Simple script to query AlienVault OTX for CVE information. Specifically we're looking to learn if any given CVE has an existing exploit and if it has been exploited in the wild. This is intended as a backup method of enriching vulnerability report data from TA.
CVE-OTX Lookup uses AlienVault's OTX Python SDK (distributed under the Apache-2.0 License) which can be installed like below
python3.exe -m pip install --user OTXv2
python.exe .\otx-cve-lookup.py -h
usage: otx-cve-lookup.py [-h] (-c CVE | --cvelist CVELIST | --cvefile CVEFILE | --readfile READFILE) [--csvout]
OTX CVE in wild lookup
optional arguments:
-h, --help show this help message and exit
-c CVE, --cve CVE CVE eg; CVE-2020-14882
--cvelist CVELIST Comma-separated list of CVEs eg; CVE-2017-8977,CVE-2017-11882
--cvefile CVEFILE New-Line-separated file of CVEs eg; ./cve-list.txt
--readfile READFILE Regex search plain text file for CVEs eg; ./vulnreport.csv
--csvout Output results in CSV format
python.exe .\otx-cve-lookup.py -c CVE-2020-14882
Looking up following CVEs:
CVE-2020-14882
[+] CVE-2020-14882:
[!] ALIENVAULT HAS SEEN THIS (CVE-2020-14882) ACTIVELY EXPLOITED IN THE WILD
[!] ALIENVAULT HAS SEEN EXPLOITS FOR THIS (CVE-2020-14882)
python.exe .\otx-cve-lookup.py --cvelist CVE-2017-8977,CVE-2017-11882 --csvout
cve,exploited in wild,exploit exists
CVE-2017-8977,False,False
CVE-2017-11882,False,True
TBD