Skip to content

dsaccon/vulnmine

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

55 Commits

data/csv

data/csv

 
 

docs

docs

 
 

samples

samples

 
 

tests

tests

 
 

vulnmine

vulnmine

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

CHANGES.txt

CHANGES.txt

 
 

Dockerfile

Dockerfile

 
 

LICENSE.md

LICENSE.md

 
 

MANIFEST.in

MANIFEST.in

 
 

README.md

README.md

 
 

README.rst

README.rst

 
 

docker-compose.yml

docker-compose.yml

 
 

install.sh

install.sh

 
 

requirements.txt

requirements.txt

 
 

setup.cfg

setup.cfg

 
 

setup.py

setup.py

 
 

Repository files navigation

Vulnmine

Vulnmine uses simple Machine Learning to mine Microsoft's SCCM host and software inventory data for vulnerable 3rd-party software.

NIST's NVD vulnerability feeds are pulled in on a daily basis to determine the latest vulnerabilities to search for.

Running Vulnmine

There is a public container with test data ready for use on Docker Hub: lorgor/vulnmine

To download and run the Vulnmine container:

docker run -it --rm lorgor/vulnmine bash

python vulnmine/__main__.py -a 'all'

Commandline Start Options

Here are the possible options when starting Vulnmine:

vulnmine.py  [-h] [--version] [-l Logging] [-a Action] [-y Years] [-w Workdir]
Parameter Use
-h Help information
-help
-l Set desired verbosity for logging:
--loglevel debug info warning error critical
-a Desired action to perform:
--action rd_sccm_hosts: Read SCCM host data
rd_sccm_sft: Read SCCM software data
rd_cpe: Download / input NIST CPE Vendor-Product dictionary
rd_cve: Download / input NIST CVE Vulnerability feed data
match_vendors:
Match vendors from SCCM "Add-Remove" registry data to NVD CPE data
match_sft:
Match software from SCCM "Add-Remove"registry data to NVD CPE data
upd_hosts_vulns: Determine vulnerabilities for each host in SCCM
output_stats: Output the results
all: Run all the above in sequence
-y Number of years to download. There is one CVE feed file for each year's data.
--years
-w Specifies work directory
--workdir

Production mode

If no parameters are specified, then Vulnmine runs in production mode:

  • The main vulnmine.py starts and sets up an endless schedule loop.
  • The loop fires once daily by default.
  • Each day Vulnmine:
    • Reads the SCCM inventory data files (UTF16 csv format) in the its CSV directory.
    • Downloads updated NVD feed files.
    • Processes the SCCM and NVD data.
    • Produces output JSON files into the same csv directory.

Configuring Vulnmine

Vulnmine can be configured using .INI files. (This uses the standard python ConfigParser library.)

The default .INI file is in vulnmine/vulnmine_data/vulnmine_defaults.ini.

Users can override default values. Vulnmine looks for the following file: data/vulnmine.ini.

Here is an example:

[User]
# Section must start with "[User]"

# Override Plugin default values
# ===================================

# Plugins will load from "data/my_plugins"
Plugins: data/my_plugins/

# Turn off plugin function completely
Activate_plugins: No

Where to get more information

Vulnmine is on Github: https://github.com/ubisoftinc/vulnmine

The docs directory has the full Vulnmine documentation.

About

No description, website, or topics provided.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages