vFeed Correlated Vulnerability Database API major update 0.6 released

vFeed Framework is a CVE, CWE and OVAL Compatible naming scheme concept that provides extra structured detailed third-party references and technical characteristics for a CVE entry through an extensible XML/JSON schema.

It also improves the reliability of CVEs by providing a flexible and comprehensive vocabulary for describing the relationship with other standards and security references.

The associated vFeed.db (The Correlated Vulnerability and Threat Database) is a detective and preventive security information repository used for gathering vulnerability and mitigation data from scattered internet sources into an unified database.

Changelog 0.6.0

• Reviewed and re-wrote the code to be as much as possible PEP8 compliant
• Update the vFeed License. It is very important to read it.
• Introduced a new simple vFeed menu with the following options:
  • –method: Digs into the database and enumerate information related to CVE. See (–list)
  • –list: Lists the available –method functions. You can refer to the wiki documentation for more information
  • –export : Exports metadata to either JSON or XML formats
  • –stats : Displays the vFeed.db statistics
  • –search: Simple vFeed search utility. It supports CVE, CPE, CWE, OVAL and free text
  • –update: To update the vFeed.db Correlated Vulnerability Database.
  • –banner: Displays vFeed banners. Dont ask me. It is useless 🙂
• Refactored the main vFeed class api.py into small dedicated classes:
  • info.py: Used to render information about CVE alongside other open standards (CWE, CPE, CAPEC).
  • ref.py: Can be leveraged to get information about references and cross-linked sources (IAVM, SCIP..)
  • risk.py: Used to display the CVSS v2 and severity.
  • patches.py: Mostly used to enumerate hotfixes from 3rd party vendors such as Microsoft, Redhat, Suse etc
  • scanners.py : Leveraged to list information about scanners scripts related to CVEs such as Nessus, OpenVAS ..
  • exploit.py : Used to list information about exploits PoC related to CVEs such as Metasploit, Exploit-DB ..
  • rules.py : Can be leveraged to display the IDS/IPS rules to prevent from the attack such as Snort or Suricata
  • json_dump.py : This class will generate a detailed CVE JSON output.
• vFeed now returns JSON responses. It will be much easier to integrate with 3rd party utilities and software.
• Added the support of CWE, OVAL and free text to search.py class.
• Added URL links to the references (CVE, CWE, CAPEC, 3rd party references ..)
• Changed name of get_risk method to get_severity
• Exported JSON/XML files are moved to export repository.
• Added api_calls.py API calls sample to demonstrate how easy to use vFeed from within your code.
• Deprecated the value of “PCI Compliance” from risk.py class. This will be supported later.
• Deprecated the method get_milw0rm as the source does not longer exist
• Todo : The XML export will be added later.
• The documentation updated. Visit Documentation Page

[button size=large style=round color=red align=none url=https://github.com/toolswatch/vFeed/ ]GET IT[/button]