cve_server
cve_server copied to clipboard
Simple REST-style web service for the CVE searching
CVEServer
Simple REST-style web service for the CVE searching.
Requirements
Getting Started
Install the CVE Server
You must have running ruby, git, mongodb and nginx in your local machine.
curl --ssl -s https://raw.githubusercontent.com/SpiderLabs/cve_server/master/scripts/install.sh | bash -
Using the API
-
Search for an specific CVE using its ID
- http://localhost:port/v1/cve/CVE-2015-3900
-
Search for several CVEs
- http://localhost:port/v1/cves/CVE-2019-14407,CVE-2018-18656
-
Search for CVEs related to a CPE without versions
-
http://localhost:port/v1/cpe/apache:spark
-
http://localhost:port/v1/cpe/apache:spark,apache:http_server
-
-
List all the available CPEs with versions
- http://localhost:port/v1/cpe
-
Search for CVEs related to a CPE with versions
- http://localhost:port/v1/cpe_with_version/samba:samba:4.0.0
- http://localhost:port/v1/cpe_with_version/samba:samba:4.0.0,apache:http_server:2.4.4
- Don't forget to encode the URI if that has special characters, example:
- URI::encode('/v1/cpe_with_version/cisco:ios:15.4%282%29t1')
-
List all the available CPEs with versions
- http://localhost:port/v1/cpe_with_versions
Additional Information
Other installation method
- Clone our repository.
git clone https://github.com/SpiderLabs/cve_server.git
- Install the ruby dependencies.
bundle install
- Configure your database.
vi config/database.yml
- Download, create and populate the database for your environment from the National Vulnerability Database via the NVD CVE/CPE API.
Note: The new API service is JSON only.
NVD API URL.
RACK_ENV=development ./bin/nvd_download_and_seed
** The download may take hours to complete **
- Start the server.
RACK_ENV=development puma
License
CVEServer is released under the MIT License