# Explore NVD

In [2]:
import subprocess
assert subprocess.call('pip install packaging'.split()) == 0

In [3]:
from packaging.version import parse as parse_version

In [23]:
version = parse_version('1.2.3')

In [24]:
for _ in dir(version):
    if _.startswith('_'):
        continue
    print(f'{_} = {getattr(version, _)}')

base_version = 1.2.3
dev = None
epoch = 0
is_devrelease = False
is_postrelease = False
is_prerelease = False
local = None
post = None
pre = None
public = 1.2.3
release = (1, 2, 3)


In [None]:
# Load CVE-2002
# Load CVE-2019
# Load CVE-Recent
# Load CVE-Modified

In [30]:
from invisibleroads_macros.disk import make_folder
target_folder = make_folder('/tmp/nvd')

## Load CVE-2002

In [31]:
# Load meta
url = 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2002.meta'

In [33]:
from os.path import basename, join
target_name = basename(url)
target_name

'nvdcve-1.0-2002.meta'

In [34]:
from urllib.request import urlretrieve as download
target_path = join(target_folder, target_name)
download(url, filename=target_path)

('/tmp/nvd/nvdcve-1.0-2002.meta', <http.client.HTTPMessage at 0x7f2f1cffad30>)

In [35]:
cat $target_path

lastModifiedDate:2019-03-08T04:13:35-05:00
size:25950036
zipSize:1670233
gzSize:1670097
sha256:0C4CD876512D0A8141305412504F288B2A6B157FD03A8797FFEB59708820E008


I think we can assume that if the content of the meta file has changed, then the content of the original file has changed as well.

In [36]:
# Load gz
url = 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2002.json.gz'

In [37]:
from os.path import basename, join
target_name = basename(url)
target_name

'nvdcve-1.0-2002.json.gz'

In [38]:
from urllib.request import urlretrieve as download
target_path = join(target_folder, target_name)
download(url, filename=target_path)

('/tmp/nvd/nvdcve-1.0-2002.json.gz',
 <http.client.HTTPMessage at 0x7f2f1d737128>)

In [39]:
import gzip
with gzip.open(target_path, 'rb') as f:
    content = f.read()

In [40]:
len(content)

25950036

In [41]:
content[:100]

b'{\r\n  "CVE_data_type" : "CVE",\r\n  "CVE_data_format" : "MITRE",\r\n  "CVE_data_version" : "4.0",\r\n  "CVE'

In [42]:
import json
d = json.load(gzip.open(target_path, 'rb'))

In [43]:
d.keys()

dict_keys(['CVE_data_type', 'CVE_data_format', 'CVE_data_version', 'CVE_data_numberOfCVEs', 'CVE_data_timestamp', 'CVE_Items'])

In [44]:
d['CVE_data_type']

'CVE'

In [45]:
d['CVE_data_format']

'MITRE'

In [46]:
d['CVE_data_version']

'4.0'

In [47]:
d['CVE_data_numberOfCVEs']

'6745'

In [48]:
d['CVE_data_timestamp']

'2019-03-08T09:11Z'

In [50]:
len(d['CVE_Items'])

6745

In [53]:
x = d['CVE_Items'][0]

In [54]:
x.keys()

dict_keys(['cve', 'configurations', 'impact', 'publishedDate', 'lastModifiedDate'])

In [56]:
x['cve'].keys()

dict_keys(['data_type', 'data_format', 'data_version', 'CVE_data_meta', 'affects', 'problemtype', 'references', 'description'])

In [57]:
x['configurations'].keys()

dict_keys(['CVE_data_version', 'nodes'])

In [76]:
x['configurations']

{'CVE_data_version': '4.0',
 'nodes': [{'cpe_match': [{'cpe23Uri': 'cpe:2.3:o:bsdi:bsd_os:3.1:*:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:freebsd:freebsd:1.0:*:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:freebsd:freebsd:1.1:*:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:freebsd:freebsd:1.1.5.1:*:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:freebsd:freebsd:1.2:*:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:freebsd:freebsd:2.0:*:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:freebsd:freebsd:2.0.1:*:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:freebsd:freebsd:2.0.5:*:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:freebsd:freebsd:2.1.5:*:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:freebsd:freebsd:2.1.6:*:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:freebsd:freebs

In [58]:
x['impact'].keys()

dict_keys(['baseMetricV2'])

In [64]:
x['impact']['baseMetricV2'].keys()

dict_keys(['cvssV2', 'severity', 'exploitabilityScore', 'impactScore', 'obtainAllPrivilege', 'obtainUserPrivilege', 'obtainOtherPrivilege', 'userInteractionRequired'])

In [81]:
x['impact']['baseMetricV2']

{'cvssV2': {'accessComplexity': 'LOW',
  'accessVector': 'NETWORK',
  'authentication': 'NONE',
  'availabilityImpact': 'PARTIAL',
  'baseScore': 5.0,
  'confidentialityImpact': 'NONE',
  'integrityImpact': 'NONE',
  'vectorString': 'AV:N/AC:L/Au:N/C:N/I:N/A:P',
  'version': '2.0'},
 'exploitabilityScore': 10.0,
 'impactScore': 2.9,
 'obtainAllPrivilege': False,
 'obtainOtherPrivilege': False,
 'obtainUserPrivilege': False,
 'severity': 'MEDIUM',
 'userInteractionRequired': False}

In [82]:
x['impact']['baseMetricV2']['cvssV2']

{'accessComplexity': 'LOW',
 'accessVector': 'NETWORK',
 'authentication': 'NONE',
 'availabilityImpact': 'PARTIAL',
 'baseScore': 5.0,
 'confidentialityImpact': 'NONE',
 'integrityImpact': 'NONE',
 'vectorString': 'AV:N/AC:L/Au:N/C:N/I:N/A:P',
 'version': '2.0'}

In [83]:
x['impact']['baseMetricV2']['cvssV2']['baseScore']

5.0

In [61]:
x['publishedDate']

'1999-12-30T05:00Z'

In [62]:
x['lastModifiedDate']

'2010-12-16T05:00Z'

In [77]:
x['cve'].keys()

dict_keys(['data_type', 'data_format', 'data_version', 'CVE_data_meta', 'affects', 'problemtype', 'references', 'description'])

In [80]:
x['cve']['CVE_data_meta']['ID']

'CVE-1999-0001'

## Load CVE-2019

In [85]:
# Load meta
url = 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2019.meta'

In [86]:
from os.path import basename, join
target_name = basename(url)
target_name

'nvdcve-1.0-2019.meta'

In [87]:
from urllib.request import urlretrieve as download
target_path = join(target_folder, target_name)
download(url, filename=target_path)

('/tmp/nvd/nvdcve-1.0-2019.meta', <http.client.HTTPMessage at 0x7f2f0a110e10>)

In [88]:
cat $target_path

lastModifiedDate:2019-03-14T03:01:37-04:00
size:25715303
zipSize:977226
gzSize:977090
sha256:7333614AA7C9E5B7EF31A75D4DF6788F9370ABB9BC8B7FCBCF8D293C5945B497


In [89]:
# Load gz
url = 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2019.json.gz'

In [90]:
from os.path import basename, join
target_name = basename(url)
target_name

'nvdcve-1.0-2019.json.gz'

In [91]:
from urllib.request import urlretrieve as download
target_path = join(target_folder, target_name)
download(url, filename=target_path)

('/tmp/nvd/nvdcve-1.0-2019.json.gz',
 <http.client.HTTPMessage at 0x7f2f0a1146a0>)

In [107]:
import gzip
with gzip.open(target_path, 'rb') as f:
    content = f.read()

In [108]:
len(content)

25715303

In [109]:
content[:100]

b'{\r\n  "CVE_data_type" : "CVE",\r\n  "CVE_data_format" : "MITRE",\r\n  "CVE_data_version" : "4.0",\r\n  "CVE'

In [115]:
import json
d = json.load(gzip.open(target_path, 'rb'))

In [116]:
d.keys()

dict_keys(['CVE_data_type', 'CVE_data_format', 'CVE_data_version', 'CVE_data_numberOfCVEs', 'CVE_data_timestamp', 'CVE_Items'])

In [117]:
d['CVE_data_type']

'CVE'

In [118]:
d['CVE_data_format']

'MITRE'

In [119]:
d['CVE_data_version']

'4.0'

In [120]:
d['CVE_data_numberOfCVEs']

'1411'

In [121]:
d['CVE_data_timestamp']

'2019-03-14T07:00Z'

In [122]:
len(d['CVE_Items'])

1411

In [123]:
x = d['CVE_Items'][0]

In [124]:
x.keys()

dict_keys(['cve', 'configurations', 'impact', 'publishedDate', 'lastModifiedDate'])

In [125]:
x['cve'].keys()

dict_keys(['data_type', 'data_format', 'data_version', 'CVE_data_meta', 'affects', 'problemtype', 'references', 'description'])

In [126]:
x['configurations']

{'CVE_data_version': '4.0',
 'nodes': [{'cpe_match': [{'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:*:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r5:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r6:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r6-s6:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r7:*:*:*:*:*:*',
     'vulnerable': True}],
   'operator': 'OR'},
  {'cpe_match': [{'cp

In [127]:
x['impact'].keys()

dict_keys(['baseMetricV3', 'baseMetricV2'])

In [128]:
x['impact']['baseMetricV3']

{'cvssV3': {'attackComplexity': 'HIGH',
  'attackVector': 'NETWORK',
  'availabilityImpact': 'HIGH',
  'baseScore': 5.9,
  'baseSeverity': 'MEDIUM',
  'confidentialityImpact': 'NONE',
  'integrityImpact': 'NONE',
  'privilegesRequired': 'NONE',
  'scope': 'UNCHANGED',
  'userInteraction': 'NONE',
  'vectorString': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H',
  'version': '3.0'},
 'exploitabilityScore': 2.2,
 'impactScore': 3.6}

In [130]:
x['impact']['baseMetricV3']['cvssV3']['baseScore']

5.9

In [131]:
x['impact']['baseMetricV2']['cvssV2']['baseScore']

7.1

In [133]:
x['publishedDate']

'2019-01-15T21:29Z'

In [134]:
x['lastModifiedDate']

'2019-02-14T18:35Z'

In [135]:
x['cve']['CVE_data_meta']['ID']

'CVE-2019-0001'

## Load CVE-Recent

In [169]:
# Load meta
url = 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-recent.meta'

In [170]:
from os.path import basename, join
target_name = basename(url)
target_name

'nvdcve-1.0-recent.meta'

In [171]:
from urllib.request import urlretrieve as download
target_path = join(target_folder, target_name)
download(url, filename=target_path)

('/tmp/nvd/nvdcve-1.0-recent.meta',
 <http.client.HTTPMessage at 0x7f2f01805da0>)

In [172]:
cat $target_path

lastModifiedDate:2019-03-14T14:00:27-04:00
size:4038716
zipSize:207941
gzSize:207801
sha256:394578DC839787F50FDAE83568F11167F3D498659B8D7E1E8B18D43FC1F0683E


In [173]:
# Load gz
url = 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-recent.json.gz'

In [174]:
from os.path import basename, join
target_name = basename(url)
target_name

'nvdcve-1.0-recent.json.gz'

In [175]:
from urllib.request import urlretrieve as download
target_path = join(target_folder, target_name)
download(url, filename=target_path)

('/tmp/nvd/nvdcve-1.0-recent.json.gz',
 <http.client.HTTPMessage at 0x7f2f01805ac8>)

In [183]:
import json
d = json.load(gzip.open(target_path, 'rb'))

In [184]:
d['CVE_data_numberOfCVEs']

'425'

In [201]:
x = d['CVE_Items'][-1]

In [202]:
x['impact'].keys()

dict_keys([])

In [203]:
x['cve']['CVE_data_meta']['ID']

'CVE-2019-9787'

## Load CVE-Modified

In [188]:
# Load meta
url = 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.meta'

In [189]:
from os.path import basename, join
target_name = basename(url)
target_name

'nvdcve-1.0-modified.meta'

In [190]:
from urllib.request import urlretrieve as download
target_path = join(target_folder, target_name)
download(url, filename=target_path)

('/tmp/nvd/nvdcve-1.0-modified.meta',
 <http.client.HTTPMessage at 0x7f2f01805e10>)

In [191]:
cat $target_path

lastModifiedDate:2019-03-14T14:02:24-04:00
size:27890598
zipSize:1226286
gzSize:1226142
sha256:4C6267128B42E85582AE6ACE3BBC5032B97387FE60B42AA50EE08FD15485BAC8


In [192]:
# Load gz
url = 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.json.gz'

In [193]:
from os.path import basename, join
target_name = basename(url)
target_name

'nvdcve-1.0-modified.json.gz'

In [194]:
from urllib.request import urlretrieve as download
target_path = join(target_folder, target_name)
download(url, filename=target_path)

('/tmp/nvd/nvdcve-1.0-modified.json.gz',
 <http.client.HTTPMessage at 0x7f2efcf43470>)

In [195]:
import gzip
with gzip.open(target_path, 'rb') as f:
    content = f.read()

In [196]:
import json
d = json.load(gzip.open(target_path, 'rb'))

In [197]:
d['CVE_data_numberOfCVEs']

'1934'

In [204]:
x = d['CVE_Items'][-1]

In [205]:
x['impact'].keys()

dict_keys([])

In [206]:
x['cve']['CVE_data_meta']['ID']

'CVE-2019-9787'

I think we should do a full import once a month. We can check modified once a week. We can check recent every day.