Use(s) of cve-search

use-of-cve-search.md

https://github.com/adulau/cve-search

How to choose a CMS? (based on the CVSS?)

$ python search.py -p typo3 -o json  | jq -r '.cvss' | Rscript -e 'mean(as.numeric(read.table(file("stdin"))[,1]))'
[1] 6.161562

$ python search.py -p wordpress -o json  | jq -r '.cvss' | Rscript -e 'mean(as.numeric(read.table(file("stdin"))[,1]))'
[1] 5.622102

$ python search.py -p joomla -o json  | jq -r '.cvss' | Rscript -e 'mean(as.numeric(read.table(file("stdin"))[,1]))'
[1] 6.771003

$ python search.py -p spip -o json  | jq -r '.cvss' | Rscript -e 'mean(as.numeric(read.table(file("stdin"))[,1]))' 
[1] 6.564286

Average/Median CVSS from a specific software (using R)

search.py -p oracle:java -o json  | jq -r '.cvss' | Rscript -e 'summary(as.numeric(read.table(file("stdin"))[,1]))'

List of potential vulnerabilities to investigate from a MacOS X installation

pkgutil  --pkgs  | tr "." "\n" | sort  -u  | parallel python3.3 search_fulltext.py -q | sort -n
port installed | grep active | awk '{sub(/@/,"",$2); sub(/_/,"",$2); print $1 " " $2;}' | parallel python3.3 search_fulltext.py -q

List of potential vulnerabilities to investigate from a MacOS X installation sorted by CVSS values

pkgutil  --pkgs  | tr "." "\n" | sort  -u  | parallel python3.3 search_fulltext.py -f -q  | jq -r '. | .cvss+","+.summary' | sort -n

List of CVSS values for a matching keyword

python3.3 search_fulltext.py -q Java -f | jq '.cvss'

List of CVSS values and summary for a matching keyword

python3.3 search_fulltext.py -q Java -f | jq '. | {cvss, summary}'

What is the software vendor with the most common keyword? (like "unknown")

python3.3 search_fulltext.py -q unknown -f | jq -r '. | .vulnerable_configuration[0]' | cut -f3 -d: | sort  | uniq -c  | sort -nr

1231 oracle
380 sun
320 hp
208 google
193 ibm
113 mozilla
102 microsoft
98 adobe
76 apple
68 linux
43 ethereal_group
41 joomla
38 typo3
...