Simple REST-style web service for the CVE searching.
You must have running ruby, git, mongodb and nginx in your local machine.
curl --ssl -s https://raw.githubusercontent.com/SpiderLabs/cve_server/master/scripts/install.sh | bash -
-
Search for an specific CVE using its ID
-
Search for several CVEs
-
Search for CVEs related to a CPE without versions
-
List all the available CPEs with versions
-
Search for CVEs related to a CPE with versions
- http://localhost:port/v1/cpe_with_version/samba:samba:4.0.0
- http://localhost:port/v1/cpe_with_version/samba:samba:4.0.0,apache:http_server:2.4.4
- Don't forget to encode the URI if that has special characters, example:
- URI::encode('/v1/cpe_with_version/cisco:ios:15.4%282%29t1')
-
List all the available CPEs with versions
- Clone our repository.
git clone https://github.com/SpiderLabs/cve_server.git
- Install the ruby dependencies.
bundle install
- Configure your database.
vi config/database.yml
- Download, create and populate the database for your environment from the National Vulnerability Database via the NVD CVE/CPE API.
Note: The new API service is JSON only.
NVD API URL.
RACK_ENV=development ./bin/nvd_download_and_seed
** The download may take hours to complete **
- Start the server.
RACK_ENV=development puma
CVEServer is released under the MIT License