cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs.
The main objective of the software is to avoid doing direct and public lookup into the public CVE databases. This is usually faster to do local lookups and limits your sensitive queries via the Internet.
cve-search includes a back-end to store vulnerabilities and related information, an intuitive web interface for search and managing vulnerabilities, a series of tools to query the system and a web API interface.
cve-search is used by many organizations including the public CVE services of CIRCL.
Requirements
- Python3.3 or later
- MongoDB 2.2 or later
- redis server
- Pip3
- PyMongo
- Flask
- Flask-PyMongo
- Flask-Login
- Tornado
- Whoosh
- Redis
- Python-dateutil
- passlib
- feedformater (for RSS and Atom dump_last) http://code.google.com/p/feedformatter/
- Whoosh http://packages.python.org/Whoosh/ (If you’re planning to use the Full-text indexer)
- irc
- sleekxmpp
- Werkzeug
- Jinja2
- itsdangerous
- click
The requirements can be installed with pip:
sudo pip3 install -r requirements.txt
Leave a Reply