[PYTHON] Obtain vulnerability information using the REST API published by NVD

background

NVD (National Vulnerability Database) is a database of vulnerability information managed by NIST, and NVD is very often taken care of when checking software and hardware vulnerability information.

Although it is such NVD, I was hoping that I could get information on the vulnerabilities of each CVE. I found NVD publishing a REST API in September 2019. https://nvd.nist.gov/General/News/New-NVD-CVE-CPE-API-and-SOAP-Retirement

Since I was able to get the information quite easily, I will publish the program for information sharing.

Execution environment

Rough security terminology

I think that the exact meaning will come out if you google, so here is a rough level.

REST API

If you want to get the information of a certain CVE, execute the following request.

https://services.nvd.nist.gov/rest/json/cve/1.0/<cveId>

If you want to get the information of CVE that matches the conditions, execute the following request. Note that the previous request was "cve", whereas this one is "cves".

https://services.nvd.nist.gov/rest/json/cves/1.0

For example, if you want to get CVE information that matches CPE, you can send the following request. Example: If you want to get CVE information for OpenSSL 1.1.1c

https://services.nvd.nist.gov/rest/json/cves/1.0?cpeMatchString=cpe:2.3:a:openssl:openssl:1.1.1c:*:*:*:*:*:*:*

The response will be returned in JSON format.

Details are below. https://csrc.nist.gov/CSRC/media/Projects/National-Vulnerability-Database/documents/web%20service%20documentation/Automation%20Support%20for%20CVE%20Retrieval.pdf

Get Current Description

If you want to get the current description of the vulnerability described in NVD, access the JSON data of the response as follows.

json_data['result']['CVE_Items'][x]['cve']['description']['description_data'][0]['value'] 

Get CWE

If you want to get CWE, access the JSON data of the response as follows.

json_data['result']['CVE_Items'][x]['cve']['problemtype']['problemtype_data'][0]['description'][0]['value']

Get CVSSv3 information

If you want to get BaseScore, access the JSON data of the response as follows.

json_data['result']['CVE_Items'][x]['impact']['baseMetricV3']['cvssV3']['baseScore']

If you want to get VectorString (example: AV: N/AC: M/Au: N/C: P/I: P/A: P), access the JSON data of the response as follows.

json_data['result']['CVE_Items'][x]['impact']['baseMetricV3']['cvssV3']['vectorString']

Get CVSSv2 information

If you want to get BaseScore, access the JSON data of the response as follows.

json_data['result']['CVE_Items'][x]['impact']['baseMetricV2']['cvssV2']['baseScore']

If you want to get VectorString, access the JSON data of the response as follows.

json_data['result']['CVE_Items'][x]['impact']['baseMetricV2']['cvssV2']['vectorString']

Get CVE information that meets CPE requirements

Based on the above, we implemented a program that acquires and outputs CVE information that matches the CPE.

get_software_vuln.py


#!/usr/bin/env python
import requests
import json
import argparse
import textwrap


def main():
    #Command line argument Parse
    parser = argparse.ArgumentParser()
    parser.add_argument('cpe_name', help='CPE Name')
    args = parser.parse_args()

    #Obtain vulnerability information corresponding to CPE from NVD in JSON format
    cpe_name = args.cpe_name
    api = 'https://services.nvd.nist.gov/rest/json/cves/1.0?cpeMatchString={cpe_name}'
    uri = api.format(cpe_name=cpe_name)
    response = requests.get(uri)
    json_data = json.loads(response.text)

    vulnerabilities = json_data['result']['CVE_Items']
    for vuln in vulnerabilities:
        cve_id = vuln['cve']['CVE_data_meta']['ID']  # CVE-Get ID
        current_description = vuln['cve']['description']['description_data'][0]['value']  #Get Current Description
        cwe_id = vuln['cve']['problemtype']['problemtype_data'][0]['description'][0]['value']  # CWE-Get ID

        #Get BaseScore and VectorString if you have CVSS v3 information
        if 'baseMetricV3' in vuln['impact']:
            cvssv3_base_score = vuln['impact']['baseMetricV3']['cvssV3']['baseScore']
            cvssv3_vector_string = vuln['impact']['baseMetricV3']['cvssV3']['vectorString']
            
        else:
            cvssv3_base_score = None
            cvssv3_vector_string = None

        #Get BaseScore and VectorString for CVSS v2
        cvssv2_base_score = vuln['impact']['baseMetricV2']['cvssV2']['baseScore']
        cvssv2_vector_string = vuln['impact']['baseMetricV2']['cvssV2']['vectorString']

        #output
        print('---------')
        text = textwrap.dedent('''
        CVE-ID:{cve_id}
        CWE-ID:{cwe_id}
        CVSSv3 BaseScore:{cvssv3_base_score} CVSSv3 VectorString:{cvssv3_vector_string}
        CVSSv2 BaseScore:{cvssv2_base_score} CVSSv2 VectorString: {cvssv2_vector_string}
        Current Description:
        {current_description}
        ''')
        print(text.format(cve_id=cve_id, cwe_id=cwe_id, cvssv3_base_score=cvssv3_base_score, cvssv3_vector_string=cvssv3_vector_string,
                          cvssv2_base_score=cvssv2_base_score, cvssv2_vector_string=cvssv2_vector_string, current_description=current_description))
        print('---------')


main()

You can do it as follows:

python get_software_vulns.py <CPE>

Example: When running for openssl 1.1.1c

python get_software_vulns.py cpe:2.3:a:openssl:openssl:1.1.1c:*:*:*:*:*:*:*

GitHub https://github.com/riikunn1004/NVDAPI The code is available at. for your information.

The following Python program is open to the public. get_software_vuln.py: The above program get_cve_info.py: Program to get the specified CVE information

Summary

I described how to get vulnerability information using REST API. Since the contents described this time are a part, please see the document published by NVD for details. There are various tools for managing vulnerability information, You can also use this REST API to develop your own tools that meet your needs.

Recommended Posts

Obtain vulnerability information using the REST API published by NVD
Try using the Twitter API
Try using the Twitter API
Try using the PeeringDB 2.0 API
Get Salesforce data using REST API
I tried using the checkio API
Try using the Wunderlist API in Python
[Python] Visualize the information acquired by Wireshark
Try using the Kraken API in Python
Tweet using the Twitter API in Python
Create an application using the Spotify API
Play with puns using the COTOHA API
FX data collection using OANDA REST API
Record custom events using the Shotgun API
I tried using the BigQuery Storage API
Create a REST API using the model learned in Lobe and TensorFlow Serving.
Image analysis was easy using the data and API provided by Microsoft COCO.
[Python] Automatically totals the total number of articles posted by Qiita using the API
Ask the bot to tell you the weather (precipitation information) using the weather information API (YOLP) provided by Yahoo ~ slack bot development with python ④ ~