initial-commit

.gitignore

@@ -9,6 +9,8 @@ __pycache__/
 # Distribution / packaging
 .Python
 build/
+results/
+nvd/
 develop-eggs/
 dist/
 downloads/

README.md

@@ -1,2 +1,118 @@
-# cve_nvd_tool
+# NVD CVE Managment Tool v3.0
+# Python v3.7
+# Djang0 v2.2.2
+
+The script and its documentation are taken from [cve_manager](https://github.com/aatlasis/cve_manager).
+The improved script functions fine on python 3.7 and later, and some bugs are fixed that were associated with Python v2.7.
+
 Python script for preparing NVD JSON feeds and importing in Local Database | Python 3.7 | Django 2.2.2
+
+  a) parses NIST NVD CVEs, 
+
+  b) prcoesses and exports them to CSV files, 
+  c) creates a postgres database and imports all the data in it, and
+
+  d) provides query capabilities for this CVEs database.
+
+Before Script execution create following directories.
+
+`mkdir results`
+`mkdir nvd`
+
+Usage examples: 
+
+- Download, parse and save in CSV files all CVEs from NIST NVD:
+
+  `python ./script.py -d -p -csv`
+
+- Create a postgresql database to host the downloaded CVEs:
+
+  `python ./script.py -u <myuser> -ps <mypassword> -host <hostname or IP> -db <database_name> -ow <new_owner of database> -cd`
+
+- Create the tables and views at the database:
+
+  `python ./script.py -u <myuser> -ps <mypassword> -host <hostname or IP> -db <database_name> -ct`
+
+- Import all data into the created database (requires the download, parse and sdtore as CSV files first, as explained above):
+
+  `python ./script.py -u <myuser> -ps <mypassword> -host <hostname or IP> -db <database_name> -idb -p`
+
+- Query for a specific CVE:
+
+  `python ./script.py -u <myuser> -ps <mypassword> -host <hostname or IP> -db <database_name> -cve 2019-2434`
+
+- Query for all CVEs related with a product (e.g. windows), with a base metric score greater than a value (e.g. 9, that is critcal), and a publication date equal or newer than a specific year (e.g. 2018):
+
+  `python ./script.py -u <myuser> -ps <mypassword> -host <hostname or IP> -db <database_name> -pr internet -sc 9 -dt 2018`
+
+- Query for all CVEs related with a vendor (e.g. microsoft), with a base metric score greater than a value (e.g. 9, that is critcal), and a publication date equal or newer than a specific year (e.g. 2019):
+
+  `python ./script.py -u <myuser> -ps <mypassword> -host <hostname or IP> -db <database_name> -ve microsoft -sc 9 -dt 2019`
+
+- Truncate the contents of all tables (required if you want to repeat the import process so as to update the data): 
+
+  `python ./script.py -u <myuser> -ps <mypassword> -host <hostname or IP> -db <database_name> -tr`
+
+- Delete the database (remove it completely):
+
+  `python ./script.py -u <myuser> -ps <mypassword> -host <hostname or IP> -db <database_name> -dd`
+
+Complete list of supported arguments:
+
+  -h, --help            show this help message and exit
+
+  -v, --version         show program's version number and exit
+
+  -p, --parse           Process downloaded CVEs.
+
+  -d, --download        Download CVEs.
+
+  -csv, --cvs_files     Create CSVs files.
+
+  -idb, --import_to_db  Import CVEs into a database.
+
+  -i INPUT, --input INPUT
+                        The directory where NVD json files will been downloaded, and the one from where they will be parsed
+                        (default: nvd/)
+
+  -o RESULTS, --output RESULTS
+                        The directory where the csv files will be stored (default: results/)
+
+  -u USER, --user USER  The user to connect to the database.
+
+  -ow OWNER, --owner OWNER
+                        The owner of the database (if different from the connected user).
+
+  -ps PASSWORD, --password PASSWORD
+                        The password to connect to the database.
+
+  -host HOST, --host HOST
+                        The host or IP of the database server.
+
+  -db DATABASE, --database DATABASE
+                        The name of the database.
+
+  -cd, --create_database
+                        Create the database
+
+  -dd, --drop_database  Drop the database
+
+  -ct, --create_tables  Create the tables of the database
+
+  -tr, --truncate_cves_tables
+                        Truncate the CVEs-related tables
+
+  -cve CVE, --cvs_number CVE
+                        Print info for a CVE (CVSS score and other)
+
+  -pr PRODUCT, --product PRODUCT
+                        Print CVEs for a product
+
+  -ve VENDOR, --vendor VENDOR
+                        Print CVEs for a vendor for all products
+
+  -sc SCORE, --score SCORE
+                        Use base score as a selection criterion
+
+  -dt DATE, --date DATE
+                        Use publication date as a selection criterion

req.txt

@@ -0,0 +1,66 @@
+apturl==0.5.2
+asn1crypto==0.24.0
+blinker==1.4
+Brlapi==0.6.7
+certifi==2018.8.24
+chardet==3.0.4
+command-not-found==0.3
+cryptography==2.3
+cupshelpers==1.0
+defer==1.0.6
+distro==1.3.0
+distro-info===0.21ubuntu2
+Django==2.2.2
+entrypoints==0.3
+httplib2==0.11.3
+idna==2.6
+keyring==17.1.1
+keyrings.alt==3.1.1
+language-selector==0.1
+launchpadlib==1.10.6
+lazr.restfulclient==0.14.2
+lazr.uri==1.0.3
+louis==3.8.0
+macaroonbakery==1.2.1
+Mako==1.0.7
+MarkupSafe==1.1.0
+netifaces==0.10.4
+numpy==1.16.4
+oauthlib==2.1.0
+olefile==0.46
+pexpect==4.6.0
+Pillow==5.4.1
+protobuf==3.6.1
+pycairo==1.16.2
+pycrypto==2.6.1
+pycups==1.9.73
+PyGObject==3.32.0
+PyJWT==1.7.0
+pymacaroons==0.13.0
+PyNaCl==1.3.0
+pyRFC3339==1.1
+python-apt==1.8.4
+python-dateutil==2.7.3
+python-debian==0.1.34
+pytz==2018.9
+pyxdg==0.25
+PyYAML==3.13
+reportlab==3.5.18
+requests==2.21.0
+requests-unixsocket==0.1.5
+scipy==1.3.0
+SecretStorage==2.3.1
+simplejson==3.16.0
+six==1.12.0
+sqlparse==0.3.0
+system-service==0.3
+systemd-python==234
+ubuntu-advantage-tools==19.2
+ubuntu-drivers-common==0.0.0
+ufw==0.36
+unattended-upgrades==0.1
+urllib3==1.24.1
+usb-creator==0.3.3
+virtualenv==15.1.0
+wadllib==1.3.3
+xkit==0.0.0