CVE-Scanner-Tool
这个工具用于从给定的 CPE(通用平台枚举)中检索并排序相关的 CVE(通用漏洞披露)信息。它通过调用 NVD(国家漏洞数据库)的 REST API(API 已更新到 2.0 版本)来获取数据,并根据 CVSS 分数对 CVE 进行排序。
搜索速率:公共利率限制(没有API密钥)是30秒中5个请求; API键的速率限制是30秒中50个请求。
功能
- 从指定的 CPE 中检索 CVE 数据。
- 根据 CVSS 分数对 CVE 进行排序。
- 显示每个 CVE 的 ID、CVSS 分数和严重性等级。
使用方法
-
克隆仓库:
git clone https://github.com/your-username/CVE-Scanner-Tool.git cd CVE-Scanner-Tool -
安装依赖:
pip install requests -
运行脚本:
python cve_scanner.py -c <CPE>其中
<CPE>是你要查询的 CPE 名称。
示例
python cve_scanner.py -c cpe:2.3:a:apache:http_server:2.4.41
输出示例
[1] ID: CVE-2021-44228, Score: 9.8, Severity: CRITICAL
[2] ID: CVE-2021-41773, Score: 7.5, Severity: HIGH
[3] ID: CVE-2021-40438, Score: 6.5, Severity: MEDIUM
CVE Scanner Tool
This tool is used to retrieve and sort related CVEs (Common Vulnerabilities and Exposures) from a given CPE (Common Platform Enumeration). It fetches data by calling the NVD (National Vulnerability Database) REST API (API has been updated to version 2.0) and sorts the CVEs based on their CVSS scores.
NIST firewall rules put in place to prevent denial of service attacks can thwart your application if it exceeds a predetermined rate limit. The public rate limit (without an API key) is 5 requests in a rolling 30 second window; the rate limit with an API key is 50 requests in a rolling 30 second window.
Features
- Retrieve CVE data from a specified CPE.
- Sort CVEs based on their CVSS scores.
- Display the ID, CVSS score, and severity level of each CVE.
Usage
-
Clone the repository:
git clone https://github.com/your-username/CVE-Scanner-Tool.git cd CVE-Scanner-Tool -
Install dependencies:
pip install requests -
Run the script:
python cve_scanner.py -c <CPE>where
<CPE>is the CPE name you want to query.
Example
python cve_scanner.py -c cpe:2.3:a:apache:http_server:2.4.41
Sample Output
[1] ID: CVE-2021-44228, Score: 9.8, Severity: CRITICAL
[2] ID: CVE-2021-41773, Score: 7.5, Severity: HIGH
[3] ID: CVE-2021-40438, Score: 6.5, Severity: MEDIUM