vulnerability-lookup

vulnerability-lookup is a rewrite of cve-search to support fast vulnerability lookup correlation from different sources, independent vulnerability ID and easily manage coordinated vulnerability disclosure (CVD).

Online vulnerability-lookup available at https://vulnerability.circl.lu.

Features

Sources and Feeders

Requirements

Installation

Install documentation is available in INSTALL.md.

Import CSAF sources

  1. Build the support tools.
  2. Make sure the downloader exists:
$ (git::main) ./bin-linux-amd64/csaf_downloader -h
Usage:
  csaf_downloader [OPTIONS] domain...

Application Options:
  -d, --directory=DIR                             DIRectory to store the downloaded files in
      --insecure                                  Do not check TLS certificates from provider
      --ignore_sigcheck                           Ignore signature check results, just warn on mismatch
      --client_cert=CERT-FILE                     TLS client certificate file (PEM encoded data)
      --client_key=KEY-FILE                       TLS client private key file (PEM encoded data)
      --client_passphrase=PASSPHRASE              Optional passphrase for the client cert (limited, experimental, see doc)
      --version                                   Display version of the binary
  -n, --no_store                                  Do not store files
  -r, --rate=                                     The average upper limit of https operations per second (defaults to unlimited)
  -w, --worker=NUM                                NUMber of concurrent downloads (default: 2)
  -t, --time_range=RANGE                          RANGE of time from which advisories to download
  -f, --folder=FOLDER                             Download into a given subFOLDER
  -i, --ignore_pattern=PATTERN                    Do not download files if their URLs match any of the given PATTERNs
  -H, --header=                                   One or more extra HTTP header fields
      --validator=URL                             URL to validate documents remotely
      --validator_cache=FILE                      FILE to cache remote validations
      --validator_preset=PRESETS                  One or more PRESETS to validate remotely (default: [mandatory])
  -m, --validation_mode=MODE[strict|unsafe]       MODE how strict the validation is (default: strict)
      --forward_url=URL                           URL of HTTP endpoint to forward downloads to
      --forward_header=                           One or more extra HTTP header fields used by forwarding
      --forward_queue=LENGTH                      Maximal queue LENGTH before forwarder (default: 5)
      --forward_insecure                          Do not check TLS certificates from forward endpoint
      --log_file=FILE                             FILE to log downloading to (default: downloader.log)
      --log_level=LEVEL[debug|info|warn|error]    LEVEL of logging details (default: info)
  -c, --config=TOML-FILE                          Path to config TOML file

Help Options:
  -h, --help                                      Show this help message
  1. Add the full path to the downloader in config/generic.json key csaf_downloader_path

License

vulnerability-lookup is free software released under the “GNU Affero General Public License v3.0”.

Copyright (c) 2023-2024 Computer Incident Response Center Luxembourg (CIRCL)
Copyright (c) 2023-2024 Alexandre Dulaunoy - https://github.com/adulau/
Copyright (c) 2023-2024 Raphael Vinot - https://github.com/Rafiot/
This site is open source. Improve this page.