mirror of
https://github.com/cve-search/cpe-guesser.git
synced 2024-11-15 03:18:28 +00:00
Lint markdown & add syntax highlighting
This commit is contained in:
parent
693cf4958b
commit
de822509d8
1 changed files with 17 additions and 14 deletions
27
README.md
27
README.md
|
@ -55,9 +55,11 @@ If you do not want to use the Web server, `lookup.py` can still be used. Example
|
||||||
[cpe-guesser.cve-search.org](https://cpe-guesser.cve-search.org) is public online version of CPE guesser which can be used via
|
[cpe-guesser.cve-search.org](https://cpe-guesser.cve-search.org) is public online version of CPE guesser which can be used via
|
||||||
a simple API. The endpoint is `/search` and the JSON is composed of a query list with the list of keyword(s) to search for.
|
a simple API. The endpoint is `/search` and the JSON is composed of a query list with the list of keyword(s) to search for.
|
||||||
|
|
||||||
|
```bash
|
||||||
~~~~
|
|
||||||
curl -s -X POST https://cpe-guesser.cve-search.org/search -d "{\"query\": [\"outlook\", \"connector\"]}" | jq .
|
curl -s -X POST https://cpe-guesser.cve-search.org/search -d "{\"query\": [\"outlook\", \"connector\"]}" | jq .
|
||||||
|
```
|
||||||
|
|
||||||
|
```json
|
||||||
[
|
[
|
||||||
[
|
[
|
||||||
18117,
|
18117,
|
||||||
|
@ -72,11 +74,11 @@ curl -s -X POST https://cpe-guesser.cve-search.org/search -d "{\"query\": [\"out
|
||||||
"cpe:2.3:a:oracle:corporate_time_outlook_connector"
|
"cpe:2.3:a:oracle:corporate_time_outlook_connector"
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
~~~~
|
```
|
||||||
|
|
||||||
### Command line - `lookup.py`
|
### Command line - `lookup.py`
|
||||||
|
|
||||||
~~~~
|
```text
|
||||||
usage: lookup.py [-h] WORD [WORD ...]
|
usage: lookup.py [-h] WORD [WORD ...]
|
||||||
|
|
||||||
Find potential CPE names from a list of keyword(s) and return a JSON of the results
|
Find potential CPE names from a list of keyword(s) and return a JSON of the results
|
||||||
|
@ -86,11 +88,13 @@ positional arguments:
|
||||||
|
|
||||||
optional arguments:
|
optional arguments:
|
||||||
-h, --help show this help message and exit
|
-h, --help show this help message and exit
|
||||||
~~~~
|
```
|
||||||
|
|
||||||
|
```bash
|
||||||
~~~~
|
|
||||||
python3 lookup.py microsoft sql server | jq .
|
python3 lookup.py microsoft sql server | jq .
|
||||||
|
```
|
||||||
|
|
||||||
|
```json
|
||||||
[
|
[
|
||||||
[
|
[
|
||||||
51325,
|
51325,
|
||||||
|
@ -129,13 +133,13 @@ python3 lookup.py microsoft sql server | jq .
|
||||||
"cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server"
|
"cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server"
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
~~~~
|
```
|
||||||
|
|
||||||
## How does this work?
|
## How does this work?
|
||||||
|
|
||||||
A CPE entry is composed of a human readable name with some references and the structured CPE name.
|
A CPE entry is composed of a human readable name with some references and the structured CPE name.
|
||||||
|
|
||||||
~~~
|
```xml
|
||||||
<cpe-item name="cpe:/a:10web:form_maker:1.7.17::~~~wordpress~~">
|
<cpe-item name="cpe:/a:10web:form_maker:1.7.17::~~~wordpress~~">
|
||||||
<title xml:lang="en-US">10web Form Maker 1.7.17 for WordPress</title>
|
<title xml:lang="en-US">10web Form Maker 1.7.17 for WordPress</title>
|
||||||
<references>
|
<references>
|
||||||
|
@ -143,13 +147,12 @@ A CPE entry is composed of a human readable name with some references and the st
|
||||||
</references>
|
</references>
|
||||||
<cpe-23:cpe23-item name="cpe:2.3:a:10web:form_maker:1.7.17:*:*:*:*:wordpress:*:*"/>
|
<cpe-23:cpe23-item name="cpe:2.3:a:10web:form_maker:1.7.17:*:*:*:*:wordpress:*:*"/>
|
||||||
</cpe-item>
|
</cpe-item>
|
||||||
~~~
|
```
|
||||||
|
|
||||||
The CPE name is structured with a vendor name, a product name and some additional information.
|
The CPE name is structured with a vendor name, a product name and some additional information.
|
||||||
CPE name can be easily changed due to vendor name or product name changes, some vendor/product are
|
CPE name can be easily changed due to vendor name or product name changes, some vendor/product are
|
||||||
sharing common names or name is composed of multiple words.
|
sharing common names or name is composed of multiple words.
|
||||||
|
|
||||||
|
|
||||||
### Data
|
### Data
|
||||||
|
|
||||||
Split vendor name and product name (such as `_`) into single word(s) and then canonize the word. Building an inverse index using
|
Split vendor name and product name (such as `_`) into single word(s) and then canonize the word. Building an inverse index using
|
||||||
|
@ -161,7 +164,7 @@ cpe (vendor:product) per version to give a probability of the CPE appearance.
|
||||||
- `w:<word>` set
|
- `w:<word>` set
|
||||||
- `s:<word>` sorted set with a score depending of the number of appearance
|
- `s:<word>` sorted set with a score depending of the number of appearance
|
||||||
|
|
||||||
# License
|
## License
|
||||||
|
|
||||||
Software is open source and released under a 2-Clause BSD License
|
Software is open source and released under a 2-Clause BSD License
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue