# Overview
1. Collate all the downloaded data sources into one table by CVE ID.
2. Save the result to a file to be used elsewhere.

In [42]:
import pandas as pd

In [43]:
metasploit_df = pd.read_csv('../data_in/metasploit/metasploit.txt', header=None, names=['cve'])
metasploit_df['metasploit'] = True
metasploit_df

Unnamed: 0,cve,metasploit
0,CVE-2007-4387,True
1,CVE-2014-6041,True
2,CVE-2005-2611,True
3,CVE-2005-0771,True
4,CVE-2004-0795,True
...,...,...
2726,CVE-2022-29847,True
2727,CVE-2022-29848,True
2728,CVE-2021-36934,True
2729,CVE-2011-3402,True


In [44]:
nuclei_df = pd.read_csv('../data_in/nuclei/nuclei.txt', header=None, names=['cve'])
nuclei_df['nuclei'] = True
nuclei_df

Unnamed: 0,cve,nuclei
0,CVE-2000-0114,True
1,CVE-2001-0537,True
2,CVE-2002-1131,True
3,CVE-2004-0519,True
4,CVE-2004-1965,True
...,...,...
2197,CVE-2021-44521,True
2198,CVE-2022-0543,True
2199,CVE-2022-24706,True
2200,CVE-2022-31793,True


In [45]:
exploitdb_df = pd.read_csv('../data_in/exploitdb/exploitdb_cves.csv.gz', header=None, names=['cve'], compression="gzip")
exploitdb_df['exploitdb'] = True
exploitdb_df

Unnamed: 0,cve,exploitdb
0,CVE-1999-0002,True
1,CVE-1999-0003,True
2,CVE-1999-0005,True
3,CVE-1999-0006,True
4,CVE-1999-0009,True
...,...,...
24528,CVE-2023-4407,True
24529,CVE-2023-4547,True
24530,CVE-2023-4548,True
24531,CVE-2023-4634,True


In [46]:
# just read the CVE ID column
cisa_df = pd.read_csv('../data_in/cisa_kev/known_exploited_vulnerabilities.csv.gz', usecols=['cveID'], compression="gzip")
cisa_df = cisa_df.rename(columns={"cveID": "cve"})
cisa_df['cisa_kev'] = True
cisa_df

Unnamed: 0,cve,cisa_kev
0,CVE-2021-27104,True
1,CVE-2021-27102,True
2,CVE-2021-27101,True
3,CVE-2021-27103,True
4,CVE-2021-21017,True
...,...,...
1018,CVE-2023-44487,True
1019,CVE-2023-20198,True
1020,CVE-2023-4966,True
1021,CVE-2023-20273,True


In [47]:
epss_df = pd.read_csv('../data_in/epss/epss.csv.gz', usecols=['cve','epss'], skiprows=1, compression="gzip")
epss_df

Unnamed: 0,cve,epss
0,CVE-1999-0001,0.01167
1,CVE-1999-0002,0.02833
2,CVE-1999-0003,0.02487
3,CVE-1999-0004,0.00403
4,CVE-1999-0005,0.94040
...,...,...
216201,CVE-2023-5810,0.00045
216202,CVE-2023-5811,0.00045
216203,CVE-2023-5812,0.00045
216204,CVE-2023-5813,0.00043


In [48]:
nvd_df = pd.read_csv('../data_in/nvd/nvd_cves_v3.csv.gz', compression="gzip")
nvd_df = nvd_df.rename(columns={"CVE": "cve"})
nvd_df

Unnamed: 0,cve,baseScore,attackComplexity,attackVector,userInteraction,privilegesRequired,confidentialityImpact,integrityImpact,availabilityImpact
0,CVE-1999-0199,9.8,LOW,NETWORK,NONE,NONE,HIGH,HIGH,HIGH
1,CVE-1999-0236,7.5,LOW,NETWORK,NONE,NONE,HIGH,NONE,NONE
2,CVE-2000-0258,7.5,LOW,NETWORK,NONE,NONE,NONE,NONE,HIGH
3,CVE-2000-1254,7.5,LOW,NETWORK,NONE,NONE,HIGH,NONE,NONE
4,CVE-2002-20001,7.5,LOW,NETWORK,NONE,NONE,NONE,NONE,HIGH
...,...,...,...,...,...,...,...,...,...
141356,CVE-2023-5632,7.5,LOW,NETWORK,NONE,NONE,NONE,NONE,HIGH
141357,CVE-2023-5638,5.4,LOW,NETWORK,REQUIRED,LOW,LOW,LOW,NONE
141358,CVE-2023-5639,5.4,LOW,NETWORK,REQUIRED,LOW,LOW,LOW,NONE
141359,CVE-2023-5642,9.8,LOW,NETWORK,NONE,NONE,HIGH,HIGH,HIGH


In [49]:
#https://msrc.microsoft.com/update-guide/vulnerability 
df_msrc = pd.read_csv('../data_in/msrc/msrc_security_updates.csv', usecols=["CVE Number"])
df_msrc = df_msrc.rename(columns={"CVE Number": "cve"})
df_msrc['msrc'] = True
df_msrc

Unnamed: 0,cve,msrc
0,CVE-2023-44487,True
1,CVE-2023-36563,True
2,CVE-2023-41763,True
3,CVE-2023-5217,True
4,CVE-2023-4863,True
...,...,...
228,CVE-2023-4900,True
229,CVE-2023-4764,True
230,CVE-2023-4763,True
231,CVE-2023-4762,True


In [50]:
#https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1190662839
df_gpz = pd.read_csv('../data_in/gpz/0day_In_the_Wild_All.csv', usecols=["CVE"])
df_gpz = df_gpz.rename(columns={"CVE": "cve"})
df_gpz['gpz'] = True
df_gpz

Unnamed: 0,cve,gpz
0,CVE-2023-42824,True
1,CVE-2023-22515,True
2,CVE-2023-4211,True
3,CVE-2023-5217,True
4,CVE-2023-41992,True
...,...,...
9120,,True
9121,,True
9122,,True
9123,,True


In [51]:
# Fill any values not True with False - so we avoid NaNs - so we preserve the Bool column type
cve_list_df = pd.merge(nvd_df, metasploit_df, on='cve', how='left').fillna(False)
cve_list_df = pd.merge(cve_list_df, nuclei_df, on='cve', how='left').fillna(False)
cve_list_df = pd.merge(cve_list_df, epss_df, on='cve', how='left').fillna(False)
cve_list_df = pd.merge(cve_list_df, exploitdb_df, on='cve', how='left').fillna(False)
cve_list_df = pd.merge(cve_list_df, cisa_df, on='cve', how='left').fillna(False)
cve_list_df = pd.merge(cve_list_df, df_msrc, on='cve', how='left').fillna(False)
cve_list_df = pd.merge(cve_list_df, df_gpz, on='cve', how='left').fillna(False)


cve_list_df.drop_duplicates(inplace = True)
cve_list_df

Unnamed: 0,cve,baseScore,attackComplexity,attackVector,userInteraction,privilegesRequired,confidentialityImpact,integrityImpact,availabilityImpact,metasploit,nuclei,epss,exploitdb,cisa_kev,msrc,gpz
0,CVE-1999-0199,9.8,LOW,NETWORK,NONE,NONE,HIGH,HIGH,HIGH,False,False,0.00604,False,False,False,False
1,CVE-1999-0236,7.5,LOW,NETWORK,NONE,NONE,HIGH,NONE,NONE,False,False,0.00137,True,False,False,False
2,CVE-2000-0258,7.5,LOW,NETWORK,NONE,NONE,NONE,NONE,HIGH,False,False,0.00590,False,False,False,False
3,CVE-2000-1254,7.5,LOW,NETWORK,NONE,NONE,HIGH,NONE,NONE,False,False,0.00543,False,False,False,False
4,CVE-2002-20001,7.5,LOW,NETWORK,NONE,NONE,NONE,NONE,HIGH,False,False,0.00544,False,False,False,False
...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...
141445,CVE-2023-5632,7.5,LOW,NETWORK,NONE,NONE,NONE,NONE,HIGH,False,False,0.00044,False,False,False,False
141446,CVE-2023-5638,5.4,LOW,NETWORK,REQUIRED,LOW,LOW,LOW,NONE,False,False,0.00051,False,False,False,False
141447,CVE-2023-5639,5.4,LOW,NETWORK,REQUIRED,LOW,LOW,LOW,NONE,False,False,0.00051,False,False,False,False
141448,CVE-2023-5642,9.8,LOW,NETWORK,NONE,NONE,HIGH,HIGH,HIGH,False,False,0.00890,False,False,False,False


# Add Exploitability column to indicate the exploitability source 

In [52]:
def exploitatability(cisa_kev, metasploit, nuclei, exploitdb):
    
    if (cisa_kev):
        return 0
    elif (metasploit & nuclei):
        return 1
    elif (metasploit):
        return 2
    elif (nuclei):
        return 3
    elif (exploitdb):
        return 4
    else:
        return 5

In [53]:
cve_list_df["exploit"] = cve_list_df.apply(lambda x: exploitatability(x['cisa_kev'], x['metasploit'], x['nuclei'], x['exploitdb']), axis=1)
cve_list_df

Unnamed: 0,cve,baseScore,attackComplexity,attackVector,userInteraction,privilegesRequired,confidentialityImpact,integrityImpact,availabilityImpact,metasploit,nuclei,epss,exploitdb,cisa_kev,msrc,gpz,exploit
0,CVE-1999-0199,9.8,LOW,NETWORK,NONE,NONE,HIGH,HIGH,HIGH,False,False,0.00604,False,False,False,False,5
1,CVE-1999-0236,7.5,LOW,NETWORK,NONE,NONE,HIGH,NONE,NONE,False,False,0.00137,True,False,False,False,4
2,CVE-2000-0258,7.5,LOW,NETWORK,NONE,NONE,NONE,NONE,HIGH,False,False,0.00590,False,False,False,False,5
3,CVE-2000-1254,7.5,LOW,NETWORK,NONE,NONE,HIGH,NONE,NONE,False,False,0.00543,False,False,False,False,5
4,CVE-2002-20001,7.5,LOW,NETWORK,NONE,NONE,NONE,NONE,HIGH,False,False,0.00544,False,False,False,False,5
...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...
141445,CVE-2023-5632,7.5,LOW,NETWORK,NONE,NONE,NONE,NONE,HIGH,False,False,0.00044,False,False,False,False,5
141446,CVE-2023-5638,5.4,LOW,NETWORK,REQUIRED,LOW,LOW,LOW,NONE,False,False,0.00051,False,False,False,False,5
141447,CVE-2023-5639,5.4,LOW,NETWORK,REQUIRED,LOW,LOW,LOW,NONE,False,False,0.00051,False,False,False,False,5
141448,CVE-2023-5642,9.8,LOW,NETWORK,NONE,NONE,HIGH,HIGH,HIGH,False,False,0.00890,False,False,False,False,5


In [54]:

cve_list_df.to_csv('../data_out/nvd_cves_v3_enriched.csv.gz', index=False, compression="gzip")
