Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Please add Vulners as a source #12

Open
jvoisin opened this issue Jul 13, 2017 · 5 comments
Open

Please add Vulners as a source #12

jvoisin opened this issue Jul 13, 2017 · 5 comments

Comments

@jvoisin
Copy link

jvoisin commented Jul 13, 2017

As mentionned in this issue, it would be nice to integrate Vulners as a source.

@PidgeyL
Copy link
Member

PidgeyL commented Jul 13, 2017

do you have a link to a file we can parse to get this info?

@jvoisin
Copy link
Author

jvoisin commented Jul 13, 2017

Sure, as stated by @vulnersCom:

Yes, it is available for download.
Feel free to bundle it.
All dataset is separated by "types".
You can download whole dataset of the "type" in JSON using this call:

https://vulners.com/api/v3/archive/collection/?type=cve
https://vulners.com/api/v3/archive/collection/?type=exploitdb
https://vulners.com/api/v3/archive/collection/?type=centos

And so on. Check possible "type" values by this call:
https://vulners.com/api/v3/search/suggest/?fieldName=type&type=distinct

To make a good linkage to CVE check "cvelist" key. It holds link to the CVE for each element.
For better correlation you may integrate this online calls:

Search all data for CVE:
https://vulners.com/api/v3/search/lucene?query=cvelist:CVE-2014-0160
Abstract vulnerability search:
https://vulners.com/api/v3/search/lucene?query=Your_cool_query
Data for element + dynamic references search:
https://vulners.com/api/v3/search/id/?id=CVE-2014-0160&references=True

P.S.
Search query syntax and examples are here:
https://vulners.com/help

@adulau
Copy link
Member

adulau commented Jul 13, 2017

@jvoisin thanks for the reminder ;-)

@vulnersCom
Copy link

One more reminder?))

@CriimBow
Copy link
Contributor

I also think it would be beneficial to integrate Vulners into VIA4CVE.
But, in my opinion, we should not import directly Vulners but import vulners by "type" like it is already done with Metasploit.
This way, if one day Vulners is KO, we can resume module by module and even if the workload remains high, the tasks will already be divided by sources.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants