I used to work for a wonderful company called X-Force Red. It’s a cybersecurity firm that has some of the world’s most talented hackers, and I count myself as supremely lucky to have had the privilege to work there. I spent a lot of time with the Vulnerability Management consultants, and their toys were really top notch. Advanced APIs, daemons, and cron jobs, and data science stuff that I couldn’t begin to tell you about.

The thing is, now that I’m seperated from the company, I can see the value of vulnerability data like that, but I don’t have any of those fancy toys.

At some point, I’d like to create my own little local cyber-armory that has both offensive and defensive toys. I used to have one, but my scripts relied heavily on a website called cvetrends.com that died when X killed the Twitter API. One of the key values for the vulnerability scraper was the CVE, or Common Vulnerabilities and Exposures, identifier.

So if you too want a local vulnerability search engine so that you can look at various vulnerabilities, even if the mitre website is down, you’ve come to the right place.

Step 1: Download all the mitre data:

Open your terminal and git clone all the cve data:

cd ~
mkdir Tools
cd Tools/
git clone https://github.com/CVEProject/cvelistV5.git

Step 2: Use Ripgrep to look for key words:

rg "SMBv1 server" ~/Tools/cvelistv5/

Step 3: Use the same command I used in the fzf article to find data for specific vulns:

alias cve='results=$(find ~/Tools/cvelistv5/ -type f | fzf --preview "bat --color=always {}") && bat "$results"'

Step 4: Update your database every once in a while:

cd ~/Tools/cvelistv5/ && git pull

Step 5: When you are feeling lazy, just open a cron tab and tell it to git put for you.

first, creat the git-pull.sh script

vim ~/.local/bin/git-pull.sh

# Then input the following in that file:
cd /home/user/Tools/cvelistv5
git pull

Second, open the crontab file and tell it to launch the script.

crontab -e
# Insert this line in the crontab file:

0 3 * * * /home/user/.local/bin/git-pull.sh

Summary:

Now you should be good to go and research those cve’s to your heart’s content. No need to make API calls, everything is in json, and you can use the data for whatever. Now I gotta figure out how to download the CISA KEV data…

Changelog:

LOL, so apparently, the CISA KEV data is already a part of the dataset that I downloaded. If you run the ripgrep command with the search term “CISA KEV” it will tell you every vulnerability that was added to the CISA KEV list.

Why is that important?

Those vulns are ones being actively exploited. It also means they might have some juicy exploits out there on github that are ripe for deletion (because github frowns on that kind of thing).

Step 1: Download all the mitre data:#

Step 2: Use Ripgrep to look for key words:#

Step 3: Use the same command I used in the fzf article to find data for specific vulns:#

Step 4: Update your database every once in a while:#

Step 5: When you are feeling lazy, just open a cron tab and tell it to git put for you.#

first, creat the git-pull.sh script#

Second, open the crontab file and tell it to launch the script.#

Summary:#

Changelog:#

Why is that important?#