Skip to content
This repository has been archived by the owner on Sep 2, 2023. It is now read-only.

Latest commit

 

History

History
50 lines (32 loc) · 1.8 KB

README.md

File metadata and controls

50 lines (32 loc) · 1.8 KB

nvdcve2json

DISCONTINUED: Since October 16th, 2019, the NVD discontinued support for XML Data Feeds. You can read more here. There are JSON data feeds available that are going to be discontinued by the end of 2023. They recommend to use their API instead.

Pipe-able parser from XML to JSON of the nvdcve list.

HOW DO I USE IT?

First, install it with:

go get github.com/ghostbar/nvdcve2json

Or just go to the releases page and download the binary for your system.

Then, just run it like:

$GOPATH/bin/nvdcve2json < nvdcve-2.0-2016.xml

curl https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Recent.xml.gz | \
  gunzip - | $GOPATH/bin/nvdcve2json

$GOPATH/bin/nvdcve2json --input nvdcve-2.0-2016.xml

$GOPATH/bin/nvdcve2json --input nvdcve-2.0-2016.xml > nvdcve-2.0-2016.json

More help can be found on $GOPATH/bin/nvdcve2json --help.

WHAT ABOUT FILTERING STUFF OUT?

You can use the flag --filter since v1.0.0 to just get the CVEs you want, like: "cpe:/o:apple:mac_os_x", then nvdcve2json will use the logical tests on the vulnerable-configuration field to determine if that cpe string matches any of the CVEs and will print out just that.

Protip: you can send multiple --filter, like:

curl https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Recent.xml.gz | \
  gunzip - | $GOPATH/bin/nvdcve2json --filter "cpe:/o:apple:mac_os_x"
  --filter "cpe:/o:microsoft:windows" > cves-for-mac-n-windows.json

AUTHOR AND LICENSE

© Jose-Luis Rivas <me@ghostbar.co>.

This software is licensed under the MIT terms, a copy of the license can be found in the LICENSE file in this repository.