cve-search - a free software to collect, search and analyse common vulnerabilities and exposures in software Freedom #0 in action

Similar documents
PyMISP - (ab)using MISP API with PyMISP MISP - Malware Information Sharing Platform & Threat Sharing

Bentley Map V8i (SELECTseries 3)

Extending MISP with Python modules MISP - Malware Information Sharing Platform & Threat Sharing

Innovation. The Push and Pull at ESRI. September Kevin Daugherty Cadastral/Land Records Industry Solutions Manager

Extending MISP with Python modules MISP - Malware Information Sharing Platform & Threat Sharing

Web GIS Deployment for Administrators. Vanessa Ramirez Solution Engineer, Natural Resources, Esri

Information Sharing and Taxonomies Practical Classification of Threat Indicators using MISP

Forecasting (LO-PR) HELP.LOPR. Release 4.6C

Introduction to ArcGIS Server Development

Information Sharing and Taxonomies Practical Classification of Threat Indicators using MISP

ArcGIS. for Server. Understanding our World

Technical Trends in Geo Information

Course Announcements. Bacon is due next Monday. Next lab is about drawing UIs. Today s lecture will help thinking about your DB interface.

Information System as a Tool for Marine Spatial Planning The SmartSea Vision and a Prototype

Telecommunication Services Engineering (TSE) Lab. Chapter IX Presence Applications and Services.

THE SPATIAL DATA SERVER BASED ON OPEN GIS STANDARDS IN HETEROGENEOUS DISTRIBUTED ENVIRONMENT

R E A D : E S S E N T I A L S C R U M : A P R A C T I C A L G U I D E T O T H E M O S T P O P U L A R A G I L E P R O C E S S. C H.

Leveraging Web GIS: An Introduction to the ArcGIS portal

Information Sharing and Taxonomies Practical Classification of Threat Indicators using MISP

Animating Maps: Visual Analytics meets Geoweb 2.0

Patrol: Revealing Zero-day Attack Paths through Network-wide System Object Dependencies

Discovery and Access of Geospatial Resources using the Geoportal Extension. Marten Hogeweg Geoportal Extension Product Manager

MapOSMatic, free city maps for everyone!

T H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T W O R K

Road Surface Condition Analysis from Web Camera Images and Weather data. Torgeir Vaa (SVV), Terje Moen (SINTEF), Junyong You (CMR), Jeremy Cook (CMR)

Lesser Sunda - Banda Seascape Atlas

CalWeedMapper. Mapping the Spread of Invasive Plant Species. Karsten Vennemann. Seattle

Overview of Geospatial Open Source Software which is Robust, Feature Rich and Standards Compliant

MISP Training: Galaxies

Information Security Theory vs. Reality

new interface and features

Imagery and the Location-enabled Platform in State and Local Government

Enabling ENVI. ArcGIS for Server

What s New. August 2013

GIS and the Other Enterprise Database

ST-Links. SpatialKit. Version 3.0.x. For ArcMap. ArcMap Extension for Directly Connecting to Spatial Databases. ST-Links Corporation.

ANDREW MCMILLAN 888 West 18 th Avenue Vancouver, BC V5Z 1W3 Tel. (604) OBJECTIVE SUMMARY

A Comparison Between MongoDB and MySQL Document Store Considering Performance

Basics HTTP. requests. Ryan E. Freckleton. PySprings. May 24, 2016

WEB-BASED SPATIAL DECISION SUPPORT: TECHNICAL FOUNDATIONS AND APPLICATIONS

Troubleshooting Replication and Geodata Services. Liz Parrish & Ben Lin

Corporate. Information. Railway Infrastructure Administrator. Year indracompany.com

Deep-dive into PyMISP MISP - Malware Information Sharing Platform & Threat Sharing

A Summary of State DOT GIS Activities. Presented at the 2004 AASHTO GIS-T Symposium Rapid City, SD

DYNAMIC PORTRAYAL AND DIRECT LOCATION METHOD FOR

Aviation Weather Routing Tool: A Decision Aid for Manned/Unmanned Aircraft Routing

Overview. Everywhere. Over everything.

One platform for desktop, web and mobile

PP - Work Centers HELP.PPBDWKC. Release 4.6C

Introduction to Portal for ArcGIS. Hao LEE November 12, 2015

G EOSPAT I A L ERDAS IMAGINE. The world s most widely-used software package for creating information from geospatial data

Enterprise Linear Referencing at the NYS Department of Transportation

Technical Specifications. Form of the standard

Visualizing Big Data on Maps: Emerging Tools and Techniques. Ilir Bejleri, Sanjay Ranka

A Prototype of a Web Mapping System Architecture for the Arctic Region

Karsten Vennemann, Seattle. QGIS Workshop CUGOS Spring Fling 2015

IBM System Storage N series function authorizations for IBM System Storage N3220 and N3240

The World Bank and the Open Geospatial Web. Chris Holmes

Comprehensive Chemoinformatics since Web-based, client/server, and toolkit approaches. Native Oracle (cartridge) and Microsoft technology.

T H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T WO R K

Among various open-source GIS programs, QGIS can be the best suitable option which can be used across partners for reasons outlined below.

The File Geodatabase API. Craig Gillgrass Lance Shipman

IMS4 ARWIS. Airport Runway Weather Information System. Real-time data, forecasts and early warnings

Portal for ArcGIS: An Introduction. Catherine Hynes and Derek Law

Databases through Python-Flask and MariaDB

YYT-C3002 Application Programming in Engineering GIS I. Anas Altartouri Otaniemi

Smart Data Collection and Real-time Digital Cartography

Introduction to Portal for ArcGIS

Basic Data Analysis. Stephen Turnbull Business Administration and Public Policy Lecture 9: June 6, Abstract. Regression and R.

The Danish enterprise approach to create and publish nautical products.covering the waters along the west coast of Greenland

Leveraging the GIS Capability within FlexiCadastre

Utilizing Data from American FactFinder with TIGER/Line Shapefiles in ArcGIS

Bayes Nets III: Inference

Incorporating ArcGIS Pro in your Curriculum

Yes, the Library will be accessible via the new PULSE and the existing desktop version of PULSE.

Ákos Tarcsay CHEMAXON SOLUTIONS

Week 01 Lecture Notes Antelope Valley College Geography 205

Data Aggregation with InfraWorks and ArcGIS for Visualization, Analysis, and Planning

Boolean and Vector Space Retrieval Models

The Danish enterprise approach to create and publish nautical products.covering the waters along the west coast of Greenland

FIRE DEPARMENT SANTA CLARA COUNTY

Point data in mashups: moving away from pushpins in maps

Paths Toward CAD and GIS Interoperability

Development of an Opensource Web Based GIS for Geocollaboration in Geothermal Resources Management

Geodatabase Replication for Utilities Tom DeWitte Solution Architect ESRI Utilities Team

WEB MAP SERVICE (WMS) FOR GEOLOGICAL DATA GEORGE TUDOR

PI SERVER 2012 Do. More. Faster. Now! Copyr i g h t 2012 O S Is o f t, L L C. 1

Features and Benefits

GPS Mapping with Esri s Collector App. What We ll Cover

A Service Architecture for Processing Big Earth Data in the Cloud with Geospatial Analytics and Machine Learning

Geoprovisioning delivers geodata and its analysis for specific areas on request.

Solving Polynomial Systems in the Cloud with Polynomial Homotopy Continuation

MISP Galaxy. Threat Sharing. Team CIRCL. MISP CIRCL

GLAS Grond-laag Laser Adaptieve optiek Systeem Ground-layer Laser Adaptive optics System A Rayleigh laser beacon for NAOMI

Digital Tax Maps Westport Island Project Summary

HASSET A probability event tree tool to evaluate future eruptive scenarios using Bayesian Inference. Presented as a plugin for QGIS.

MapOSMatic: city maps for the masses

egeo.ch WebGIS an Internet GIS framework for the Swiss federal administrations based on CartoWeb, Mapserver and PostGIS

Geodatabase An Introduction

Science Analysis Tools Design

Transcription:

cve-search - a free software to collect, search and analyse common vulnerabilities and exposures in software Freedom #0 in action Alexandre Dulaunoy alexandre.dulaunoy@circl.lu 20th December 2013

What we were looking for? Local search of common vulnerabilities and exposures ( avoid searching NIST/US for your current vulnerable software...). Fast-lookup of vulnerabilities (e.g. live evaluation of network traffic for vulnerable software). Allow localized classification of vulnerabilities (e.g. classify software following your exposure). Flexible data structure (e.g. NIST/NVD is not the only source). Allowing the use of Unix-like tools to process the vulnerabilities. 2 of 19

History of cve-search 3 of 19

A functional overview of cve-search (populating database(s) db mgmt.py fetch NVD/CVE from NIST db updater.py index n last new CVE db fulltext.py Whoosh index db mgmt cpe dictionnary.py fetch CPE from NIST MongoDB cve cpe ranking info db dump.py 4 of 19

A functional overview of cve-search (tools) MongoDB cve cpe ranking info Whoosh index search fulltext.py search.py dump last.py search xmpp.py 5 of 19

cve-search starting up... Import and update of the CVE/NVD and CPE database: 1 % python3. 3 d b u p d a t e r. py v i Search CVE of a specific vendor (via CPE): 1 % python3. 3 s e a r c h. py p joomla : 2... 3 CVE 2012 5827 4 CVE 2012 6503 5 CVE 2012 6514 6 CVE 2013 1453 7 CVE 2013 1454 8 CVE 2013 1455 6 of 19

cve-search simple query and JSON output 1 s e a r c h. py c CVE 2013 1455 n 2 { M o d i f i e d : 2013 02 13T13 : 0 1 : 4 5. 3 5 3 0 5 : 0 0, P u b l i s h e d : 2013 02 12T20 : 5 5 : 0 5. 3 8 7 0 5 : 0 0, i d : { $ o i d : 514 cce0db26102134fa3f211 }, c v s s : 5. 0, i d : CVE 2013 1455, r e f e r e n c e s : [ h t t p : / / x f o r c e. i s s. net / x f o r c e / xfdb /81926, h t t p : / / d e v e l o p e r. joomla. org / s e c u r i t y / news /549 20130202 core i n f o r m a t i o n d i s c l o s u r e. html ], summary : Joomla! 3. 0. x through 3. 0. 2 a l l o w s a t t a c k e r s to o b t a i n s e n s i t i v e i n f o r m a t i o n v i a u n s p e c i f i e d v e c t o r s r e l a t e d to an \ U ndefined v a r i a b l e. \, v u l n e r a b l e c o n f i g u r a t i o n : [ Joomla! 3. 0. 0, Joomla! 3. 0. 1 ] } Without CPE name lookup: 1 v u l n e r a b l e c o n f i g u r a t i o n : [ cpe : / a : joomla : joomla % 2 1 : 3. 0. 0, cpe : / a : joomla : joomla % 2 1 : 3. 0. 1 ] } 7 of 19

CPE - an overview 1 cpe : / { p a r t } : { vendor } : { p r o d u c t } : { v e r s i o n } : { update } : { e d i t i o n } : { l a n g u a g e } part o a h name Operating System Application Hardware An empty part defines any element. CPE are updated at a regular interval by NIST but it happens that CPE dictionnary are updated afterwards. 8 of 19

Which are the top vendors using the word unknown? 1 s e a r c h f u l l t e x t. py q unknown f j q r.. v u l n e r a b l e c o n f i g u r a t i o n [ 0 ] cut f 3 d : s o r t u n i q c s o r t nr head 10 9 of 19 Count CPE vendor name 1145 oracle 367 sun 327 hp 208 google 192 ibm 113 mozilla 102 microsoft 98 adobe 76 apple 68 linux

Which are the top products using the word unknown? 1 s e a r c h f u l l t e x t. py q unknown f j q r.. v u l n e r a b l e c o n f i g u r a t i o n [ 0 ] cut f3, 4 d : s o r t u n i q c s o r t nr head 10 10 of 19 Count CPE vendor/product name 191 oracle:database server 189 google:chrome 115 oracle:e-business suite 111 sun:jre 101 mozilla:firefox 99 oracle:fusion middleware 95 oracle:application server 80 sun:solaris 68 linux:linux kernel 61 sun:sunos

oracle:java versus sun:jre 1 s e a r c h. py p o r a c l e : j a v a o j s o n j q r. cvss R s c r i p t e summary ( as. numeric ( read. t a b l e ( f i l e ( s t d i n ) ) [, 1 ] ) ) 2 3 Min. 1 s t Qu. Median Mean 3 rd Qu. Max. 4 1. 8 0 7. 6 0 10.00 8. 4 5 10.00 10.00 5 6 s e a r c h. py p sun : j r e o j s o n j q r. c v ss R s c r i p t e summary ( as. numeric ( read. t a b l e ( f i l e ( s t d i n ) ) [, 1 ] ) ) 7 8 Min. 1 s t Qu. Median Mean 3 rd Qu. Max. 9 0.000 5.000 7.500 7.376 10.000 10.000 11 of 19

Ranking of vulnerabilities 1 d b r a n k i n g. py c sap : g a c c o u n t i n g r 3 2 s e a r c h. py c CVE 2012 4341 o j s o n r 3... c v s s : 1 0. 0, i d : CVE 2012 4341, r a n k i n g : [ [ { a c c o u n t i n g : 3 } ] ]... Ranking is simple and flexible. If you are a CSIRT, you can use your own tagging to weight the critical software/vendor in your constituency. 12 of 19

Ranking helping for internal publishing of vulnerabilities dump last.py can be used to generate an overview of the current/recent vulnerabilities in your organization. You can limit the result to the ranked software to avoid non-related software vulnerabilities. 1 d u m p l a s t. py r l 100 f html 2 d u m p l a s t. py r l 100 f atom 13 of 19

search fulltext.py -g -s 14 of 19

Freedom #0 FSF Style: The freedom to run the program, for any purpose (freedom 0). Debian Style: No Discrimination Against Fields of Endeavor 15 of 19

Can cve-search be used by bad guys? If you know that system is vulnerable, you have two options: If you are a good guy, you inform the system owner to fix the vulnerability. If you are a bad guy, you abuse your position and compromise the vulnerable system. cve-search could help both guys. 16 of 19

Where and how to infect random systems? TorInj research project http://www.foo.be/torinj/ 17 of 19

TorInj research project and cve-search In the initial version of TorInj, the vulnerabilities of the web browsers per client was evaluated offline. We were missing a tool to quickly lookup vulnerability per client and find an appropriate automatic exploitation. Next version of TorInj is relying on cve-search to do real-time vulnerability lookup, queue and try automatic exploitation. The objective of the research is show to the importance of using end-to-end authenticated encrypted communication with Tor and only with up-to-date software. 18 of 19

Freedom #0 is important. Free software developed for an initial purpose (from defensive to offensive) can be redirected to a new one. Looking for open data source of software vulnerabilities to integrate in cve-search. Dataset of cve-search can be requested with localized ranking (e.g. per country/region). Fork it, abuse it and then send pull request http://www.github.com/adulau/cve-search. 19 of 19

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback