I'm working on a side project. In my use case, I needed to have a sort of API interface with some vuln data without performing tons of queries on external third-party services.
I have a lot of work ahead of me, as I'm planning on adding things and making improvements.
The API now uses mongodb as I am making a mini production instance on my network for this project. If you don't want to use mongo and just want to keep it to static file use, simply don't stand up a mongodb server. The code will automatically check and see if it can connect. If not, it will fallback to apiv1.
Setup instructions have moved to the Wiki
I rewrote how CVE-Land handles token creation. On first run, the application will generate you a salt so you don't have to. Secondly, you can now see, delete, and add user keys all through a new web ui.
Accessing the web ui is done via the /admin
path.
Default Login: admin/secret
(changeable within .env)
Admin Login:
Viewing Users:
Adding Users:
You will need to send an authoized request to the api.
curl http://127.0.0.1:5000/v2/CVE-2023-1027 -H 'Authorization: Bearer synfinner c0178xxxxxxxx9959de26e15'
Endpoints are available in the Wiki
All endpoints have been removed and MongoDB-based calls have since replaced legacy.
Please note that this project--in its current form--is the result of not being able to sleep and needing to easily obtain data for my use case.
Made with