Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update stuff #47

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Update stuff #47

wants to merge 4 commits into from

Conversation

eoksum
Copy link

@eoksum eoksum commented Mar 9, 2022

Update CVE and ExploitDB databases,
Update README.

@marcruef marcruef self-assigned this Mar 11, 2022
marcruef
marcruef reviewed Mar 11, 2022
View reviewed changes
README.md
@@ -35,7 +35,7 @@ There are the following pre-installed databases available at the moment:
* cve.csv - https://cve.mitre.org
* securityfocus.csv - https://www.securityfocus.com/bid/
* xforce.csv - https://exchange.xforce.ibmcloud.com/
* expliotdb.csv - https://www.exploit-db.com
* exploitdb.csv - https://www.exploit-db.com
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing this!

marcruef
marcruef requested changes Mar 11, 2022
View reviewed changes
Copy link
Member

@marcruef marcruef left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixing the typo is great, thanks.

But we do not accept external db updates. They are generated with a tool that implements pre-filtering to optimize performance of scanning. Thank you for your understanding.

marcruef
marcruef reviewed Mar 11, 2022
View reviewed changes
README.md
@@ -70,7 +72,8 @@ If you want to update your databases, go to the following web site and download
Copy the files into your vulscan folder:

/vulscan/

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This part needs to remain as we will resume regular updates in the future.

@eoksum
Copy link
Author

eoksum commented Mar 11, 2022

Thanks, but I would recommend updating them yourself then as they are very very obsolete.
I created seperate tool in Python to automatically obtain vulnerablities from ExploitDB and CVE, convert them to vulscan's format and puts them in files. If you want, I can also share that tool.

@perlland
Copy link

Please share the tool

@eoksum
Copy link
Author

eoksum commented Jun 25, 2022

Please share the tool

Sure. Check these out:
https://pastebin.com/ADn4hi5a
https://pastebin.com/c5uEvCNB

@ocervell
Copy link

Using the ./update.sh script, the latest CVEs I get are from 2013 ... This makes vulscan super obsolete. I agree it's time to download the CSVs directly from their source using the corresponding APIs.

Any updates here ?

@yuunnn
Copy link

yuunnn commented May 17, 2023

Please share the tool

Sure. Check these out: https://pastebin.com/ADn4hi5a https://pastebin.com/c5uEvCNB

Hi, the Python code for accessing the CVE database works fine, but the code for ExploitDB seems to be down. Can you please provide it again? Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcruef marcruef marcruef requested changes

Assignees

@marcruef marcruef

Labels
None yet
Milestone
No milestone
5 participants
@eoksum @perlland @ocervell @yuunnn @marcruef