adulau/cpe-guesser
1
0
Fork 0
mirror of https://github.com/cve-search/cpe-guesser.git synced 2024-12-27 16:01:36 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: adulau:c5c74a4a51e4e94963ce5310c65719e9ce6113c4
Branches Tags
adulau:main
adulau:gh-pages
adulau:v1.2
adulau:v1.1
adulau:v1.0
..
compare: adulau:facc75d06d3226c2ee18e693751b8a20d23ab622
Branches Tags
adulau:main
adulau:gh-pages
adulau:v1.2
adulau:v1.1
adulau:v1.0

No commits in common. "c5c74a4a51e4e94963ce5310c65719e9ce6113c4" and "facc75d06d3226c2ee18e693751b8a20d23ab622" have entirely different histories.
c5c74a4a51 ... facc75d06d

3 changed files with 10 additions and 70 deletions
Show stats Expand all files Collapse all files

36
README.md
View file

@ -1,6 +1,7 @@
# CPE guesser
CPE Guesser is a command-line tool or web service designed to guess the CPE name based on one or more keywords. The resulting CPE can then be used with tools like [cve-search](https://github.com/cve-search/cve-search) or [vulnerability-lookup](https://github.com/cve-search/vulnerability-lookup) to perform actual searches using CPE names.
CPE guesser is a command-line or web service to guess the CPE name based on one or more keyword(s). Then the result can
be used against [cve-search](https://github.com/cve-search/cve-search) to do actual searches by CPE names.
## Requirements
@ -9,15 +10,11 @@ CPE Guesser is a command-line tool or web service designed to guess the CPE name
## Usage
To use CPE Guesser, you need to initialize the [Valkey](https://valkey.io/) database with `import.py`.
To use CPE guesser, you have to initialise the [Valkey](https://valkey.io/) database with `import.py`.
Once initialized, you can use the software with `lookup.py` to find the most probable CPE matching the provided keywords.
Then you can use the software with `lookup.py` to find the most probable CPE matching the keywords provided.
Alternatively, you can call the web server (after running `server.py`). For example:
```bash
curl -s -X POST http://localhost:8000/search -d '{"query": ["tomcat"]}' | jq .
```
Or by calling the Web server (After running `server.py`), example: `curl -s -X POST http://localhost:8000/search -d "{\"query\": [\"tomcat\"]}" | jq .`
### Installation
@ -79,29 +76,18 @@ curl -s -X POST https://cpe-guesser.cve-search.org/search -d "{\"query\": [\"out
]
```
The endpoint `/unique` is available to retrieve only the best-matching CPE entry.
```bash
curl -s -X POST https://cpe-guesser.cve-search.org/unique -d "{\"query\": [\"outlook\", \"connector\"]}" | jq .
```
```json
"cpe:2.3:a:oracle:corporate_time_outlook_connector"
```
### Command line - `lookup.py`
```text
usage: lookup.py [-h] [--unique] WORD [WORD ...]
usage: lookup.py [-h] WORD [WORD ...]
Find potential CPE names from a list of keyword(s) and return a JSON of the results
positional arguments:
WORD One or more keyword(s) to lookup
options:
optional arguments:
-h, --help show this help message and exit
--unique Return the best CPE matching the keywords given
```
```bash
@ -182,9 +168,5 @@ cpe (vendor:product) per version to give a probability of the CPE appearance.
Software is open source and released under a 2-Clause BSD License
~~~
Copyright (C) 2021-2024 Alexandre Dulaunoy
Copyright (C) 2021-2024 Esa Jokinen
~~~
We welcome contributions! All contributors collectively own the CPE Guesser project. By contributing, contributors also acknowledge the [Developer Certificate of Origin](https://developercertificate.org/) when submitting pull requests or using other methods of contribution.
Copyright (C) 2021-2024 Alexandre Dulaunoy
Copyright (C) 2021-2024 Esa Jokinen

16
bin/lookup.py
View file

@ -21,21 +21,7 @@ if __name__ == "__main__":
nargs="+",
help="One or more keyword(s) to lookup",
)
parser.add_argument(
"--unique",
action="store_true",
help="Return the best CPE matching the keywords given",
default=False,
)
args = parser.parse_args()
cpeGuesser = CPEGuesser()
r = cpeGuesser.guessCpe(args.word)
if not args.unique:
print(json.dumps(r))
else:
try:
r = r[:1][0][1]
except:
r = []
print(json.dumps(r))
print(json.dumps(cpeGuesser.guessCpe(args.word)))

28
bin/server.py
View file

@ -14,7 +14,6 @@ port = settings.server.port
runPath = os.path.dirname(os.path.realpath(__file__))
sys.path.append(os.path.join(runPath, ".."))
from lib.cpeguesser import CPEGuesser
@ -40,36 +39,9 @@ class Search:
resp.media = cpeGuesser.guessCpe(q["query"])
class Unique:
def on_post(self, req, resp):
data_post = req.bounded_stream.read()
js = data_post.decode("utf-8")
try:
q = json.loads(js)
except ValueError:
resp.status = falcon.HTTP_400
resp.media = "Missing query array or incorrect JSON format"
return
if "query" in q:
pass
else:
resp.status = falcon.HTTP_400
resp.media = "Missing query array or incorrect JSON format"
return
cpeGuesser = CPEGuesser()
try:
r = cpeGuesser.guessCpe(q["query"])[:1][0][1]
except:
r = []
resp.media = r
if __name__ == "__main__":
app = falcon.App()
app.add_route("/search", Search())
app.add_route("/unique", Unique())
try:
with make_server("", port, app) as httpd: