vFeed

The Correlated CVE Vulnerability And Threat Intelligence Database API

vFeed The Correlated Vulnerability and Threat Intelligence Database Wrapper

vFeed

Build Status
Code Health
Compatibility
Compatibility
Compatibility

vFeed Python Wrapper / Database is a CVE, CWE, and OVAL Compatible naming scheme concept that provides extra structured detailed third-party references and technical characteristics for a CVE entry through an extensible XML/JSON schema.
It also improves the reliability of CVEs by providing a flexible and comprehensive vocabulary for describing the relationship with other standards and security references.

vFeed API generates a JSON-based format outputs to describe in detail vulnerabilities.
It can be leveraged as input by security researchers, practitioners, and tools as part of their vulnerability description. The standard syntax is easy to interpret by humans and systems.

The mandatory associated vFeed DB (The Correlated Vulnerability and Threat Intelligence Database) is a detective and preventive security information repository used for gathering vulnerability and mitigation data from scattered internet sources into an unified database. The vFeed DB must be obtained directly from vFeed IO.

  • Open security standards:

  • Vulnerability Assessment & Exploitation IDs (Metasploit, SAINT Corporation, Tenable's Nessus Plugin IDs, Nmap, Exploit-DB)

  • Vendors Security Alerts:

    • Microsoft MS
    • Mandriva
    • Redhat
    • Cisco
    • Sun
    • Gentoo
    • Ubuntu
    • And more ...

Key features

  • Registered as CVE, CWE, and OVAL Compatible by the Mitre Corporation
  • Support Open Standards such as CVE, CPE, CWE, CAPEC, WASC, CVSS and more
  • Downloadable as SQLite database
  • Support correlation with 3rd-party security references IAVA, OVAL and more
  • Support correlation with security assessment and patch vendors (Nessus, Exploit-DB, Redhat, Microsoft..)
  • Easy and ready-to-use python Wrapper

More features at vFeed IO.

Target Audience

  • Penetration testers who want to analyze CVEs and gather extra information to help shape avenues to exploit vulnerabilities.
  • Security auditors who want to report accurate information about findings. vFeed could be the best way to describe a CVE with attributes based on standards and 3rd party references as vendors or companies involved into standarization efforts.
  • Security tools vendors / security open source developers who need to implement libraries to enumerate useful information about CVEs without wasting time to correlate and to create a proprietary database. vFeed is by far the best solution. Methods can be invoked from programs or scripts with a simple call.
  • Any security hacker who is conducting research and needs a very fast and accurate way to enumerate available exploits or techniques to check a vulnerability.

How to ?

Run vfeedcli.py -h for help.
Refer to the Documentation official documentation page.

Latest release

0.7.2.1

  • [Fix] Fixed Migrate() module (SQLite to MongoDB). Thanks to Thiago Palmeira from Infolink for reporting the bug.

0.7.2

  • Added support to CAPEC v2.10. Check the full changelog.
  • Added support to CWE v2.11. Check the full changelog.
  • Added support to the new Microsoft security update
  • [Improve] Improved the get_ms method to returns both all and new Microsoft bulletins and KBs.
  • [Improve] Fixed issue #65. Cleaned the database from Reject entries.
  • [Doc] Documentation updated to reflect the new changes.
    All changes are immediate for consultancy / integrator license customers. The CE database will be available by the end of the month

0.7.1

  • [New] Reactivated the ability to automate the download process for Consultancy / Integrator plans using private Dropbox repository.
  • [Improve] Improved the mongo.py to check whether SQLite exists. Thanks to Alex Faraino (https://github.com/AlexFaraino/vFeed)
  • [Fix] Modified vfeedcli from API to wrapper.
  • [Doc] Documentation updated to reflect the new changes.

主要指標

概覽
名稱與所有者toolswatch/vFeed
主編程語言Python
編程語言Python (語言數: 1)
平台
許可證Other
所有者活动
創建於2013-05-20 18:51:57
推送於2021-05-28 14:23:17
最后一次提交2021-05-28 16:23:17
發布數12
最新版本名稱v0.7.2.1 (發布於 )
第一版名稱v0.6.0 (發布於 2015-12-24 15:45:38)
用户参与
星數0.9k
關注者數112
派生數243
提交數81
已啟用問題?
問題數70
打開的問題數6
拉請求數4
打開的拉請求數3
關閉的拉請求數8
项目设置
已啟用Wiki?
已存檔?
是復刻?
已鎖定?
是鏡像?
是私有?