CVEStack
I recently noticed an issue with all CVE feeds I could find. Mainly that they were too noisy. Parsing through them requires reading hundreds of messages, and figuring out which exploits are relevant. Many of them, like all of the WordPress exploits, are rarely if ever relevant to the work I do.
To give some context, I receive hundreds of slack messages every few days and try to read through all of them. While this guarantees I don’t miss any, it also means that I spend 20 minutes of my evening parsing through exploits that are largely not relevant. To fix this problem, I’ve created something that surprisingly doesn’t seem to exist, even though many want it.
For example, this StackExchange post suggests anything from monitoring their Twitter feed to the ability, to paid products, to solutions that allow for monitoring a single product. This lead me to create CVEStack. CVEStack is able to monitor an unlimited number of keywords using a simple word search. It also supports pip-like versioning syntax, although this may return false negatives if the version number is not included.
As an example, the following file would generate an RSS feed with any new CVEs containing (case-insensitive) the words linux or wordpress:
linux
wordpress
If I wanted only results containing linux and 4.13 , I could use
linux==4.13
This also means it’s compatible with copy/pasting Python requirements.txt files, although I recommend against filtering on the version, as the NVD feed does not contain an explicitly set version field. I also add the matched pattern to the comments section of the RSS feed outputted.
By default, this tool will rebroadcast the generated RSS feed on port 8088, but this can be overridden via the -p parameter, and the tool can be included as a (really messy) python library, which could be used to write results to a file.
The original reason I designed this tool was to pipe it into Slack. Thanks to the filtering ability, I can now enable notifications for all new messages in that channel without having my eardrums blasted out every time there’s an update. CVEStack should be fully compatible with Slack’s RSS integration.
You can find the project here: https://github.com/Plazmaz/CVEStack
I hope this tool is as helpful to you as it will be/has been to me!