Giter Club home page Giter Club logo

cvemap's Introduction

CVEMap

FeaturesInstallationUsageExampleJoin Discord

Navigate the Common Vulnerabilities and Exposures (CVE) jungle with ease using CVEMAP, a command-line interface (CLI) tool designed to provide a structured and easily navigable interface to various vulnerability databases.

Features

image

  • CVE Dataset Search & Query
  • CVE to EPSS Mapping
  • CVE to KEV Mapping
  • CVE to CPE Mapping
  • CVE to GitHub POCs Mapping
  • CVE to Nuclei Template Mapping
  • CVE to HackerOne report Mapping
  • Customizable Filters on CVE data
  • STDIN Input / JSONL Output

Installation

cvemap requires Go 1.21 to install successfully. To install, just run the below command or download pre-compiled binary from release page.

go install github.com/projectdiscovery/cvemap/cmd/cvemap@latest

Usage

cvemap -h

This will display help for the tool. Here are all the switches it supports.

Usage:
  cvemap [flags]

Flags:
CONFIG:
   -auth  configure projectdiscovery cloud (pdcp) api key (default true)

OPTIONS:
   -id string[]                    cve to list for given id
   -cwe, -cwe-id string[]          cve to list for given cwe id
   -v, -vendor string[]            cve to list for given vendor
   -p, -product string[]           cve to list for given product
   -eproduct string[]              cves to exclude based on products
   -s, -severity string[]          cve to list for given severity
   -cs, -cvss-score string[]       cve to list for given cvss score
   -c, -cpe string                 cve to list for given cpe
   -es, -epss-score string         cve to list for given epss score
   -ep, -epss-percentile string[]  cve to list for given epss percentile
   -age string                     cve to list published by given age in days
   -a, -assignee string[]          cve to list for given publisher assignee
   -vs, -vstatus value             cve to list for given vulnerability status in cli output. supported: new, confirmed, unconfirmed, modified, rejected, unknown

UPDATE:
   -up, -update                 update cvemap to latest version
   -duc, -disable-update-check  disable automatic cvemap update check

FILTER:
   -q, -search string  search in cve data
   -k, -kev            display cves marked as exploitable vulnerabilities by cisa (default true)
   -t, -template       display cves that has public nuclei templates (default true)
   -poc                display cves that has public published poc (default true)
   -h1, -hackerone     display cves reported on hackerone (default true)
   -re, -remote        display remotely exploitable cves (AV:N & PR:N | PR:L) (default true)

OUTPUT:
   -f, -field value         fields to display in cli output. supported: product, vendor, assignee, age, poc, cwe, epss, vstatus, kev, template
   -fe, -exclude value      fields to exclude from cli output. supported: product, vendor, assignee, age, poc, cwe, epss, vstatus, kev, template
   -lsi, -list-id           list only the cve ids in the output
   -l, -limit int           limit the number of results to display (default 50)
   -offset int              offset the results to display
   -j, -json                return output in json format
   -epk, -enable-page-keys  enable page keys to navigate results

DEBUG:
   -version            Version
   -silent             Silent
   -verbose            Verbose
   -debug              Debug
   -hc, -health-check  run diagnostic check up

Configuring CVEMap CLI

CVEMap CLI is built on top of the CVEMap API that requires API Token from ProjectDiscovery Cloud Platform that can be configured using environment variable named PDCP_API_KEY or using interactive -auth option as shown below.

Using environment variable

export PDCP_API_KEY=*************

Using auth option

cvemap -auth


   ______   _____  ____ ___  ____  ____
  / ___/ | / / _ \/ __ \__ \/ __ \/ __ \
 / /__ | |/ /  __/ / / / / / /_/ / /_/ /
 \___/ |___/\___/_/ /_/ /_/\__,_/ .___/ 
                               /_/
            

    projectdiscovery.io

[INF] Get your free api key by signing up at https://cloud.projectdiscovery.io
[*] Enter PDCP API Key (exit to abort): *************
[INF] Successfully logged in as (@user)

Running CVEMap

For details about running cvemap, see https://docs.projectdiscovery.io/tools/cvemap/running.

Note

  • CVE dataset gets updated in every 6 hours.

References

cvemap is made with ❤️ by the projectdiscovery team and distributed under MIT License.

Join Discord

cvemap's People

Contributors

dependabot[bot] avatar ehsandeep avatar ramanareddy0m avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.