# Explore NVD

In [1]:
import subprocess
assert subprocess.call('pip install packaging'.split()) == 0

In [2]:
from packaging.version import parse as parse_version

In [3]:
version = parse_version('1.2.3')

In [4]:
for _ in dir(version):
    if _.startswith('_'):
        continue
    print(f'{_} = {getattr(version, _)}')

base_version = 1.2.3
dev = None
epoch = 0
is_devrelease = False
is_postrelease = False
is_prerelease = False
local = None
post = None
pre = None
public = 1.2.3
release = (1, 2, 3)


In [6]:
from invisibleroads_macros.disk import make_folder
target_folder = make_folder('/tmp/nvd')

## Load CVE-2002

In [7]:
# Load meta
url = 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2002.meta'

In [8]:
from os.path import basename, join
target_name = basename(url)
target_name

'nvdcve-1.0-2002.meta'

In [9]:
from urllib.request import urlretrieve as download
target_path = join(target_folder, target_name)
download(url, filename=target_path)

('/tmp/nvd/nvdcve-1.0-2002.meta', <http.client.HTTPMessage at 0x7fc24c1a7080>)

In [10]:
cat $target_path

lastModifiedDate:2019-03-26T04:24:29-04:00
size:25958074
zipSize:1672460
gzSize:1672324
sha256:B8C405B84604CCBC48E956E1E8B43C7E6C0B55B325F0BD908ED603B1969474BA


I think we can assume that if the content of the meta file has changed, then the content of the original file has changed as well.

In [11]:
# Load gz
url = 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2002.json.gz'

In [12]:
from os.path import basename, join
target_name = basename(url)
target_name

'nvdcve-1.0-2002.json.gz'

In [13]:
from urllib.request import urlretrieve as download
target_path = join(target_folder, target_name)
download(url, filename=target_path)

('/tmp/nvd/nvdcve-1.0-2002.json.gz',
 <http.client.HTTPMessage at 0x7fc24c1a79e8>)

In [14]:
import gzip
with gzip.open(target_path, 'rb') as f:
    content = f.read()

In [15]:
len(content)

25958074

In [16]:
content[:100]

b'{\r\n  "CVE_data_type" : "CVE",\r\n  "CVE_data_format" : "MITRE",\r\n  "CVE_data_version" : "4.0",\r\n  "CVE'

In [17]:
import json
d = json.load(gzip.open(target_path, 'rb'))

In [18]:
d.keys()

dict_keys(['CVE_data_type', 'CVE_data_format', 'CVE_data_version', 'CVE_data_numberOfCVEs', 'CVE_data_timestamp', 'CVE_Items'])

In [19]:
d['CVE_data_type']

'CVE'

In [20]:
d['CVE_data_format']

'MITRE'

In [21]:
d['CVE_data_version']

'4.0'

In [22]:
d['CVE_data_numberOfCVEs']

'6745'

In [23]:
d['CVE_data_timestamp']

'2019-03-26T08:21Z'

In [24]:
len(d['CVE_Items'])

6745

In [25]:
x = d['CVE_Items'][0]

In [26]:
x.keys()

dict_keys(['cve', 'configurations', 'impact', 'publishedDate', 'lastModifiedDate'])

In [27]:
x['cve'].keys()

dict_keys(['data_type', 'data_format', 'data_version', 'CVE_data_meta', 'affects', 'problemtype', 'references', 'description'])

In [28]:
x['configurations'].keys()

dict_keys(['CVE_data_version', 'nodes'])

In [93]:
x['configurations']['CVE_data_version']

'4.0'

In [96]:
x['configurations']['nodes'][0].keys()

dict_keys(['operator', 'cpe_match'])

In [30]:
x['impact'].keys()

dict_keys(['baseMetricV2'])

In [31]:
x['impact']['baseMetricV2'].keys()

dict_keys(['cvssV2', 'severity', 'exploitabilityScore', 'impactScore', 'obtainAllPrivilege', 'obtainUserPrivilege', 'obtainOtherPrivilege', 'userInteractionRequired'])

In [32]:
x['impact']['baseMetricV2']

{'cvssV2': {'accessComplexity': 'LOW',
  'accessVector': 'NETWORK',
  'authentication': 'NONE',
  'availabilityImpact': 'PARTIAL',
  'baseScore': 5.0,
  'confidentialityImpact': 'NONE',
  'integrityImpact': 'NONE',
  'vectorString': 'AV:N/AC:L/Au:N/C:N/I:N/A:P',
  'version': '2.0'},
 'exploitabilityScore': 10.0,
 'impactScore': 2.9,
 'obtainAllPrivilege': False,
 'obtainOtherPrivilege': False,
 'obtainUserPrivilege': False,
 'severity': 'MEDIUM',
 'userInteractionRequired': False}

In [33]:
x['impact']['baseMetricV2']['cvssV2']

{'accessComplexity': 'LOW',
 'accessVector': 'NETWORK',
 'authentication': 'NONE',
 'availabilityImpact': 'PARTIAL',
 'baseScore': 5.0,
 'confidentialityImpact': 'NONE',
 'integrityImpact': 'NONE',
 'vectorString': 'AV:N/AC:L/Au:N/C:N/I:N/A:P',
 'version': '2.0'}

In [34]:
x['impact']['baseMetricV2']['cvssV2']['baseScore']

5.0

In [35]:
x['publishedDate']

'1999-12-30T05:00Z'

In [36]:
x['lastModifiedDate']

'2010-12-16T05:00Z'

In [37]:
x['cve'].keys()

dict_keys(['data_type', 'data_format', 'data_version', 'CVE_data_meta', 'affects', 'problemtype', 'references', 'description'])

In [38]:
x['cve']['CVE_data_meta']['ID']

'CVE-1999-0001'

## Load CVE-2019

In [39]:
# Load meta
url = 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2019.meta'

In [40]:
from os.path import basename, join
target_name = basename(url)
target_name

'nvdcve-1.0-2019.meta'

In [41]:
from urllib.request import urlretrieve as download
target_path = join(target_folder, target_name)
download(url, filename=target_path)

('/tmp/nvd/nvdcve-1.0-2019.meta', <http.client.HTTPMessage at 0x7fc22e70eb38>)

In [42]:
cat $target_path

lastModifiedDate:2019-03-31T03:01:59-04:00
size:28742838
zipSize:1157010
gzSize:1156874
sha256:891928234CB801AF648F83B803C1E2CECA2EC7EEFE23CDE465418F6B46E2B63B


In [43]:
# Load gz
url = 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2019.json.gz'

In [44]:
from os.path import basename, join
target_name = basename(url)
target_name

'nvdcve-1.0-2019.json.gz'

In [45]:
from urllib.request import urlretrieve as download
target_path = join(target_folder, target_name)
download(url, filename=target_path)

('/tmp/nvd/nvdcve-1.0-2019.json.gz',
 <http.client.HTTPMessage at 0x7fc22e7155c0>)

In [46]:
import gzip
with gzip.open(target_path, 'rb') as f:
    content = f.read()

In [47]:
len(content)

28742838

In [48]:
content[:100]

b'{\r\n  "CVE_data_type" : "CVE",\r\n  "CVE_data_format" : "MITRE",\r\n  "CVE_data_version" : "4.0",\r\n  "CVE'

In [49]:
import json
d = json.load(gzip.open(target_path, 'rb'))

In [50]:
d.keys()

dict_keys(['CVE_data_type', 'CVE_data_format', 'CVE_data_version', 'CVE_data_numberOfCVEs', 'CVE_data_timestamp', 'CVE_Items'])

In [51]:
d['CVE_data_type']

'CVE'

In [52]:
d['CVE_data_format']

'MITRE'

In [53]:
d['CVE_data_version']

'4.0'

In [54]:
d['CVE_data_numberOfCVEs']

'1826'

In [55]:
d['CVE_data_timestamp']

'2019-03-31T07:00Z'

In [56]:
len(d['CVE_Items'])

1826

In [57]:
x = d['CVE_Items'][0]

In [58]:
x.keys()

dict_keys(['cve', 'configurations', 'impact', 'publishedDate', 'lastModifiedDate'])

In [59]:
x['cve'].keys()

dict_keys(['data_type', 'data_format', 'data_version', 'CVE_data_meta', 'affects', 'problemtype', 'references', 'description'])

In [60]:
x['configurations']

{'CVE_data_version': '4.0',
 'nodes': [{'cpe_match': [{'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:*:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r5:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r6:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r6-s6:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r7:*:*:*:*:*:*',
     'vulnerable': True}],
   'operator': 'OR'},
  {'cpe_match': [{'cp

In [61]:
x['impact'].keys()

dict_keys(['baseMetricV3', 'baseMetricV2'])

In [62]:
x['impact']['baseMetricV3']

{'cvssV3': {'attackComplexity': 'HIGH',
  'attackVector': 'NETWORK',
  'availabilityImpact': 'HIGH',
  'baseScore': 5.9,
  'baseSeverity': 'MEDIUM',
  'confidentialityImpact': 'NONE',
  'integrityImpact': 'NONE',
  'privilegesRequired': 'NONE',
  'scope': 'UNCHANGED',
  'userInteraction': 'NONE',
  'vectorString': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H',
  'version': '3.0'},
 'exploitabilityScore': 2.2,
 'impactScore': 3.6}

In [63]:
x['impact']['baseMetricV3']['cvssV3']['baseScore']

5.9

In [64]:
x['impact']['baseMetricV2']['cvssV2']['baseScore']

7.1

In [65]:
x['publishedDate']

'2019-01-15T21:29Z'

In [66]:
x['lastModifiedDate']

'2019-02-14T18:35Z'

In [67]:
x['cve']['CVE_data_meta']['ID']

'CVE-2019-0001'

## Load CVE-Recent

In [68]:
# Load meta
url = 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-recent.meta'

In [69]:
from os.path import basename, join
target_name = basename(url)
target_name

'nvdcve-1.0-recent.meta'

In [70]:
from urllib.request import urlretrieve as download
target_path = join(target_folder, target_name)
download(url, filename=target_path)

('/tmp/nvd/nvdcve-1.0-recent.meta',
 <http.client.HTTPMessage at 0x7fc224743a58>)

In [71]:
cat $target_path

lastModifiedDate:2019-03-31T20:00:18-04:00
size:2353721
zipSize:142966
gzSize:142826
sha256:8EF66C0446EA14CA7449BF66B8473132851E72B16FC9D8C5621BBD13621BDC04


In [72]:
# Load gz
url = 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-recent.json.gz'

In [73]:
from os.path import basename, join
target_name = basename(url)
target_name

'nvdcve-1.0-recent.json.gz'

In [74]:
from urllib.request import urlretrieve as download
target_path = join(target_folder, target_name)
download(url, filename=target_path)

('/tmp/nvd/nvdcve-1.0-recent.json.gz',
 <http.client.HTTPMessage at 0x7fc2247430f0>)

In [75]:
import json
d = json.load(gzip.open(target_path, 'rb'))

In [76]:
d['CVE_data_numberOfCVEs']

'469'

In [77]:
x = d['CVE_Items'][-1]

In [78]:
x['impact'].keys()

dict_keys(['baseMetricV3', 'baseMetricV2'])

In [79]:
x['cve']['CVE_data_meta']['ID']

'CVE-2019-9978'

## Load CVE-Modified

In [80]:
# Load meta
url = 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.meta'

In [81]:
from os.path import basename, join
target_name = basename(url)
target_name

'nvdcve-1.0-modified.meta'

In [82]:
from urllib.request import urlretrieve as download
target_path = join(target_folder, target_name)
download(url, filename=target_path)

('/tmp/nvd/nvdcve-1.0-modified.meta',
 <http.client.HTTPMessage at 0x7fc225cfacc0>)

In [83]:
cat $target_path

lastModifiedDate:2019-03-31T20:02:13-04:00
size:30161915
zipSize:1269586
gzSize:1269442
sha256:A1570FA46369800769A4BD37458B6E1E07EB759048256D9FEFD6898ED5EDB781


In [84]:
# Load gz
url = 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.json.gz'

In [85]:
from os.path import basename, join
target_name = basename(url)
target_name

'nvdcve-1.0-modified.json.gz'

In [86]:
from urllib.request import urlretrieve as download
target_path = join(target_folder, target_name)
download(url, filename=target_path)

('/tmp/nvd/nvdcve-1.0-modified.json.gz',
 <http.client.HTTPMessage at 0x7fc225d04b00>)

In [87]:
import gzip
with gzip.open(target_path, 'rb') as f:
    content = f.read()

In [88]:
import json
d = json.load(gzip.open(target_path, 'rb'))

In [89]:
d['CVE_data_numberOfCVEs']

'1149'

In [90]:
x = d['CVE_Items'][-1]

In [91]:
x['impact'].keys()

dict_keys(['baseMetricV3', 'baseMetricV2'])

In [92]:
x['cve']['CVE_data_meta']['ID']

'CVE-2019-9978'

I think we should do a full import once a month. We can check modified once a week. We can check recent every day.