This PowerShell script automates the process of gathering key vulnerability information directly from the National Vulnerability Database (NVD) via their REST API. Instead of manually searching the NIST website, this tool provides a fast, command-line method for retrieving vulnerability details and links to vendor references.
- Direct NIST API Query: Connects directly to the official NIST NVD API to retrieve the most up-to-date information for any given CVE.
- Key Information Display: Presents essential details, including the CVE number, a full description, and applicable versions.
- Interactive Vendor Links: Provides clickable URLs for vendor advisories and references, making it easy to research fixes and mitigations.
- Lightweight and Fast: Designed to be a quick, on-demand tool that gives you the information you need without a complex setup.
- A Windows host with PowerShell 3.0 or newer.
- An active internet connection.
Simply run the script. It will prompt you to enter the CVE number you want to search for.
.\nist-cve-reporter.ps1
Example: The script will prompt you for a CVE number, and after you enter it, the output will appear directly in the terminal, like so:
Enter cve number: CVE-2023-44487
Gahering information from NIST API...
CVE-2023-44487
A vulnerability was found in the HTTP/2 protocol's handling of CONTINUATION frames. This flaw allows an attacker to create a denial of service (DoS) attack by sending a stream of CONTINUATION frames...
cpe23uri: cpe:2.3:a:akamai:akamai_edge:*:*:*:*:*:*:*:*
Version From :
Version To:
cpe23uri: cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*
Version From : 2.0.0
Version To: 2.7.4
Tags: [Mitigation, Vendor Advisory]
url: [https://akamai.com/blog/security-research/http2-continuation-flood-dos](https://akamai.com/blog/security-research/http2-continuation-flood-dos)
Open Google?
( y / n / q )
- Version: 1.0
- Author: Scott Lichty
- Creation Date: 09/08/2021
- Purpose: Initial script to help with vulnerability research.