How to build a CVEDetails alternative website?

Step 1. Clone and setup follow the guide on CVEDataFeed repository
> git clone https://github.com/cuongmx/CVEDataFeed.git
Step 2. Create a mongodb, use something like mlab or MongoDB Atlas
Step 3. Setup environments and run command to import database from NVD
> python3 cvedatafeed.py importonline
Step 4. Build a frontend to browser all collection from the MongoDB (like https://cvedata.com)
The dashboard on CVEData.com

0. A story

No update from Nov 2019 on CVEDetails
Google just show some popular sites which not like CVEDetails
No answer on reddit
No hope
Very impulsive :-s
NVD data source from Serkan Özkan’s slide on Blackhat 2012
CPE name from NVD

1. NVD Datasource

NVD update every 2 hours
Json data and keep update

2. CPE Name

CPE
cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:* is used to define the Linux Kernel product, version 2.4.7 by Linux vendor, type is Operating system. CPE:2.3 is version of CVE.

3. Some others

The comparison result, more details in github
#testFilter("exec code",[r"(code|command).*(execution|execute)", r"(execution|execute).*(code|command)"])
#out: 10552/10552
#testFilter("dos",[r"denial of service"])
#out: 8260/8260
#testFilter("overflow",[r"overflow", r"(restrict|crash|invalid|violat|corrupt).*(buffer|stack|heap|memory)", r"(buffer|stack|heap|memory).*(restrict|crash|invalid|violat|corrupt)"])
#out: 5242/5814
#testFilter("priv",[r"(gain|escalat).*privil", r"privil.*(gain|escalat)"])
#out: 1910/1910
privilegesRequired, userInteraction and scope are missing field of CVSS2

4. CVEData architect

CVEData Architect

5. Next step

--

--

--

I'm a developer working in cyber security. My regularly IDE is MS Word.

Love podcasts or audiobooks? Learn on the go with our new app.

Complete end-to-end Terraform Pipeline!

Addnodes — a Linux Story

Developing Unity Plugins 101 (Part 1 — Android Basics)

Unlimited free IDP on Windows Server Core — How to install Aerobase SSO & MFA with PowerShell

Products I’m Rooting For — 2

Making debugger in Golang (part III)

SWP TOKEN AND IT'S FEATURES

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
cuongmx

cuongmx

I'm a developer working in cyber security. My regularly IDE is MS Word.

More from Medium

Security.txt: publishing a security policy for your websites

ENS (Ethereum Name Service) Research Revealed Cool Results

Calendar ListView in HarmonyOS

SA lab mixed architecture, biology and 3D printing to create GYROID house