1 Star 0 Fork 0

埋藏酱油瓶/cvemap

加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
贡献代码
同步代码
取消
提示: 由于 Git 不支持空文件夾,创建文件夹后会生成空的 .keep 文件
Loading...
README
MIT

CVEMap

FeaturesInstallationUsageExampleJoin Discord

Navigate the Common Vulnerabilities and Exposures (CVE) jungle with ease using CVEMAP, a command-line interface (CLI) tool designed to provide a structured and easily navigable interface to various vulnerability databases.

Features

image

  • CVE Dataset Search & Query
  • CVE to EPSS Mapping
  • CVE to KEV Mapping
  • CVE to CPE Mapping
  • CVE to GitHub POCs Mapping
  • CVE to Nuclei Template Mapping
  • CVE to HackerOne report Mapping
  • Customizable Filters on CVE data
  • STDIN Input / JSONL Output

Installation

cvemap requires Go 1.21 to install successfully. To install, just run the below command or download pre-compiled binary from release page.

go install github.com/projectdiscovery/cvemap/cmd/cvemap@latest

Usage

cvemap -h

This will display help for the tool. Here are all the switches it supports.

Usage:
  cvemap [flags]

Flags:
CONFIG:
   -auth  configure projectdiscovery cloud (pdcp) api key

OPTIONS:
   -id string[]                    cve to list for given id
   -v, -vendor string[]            cve to list for given vendor
   -p, -product string[]           cve to list for given product
   -eproduct string[]              cves to exclude based on products
   -s, -severity string[]          cve to list for given severity
   -cs, -cvss-score string[]       cve to list for given cvss score
   -c, -cpe string                 cve to list for given cpe
   -es, -epss-score string         cve to list for given epss score
   -ep, -epss-percentile string[]  cve to list for given epss percentile
   -age string                     cve to list published by given age in days
   -a, -assignee string[]          cve to list for given publisher assignee
   -vs, -vstatus value             cve to list for given vulnerability status in cli output. supported: unknown, new, confirmed, unconfirmed, modified, rejected

UPDATE:
   -up, -update                 update cvemap to latest version
   -duc, -disable-update-check  disable automatic cvemap update check

FILTER:
   -q, -search string  search in cve data
   -k, -kev            display cves marked as exploitable vulnerabilities by cisa (default true)
   -t, -template       display cves that has public nuclei templates (default true)
   -poc                display cves that has public published poc (default true)
   -h1, -hackerone     display cves reported on hackerone (default true)

OUTPUT:
   -f, -field value         fields to display in cli output. supported: age, kev, template, poc, cwe, epss, assignee, product, vendor, vstatus
   -fe, -exclude value      fields to exclude from cli output. supported: age, kev, template, poc, cwe, epss, assignee, product, vendor, vstatus
   -lsi, -list-id           list only the cve ids in the output
   -l, -limit int           limit the number of results to display (default 50)
   -offset int              offset the results to display
   -j, -json                return output in json format
   -epk, -enable-page-keys  enable page keys to navigate results

DEBUG:
   -version  Version
   -silent   Silent
   -verbose  Verbose

Configuring CVEMap CLI

CVEMap CLI is built on top of the CVEMap API that requires API Token from ProjectDiscovery Cloud Platform that can be configured using environment variable named PDCP_API_KEY or using interactive -auth option as shown below.

Using environment variable

export PDCP_API_KEY=*************

Using auth option

cvemap -auth


   ______   _____  ____ ___  ____  ____
  / ___/ | / / _ \/ __ \__ \/ __ \/ __ \
 / /__ | |/ /  __/ / / / / / /_/ / /_/ /
 \___/ |___/\___/_/ /_/ /_/\__,_/ .___/ 
                               /_/
            

    projectdiscovery.io

[INF] Get your free api key by signing up at https://cloud.projectdiscovery.io
[*] Enter PDCP API Key (exit to abort): *************
[INF] Successfully logged in as (@user)

Running CVEMap

For details about running cvemap, see https://docs.projectdiscovery.io/tools/cvemap/running.

Note

  • CVE dataset gets updated in every 6 hours.

References


cvemap is made with ❤️ by the projectdiscovery team and distributed under MIT License.

Join Discord

MIT License Copyright (c) 2023 ProjectDiscovery Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

简介

暂无描述 展开 收起
Go 等 3 种语言
MIT
取消

发行版

暂无发行版

贡献者 (1)

全部

近期动态

1年前创建了仓库
不能加载更多了
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
Go
1
https://gitee.com/secrole/cvemap.git
git@gitee.com:secrole/cvemap.git
secrole
cvemap
cvemap
main

搜索帮助