diff --git a/README.md b/README.md index 27153dd..08ce53e 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # CPE guesser -CPE guesser is a web service to guess the CPE name based on one or more keyword(s). Then the result can +CPE guesser is a command-line or web service to guess the CPE name based on one or more keyword(s). Then the result can be used against [cve-search](https://github.com/cve-search/cve-search) to do actual searches by CPE names. ## Requirements @@ -8,6 +8,66 @@ be used against [cve-search](https://github.com/cve-search/cve-search) to do act - Redis - Python +## Usage + +To use CPE guesser, you have to initialise the Redis database with `import.py`. Then you can use +the software with `lookup.py` to find the most probable CPE matching the keywords provided. + +### Command line - `lookup.py` + +~~~~ +usage: lookup.py [-h] [--word WORD] + +Find potential CPE names from a list of keyword(s) and return a JSON of the results + +optional arguments: + -h, --help show this help message and exit + --word WORD One or more keyword(s) to lookup +~~~~ + + +~~~~ +python3 lookup.py --word microsoft --word sql --word server | jq . +[ + [ + 51076, + "cpe:2.3:a:microsoft:sql_server_2017_reporting_services" + ], + [ + 51077, + "cpe:2.3:a:microsoft:sql_server_2019_reporting_services" + ], + [ + 57612, + "cpe:2.3:a:quest:intrust_knowledge_pack_for_microsoft_sql_server" + ], + [ + 60090, + "cpe:2.3:o:microsoft:sql_server" + ], + [ + 60660, + "cpe:2.3:a:microsoft:sql_server_desktop_engine" + ], + [ + 64489, + "cpe:2.3:a:microsoft:sql_server_reporting_services" + ], + [ + 75465, + "cpe:2.3:a:microsoft:sql_server_management_studio" + ], + [ + 77161, + "cpe:2.3:a:microsoft:sql_server" + ], + [ + 77793, + "cpe:2.3:a:ibm:tivoli_storage_manager_for_databases_data_protection_for_microsoft_sql_server" + ] +] +~~~~ + ## How does this work? A CPE entry is composed of a human readable name with some references and the structured CPE name. @@ -37,3 +97,9 @@ cpe (vendor:product) per version to give a probability of the CPE appearance. - `w:` set - `s:` sorted set with a score depending of the number of appearance + +# License + +Software is open source and released under a 2-Clause BSD License + +Copyright (C) 2021 Alexandre Dulaunoy