VEACH – Vulnerabilities Exposure and Analysis in Code and Hardware
A remote managed CVE and CPE MongoDB that syncs with NIST NVD Data feeds
Explore the docs »
View Demo
·
Report Bug
·
Request Feature
Table of Contents
The VEACH Remote DB project is part of the VEACH project.
It's a Node.js project that implements a remote managed CVE & CPE databases. The remote database is maintained & updated automatically. Using this remote database, the VEACH system local MongoDB database will be updated periodically from the remote CVE & CPE database.
NVD vulnerability data feeds are published as year-wise JSON files in gzip format. This makes fetching CVE details for particular CVE ID very difficult.
The project integrates with NIST NVD Data feeds to initially import JSON feeds and afterwards syncs the feeds using meta
feeds dates comparision. By doing so, we are able to keep the database up-to-date with NIST data feeds as suggested here.
This project also provides queryable REST-API using NodeJS.
The following are the frameworks and npm packages used in the project:
To get a local copy up and running, follow these steps.
Make sure you have the Node.js 16 or above installed [Download Node.js](https://nodejs.org/en/download/0
If you have npm install, check the version with npm --version
, upgrade npm if needed.
- npm
npm install npm@latest -g
The remote DB that was used was a MongoDB Atlas managed DB.
We used AWS Elastic Beanstalk to deploy our Node.js app to the cloud. In order to use this service, you have to create an account in AWS first.
- Set up
aws cli
in your environment - https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html - Set up
eb cli
in your environment - https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/eb-cli3-install.html
- Clone the repo
git clone https://github.com/omeround3/veach-remote-db.git
- Install NPM packages
npm install
- Create a
.env
file in the root folder and MongoDB credentails and hostname. And Node app port and log level.DB_USERNAME="username" DB_PASSWORD="password" DB_HOST="hostname" PORT="3000" LOG_LEVEL="debug"
To run this project simply run: npm start
Logging is set to stdout
by default, but it can be changed if needed by modifying the winston logger settings that can be found in: veach-remote-db/app/services/logger.js
GET http://localhost:3000/cvedetails/CVE-2017-0001
{
"_id": "CVE-2017-0001",
"cve": {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-0001",
"ASSIGNER": "cve@mitre.org"
},
"description": {
"description_data": [{
"lang": "en",
"value": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka \"Windows GDI Elevation of Privilege Vulnerability.\" This vulnerability is different from those described in CVE-2017-0005, CVE-2017-0025, and CVE-2017-0047."
}]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
"baseMetricV2": {
"cvssV2": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2
},
"severity": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 10,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
},
"publishedDate": "2017-03-17T00:59Z",
"lastModifiedDate": "2019-10-03T00:03Z"
}
To deploy to AWS Elastic Beanstalk, we are recommending to follow AWS official documentation. They are covering all the steps needed to deploy the Node.js application to Elastic Beanstalk.
Make sure to create a user with specific permissions to Elastic Beansstalk and not to use the root AWS user for the deployment (basic security measures).
For reference, here are the configurations we used for environment creation and deployment:
- Create a folder under the root project folder name
.elasticbeanstalk
. - Create a file named
config.yml
inveach-remote-db/.elasticbeanstalk
folder with the following content:
branch-defaults:
dev:
environment: veach-remote-db-dev
global:
application_name: veach-remote-db
branch: null
default_ec2_keyname: veach-key
default_platform: Node.js 16 running on 64bit Amazon Linux 2
default_region: eu-central-1
include_git_submodules: true
instance_profile: null
platform_name: null
platform_version: null
profile: eb-deploy-user
repository: null
sc: git
workspace_type: Application
- Change the profile for the AWS CLI profile you want.
- Change the
default_region
if needed. - Change the branch used and any other parameters needed.
- Create a folder under the root project folder name
.ebextensions
. - Create a file named
01nodecommand.config
inveach-remote-db/.ebextensions
folder with the following content:
option_settings:
aws:elasticbeanstalk:container:nodejs:
NodeCommand: "npm start"
- Create a file named
02log-streaming.config
inveach-remote-db/.ebextensions
folder with the following content:
option_settings:
aws:elasticbeanstalk:cloudwatch:logs:
StreamLogs: true
DeleteOnTerminate: false
RetentionInDays: 7
- Run the command
eb create
and theneb deploy
(you need aws cli and eb configured in your environment)
- Add GUI for log monitoring
- Add basic user authentication
- Improve code documentation
See the open issues for a full list of proposed features (and known issues).
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature
) - Commit your Changes (
git commit -m 'Add some AmazingFeature'
) - Push to the Branch (
git push origin feature/AmazingFeature
) - Open a Pull Request
Distributed under the MIT License. See LICENSE.txt
for more information.
Project Link: https://github.com/omeround3/veach-remote-db
- Project inspired by nvd-cvedetails-api