT.org Vulnerability Notes: 4275
[-] DOD-CERT Information Assurance Vulnerability Alert (IAVA): 1168
[-] Scip AG Security Advisories: 82392
[+] Third Party Vendors Patches and Advisories
[-] IBM AIX APARs Patches Advisories: 2175
[-] Suse Patches Advisories: 2365
[-] Ubuntu Patches Advisories: 1966
[-] VMware Patches Advisories: 97
[-] Cisco Patches Advisories: 872
[-] Debian Patches Advisories: 3109
[-] Fedora Patches Advisories: 2887
[-] Gentoo Patches Advisories: 1427
[-] HP (Hewlett Packard) Patches Advisories: 2083
[-] Mandriva Patches Advisories: 1697
[-] Microsoft Bulletins Advisories: 1481
[-] Microsoft KB Advisories: 2292
[-] Redhat Patches Advisories: 4797
[-] Redhat Bugzilla Advisories: 13686
[+] Exploits and Proof of Concepts
[-] Exploit-DB Exploits: 3201
[-] Metasploit Exploits / Modules: 1438
[-] Milw0rm Exploits (Deprecated) : 5560
[-] Saint Corporation Proof of Concepts and exploits: 970
[-] D2 Elliot Web Exploitation Framework: 289
[+] Third Party Security Scanners Scripts
[-] Nessus Security Scripts: 56677
[-] OpenVAS Security Scripts: 27486
[-] Nmap NSE scripts: 56
[-] Open Vulnerability Assessment Language (OVAL) definitions: 26645
[+] Open Source Intrusion Detection Rules
[-] Snort Detection Rules: 1344
[-] Suricata Detection Rules: 5095 |
python vfeedcli.py --stats get_stats
---------------------------------------------------------------
vFeed.db Statistics
Distinct values of CVEs and associated third party references
Database build (latest update date): 8222016
---------------------------------------------------------------
[+] Vulnerability Information and References
[-] Common Vulnerability Enumeration (CVE): 78527
[-] Affected Products or Common Platform Enumeration (CPE): 191239
[-] Common Weakness Enumeration (CWE) types: 496
[-] Common Attack Pattern Enumeration and Classification (CAPEC) types: 234
[-] SecurityFocus BID: 33349
[-] OSVDB - Open Source Vulnerability Database advisories: 22373
[-] CERT.org Vulnerability Notes: 4275
[-] DOD-CERT Information Assurance Vulnerability Alert (IAVA): 1168
[-] Scip AG Security Advisories: 82392
[+] Third Party Vendors Patches and Advisories
[-] IBM AIX APARs Patches Advisories: 2175
[-] Suse Patches Advisories: 2365
[-] Ubuntu Patches Advisories: 1966
[-] VMware Patches Advisories: 97
[-] Cisco Patches Advisories: 872
[-] Debian Patches Advisories: 3109
[-] Fedora Patches Advisories: 2887
[-] Gentoo Patches Advisories: 1427
[-] HP (Hewlett Packard) Patches Advisories: 2083
[-] Mandriva Patches Advisories: 1697
[-] Microsoft Bulletins Advisories: 1481
[-] Microsoft KB Advisories: 2292
[-] Redhat Patches Advisories: 4797
[-] Redhat Bugzilla Advisories: 13686
[+] Exploits and Proof of Concepts
[-] Exploit-DB Exploits: 3201
[-] Metasploit Exploits / Modules: 1438
[-] Milw0rm Exploits (Deprecated) : 5560
[-] Saint Corporation Proof of Concepts and exploits: 970
[-] D2 Elliot Web Exploitation Framework: 289
[+] Third Party Security Scanners Scripts
[-] Nessus Security Scripts: 56677
[-] OpenVAS Security Scripts: 27486
[-] Nmap NSE scripts: 56
[-] Open Vulnerability Assessment Language (OVAL) definitions: 26645
[+] Open Source Intrusion Detection Rules
[-] Snort Detection Rules: 1344
[-] Suricata Detection Rules: 5095
Show latest cve’s
python vfeedcli.py --stats get_latest
---------------------------------------------------------------
vFeed.db Statistics : Latest added CVEs
607 total added new CVEs
---------------------------------------------------------------
CVE-2016-0266
CVE-2016-0280
CVE-2016-0281
CVE-2016-0361
CVE-2016-0380
CVE-2016-0635
CVE-2016-0760
CVE-2016-0782
CVE-2016-1238
CVE-2016-1276
CVE-2016-1278
<snip> |
python vfeedcli.py --stats get_latest
---------------------------------------------------------------
vFeed.db Statistics : Latest added CVEs
607 total added new CVEs
---------------------------------------------------------------
CVE-2016-0266
CVE-2016-0280
CVE-2016-0281
CVE-2016-0361
CVE-2016-0380
CVE-2016-0635
CVE-2016-0760
CVE-2016-0782
CVE-2016-1238
CVE-2016-1276
CVE-2016-1278
<snip>
Show available methodes
python vfeedcli.py --list
Methods related to Class: CveExploit
|--> get_d2
|--> get_edb
|--> get_milw0rm
|--> get_msf
|--> get_saint
Methods related to Class: CveInfo
|--> get_capec
|--> get_category
|--> get_cpe
|--> get_cve
|--> get_cwe
|--> get_wasc
Methods related to Class: CvePatches
|--> get_aixapar
|--> get_cisco
|--> get_debian
|--> get_fedora
|--> get_gentoo
|--> get_hp
|--> get_kb
|--> get_mandriva
|--> get_ms
|--> get_redhat
|--> get_suse
|--> get_ubuntu
|--> get_vmware
Methods related to Class: CveRef
|--> get_bid
|--> get_certvn
|--> get_iavm
|--> get_osvdb
|--> get_refs
|--> get_scip
Methods related to Class: CveRisk
|--> get_cvss
|--> get_severity
|--> top_alert
Methods related to Class: CveRules
|--> get_snort
|--> get_suricata
Methods related to Class: CveScanners
|--> get_nessus
|--> get_nmap
|--> get_openvas
|--> get_oval
Methods related to Class: ExportJson
|--> json_dump |
python vfeedcli.py --list
Methods related to Class: CveExploit
|--> get_d2
|--> get_edb
|--> get_milw0rm
|--> get_msf
|--> get_saint
Methods related to Class: CveInfo
|--> get_capec
|--> get_category
|--> get_cpe
|--> get_cve
|--> get_cwe
|--> get_wasc
Methods related to Class: CvePatches
|--> get_aixapar
|--> get_cisco
|--> get_debian
|--> get_fedora
|--> get_gentoo
|--> get_hp
|--> get_kb
|--> get_mandriva
|--> get_ms
|--> get_redhat
|--> get_suse
|--> get_ubuntu
|--> get_vmware
Methods related to Class: CveRef
|--> get_bid
|--> get_certvn
|--> get_iavm
|--> get_osvdb
|--> get_refs
|--> get_scip
Methods related to Class: CveRisk
|--> get_cvss
|--> get_severity
|--> top_alert
Methods related to Class: CveRules
|--> get_snort
|--> get_suricata
Methods related to Class: CveScanners
|--> get_nessus
|--> get_nmap
|--> get_openvas
|--> get_oval
Methods related to Class: ExportJson
|--> json_dump
Call method
python vfeedcli.py -m <method> <cve> |
python vfeedcli.py -m <method> <cve>
Search
python vfeedcli.py -s <string> |
python vfeedcli.py -s <string>
Use case:
Which Tibco vulnerabilities can be detected with Nessus?
Listing all tibco cve can be done with the following:
/usr/share/vFeed# python vfeedcli.py -s cpe:/a:tibco:
[+] Gathering information ...
[+] cpe:/a:tibco:web_player_automation_services
|-> CVE-2012-0690
[+] cpe:/a:tibco:web_player:6.0.0
|-> CVE-2014-2544
[+] cpe:/a:tibco:web_player:5.5.0
|-> CVE-2014-2544
[+] cpe:/a:tibco:web_player:5.0.1
|-> CVE-2014-2544
[+] cpe:/a:tibco:web_player:5.0.0
|-> CVE-2014-2544
[+] cpe:/a:tibco:web_player:4.5.1
|-> CVE-2014-2544
[+] cpe:/a:tibco:web_player:4.5.0
|-> CVE-2014-2544
[+] cpe:/a:tibco:web_player:4.0.3
|-> CVE-2014-2544
[+] cpe:/a:tibco:vault:2.0.0
|-> CVE-2015-5711
<snip> |
/usr/share/vFeed# python vfeedcli.py -s cpe:/a:tibco:
[+] Gathering information ...
[+] cpe:/a:tibco:web_player_automation_services
|-> CVE-2012-0690
[+] cpe:/a:tibco:web_player:6.0.0
|-> CVE-2014-2544
[+] cpe:/a:tibco:web_player:5.5.0
|-> CVE-2014-2544
[+] cpe:/a:tibco:web_player:5.0.1
|-> CVE-2014-2544
[+] cpe:/a:tibco:web_player:5.0.0
|-> CVE-2014-2544
[+] cpe:/a:tibco:web_player:4.5.1
|-> CVE-2014-2544
[+] cpe:/a:tibco:web_player:4.5.0
|-> CVE-2014-2544
[+] cpe:/a:tibco:web_player:4.0.3
|-> CVE-2014-2544
[+] cpe:/a:tibco:vault:2.0.0
|-> CVE-2015-5711
<snip>
Getting the CVE’s, sort unique and redirecting to file:
python vfeedcli.py -s cpe:/a:tibco: | grep CVE | cut -d " " -f2 | sort -u -r > tibco_cves.txt |
python vfeedcli.py -s cpe:/a:tibco: | grep CVE | cut -d " " -f2 | sort -u -r > tibco_cves.txt
for x in $(cat tibco_cves.txt) ; do echo $x && python vfeedcli.py -m get_nessus $x ;done
CVE-2016-3628
null
CVE-2015-8090
null
CVE-2015-5713
null
CVE-2015-5712
null
CVE-2015-5711
null
CVE-2015-4555
null
CVE-2015-4554
null
CVE-2014-7195
null
CVE-2014-7194
null
CVE-2014-5286
null
CVE-2014-5285
[
{
"family": "CGI abuses",
"file": "tibco_spotfire_server_6_5_1.nasl",
"id": "78393",
"name": "TIBCO Spotfire Server Authentication Module Unspecified Privilege Escalation"
}
]
<snip> |
for x in $(cat tibco_cves.txt) ; do echo $x && python vfeedcli.py -m get_nessus $x ;done
CVE-2016-3628
null
CVE-2015-8090
null
CVE-2015-5713
null
CVE-2015-5712
null
CVE-2015-5711
null
CVE-2015-4555
null
CVE-2015-4554
null
CVE-2014-7195
null
CVE-2014-7194
null
CVE-2014-5286
null
CVE-2014-5285
[
{
"family": "CGI abuses",
"file": "tibco_spotfire_server_6_5_1.nasl",
"id": "78393",
"name": "TIBCO Spotfire Server Authentication Module Unspecified Privilege Escalation"
}
]
<snip>
SQLite
You can also query the vfeed.db directly
sqlite3 vfeed.db
SQLite version 3.14.1 2016-08-11 18:53:32
Enter ".help" for usage hints.
sqlite> .tables
capec_db map_cve_debian map_cve_osvdb
capec_mit map_cve_exploitdb map_cve_oval
cve_cpe map_cve_fedora map_cve_redhat
cve_cwe map_cve_gentoo map_cve_saint
cve_reference map_cve_hp map_cve_scip
cwe_capec map_cve_iavm map_cve_snort
cwe_category map_cve_mandriva map_cve_suricata
cwe_db map_cve_milw0rm map_cve_suse
cwe_wasc map_cve_ms map_cve_ubuntu
map_cve_aixapar map_cve_msf map_cve_vmware
map_cve_bid map_cve_mskb map_redhat_bugzilla
map_cve_certvn map_cve_nessus nvd_db
map_cve_cisco map_cve_nmap stat_new_cve
map_cve_d2 map_cve_openvas stat_vfeed_kpi
sqlite> select * from map_cve_nessus limit 5;
nessus_script_id|nessus_script_file|nessus_script_name|nessus_script_family|cveid
44890|gentoo_GLSA-201001-01.nasl|GLSA-201001-01 : NTP: Denial of Service|Gentoo Local Security Checks|CVE-2009-3563
62747|seamonkey_2132.nasl|SeaMonkey < 2.13.2 Multiple Vulnerabilities|Windows|CVE-2012-4194
62747|seamonkey_2132.nasl|SeaMonkey < 2.13.2 Multiple Vulnerabilities|Windows|CVE-2012-4195
62747|seamonkey_2132.nasl|SeaMonkey < 2.13.2 Multiple Vulnerabilities|Windows|CVE-2012-4196
17713|php_5_1_5.nasl|PHP 5.1.x < 5.1.5 Multiple Vulnerabilities|CGI abuses|CVE-2006-1017 |
sqlite3 vfeed.db
SQLite version 3.14.1 2016-08-11 18:53:32
Enter ".help" for usage hints.
sqlite> .tables
capec_db map_cve_debian map_cve_osvdb
capec_mit map_cve_exploitdb map_cve_oval
cve_cpe map_cve_fedora map_cve_redhat
cve_cwe map_cve_gentoo map_cve_saint
cve_reference map_cve_hp map_cve_scip
cwe_capec map_cve_iavm map_cve_snort
cwe_category map_cve_mandriva map_cve_suricata
cwe_db map_cve_milw0rm map_cve_suse
cwe_wasc map_cve_ms map_cve_ubuntu
map_cve_aixapar map_cve_msf map_cve_vmware
map_cve_bid map_cve_mskb map_redhat_bugzilla
map_cve_certvn map_cve_nessus nvd_db
map_cve_cisco map_cve_nmap stat_new_cve
map_cve_d2 map_cve_openvas stat_vfeed_kpi
sqlite> select * from map_cve_nessus limit 5;
nessus_script_id|nessus_script_file|nessus_script_name|nessus_script_family|cveid
44890|gentoo_GLSA-201001-01.nasl|GLSA-201001-01 : NTP: Denial of Service|Gentoo Local Security Checks|CVE-2009-3563
62747|seamonkey_2132.nasl|SeaMonkey < 2.13.2 Multiple Vulnerabilities|Windows|CVE-2012-4194
62747|seamonkey_2132.nasl|SeaMonkey < 2.13.2 Multiple Vulnerabilities|Windows|CVE-2012-4195
62747|seamonkey_2132.nasl|SeaMonkey < 2.13.2 Multiple Vulnerabilities|Windows|CVE-2012-4196
17713|php_5_1_5.nasl|PHP 5.1.x < 5.1.5 Multiple Vulnerabilities|CGI abuses|CVE-2006-1017
