Search for Common Platform Enumeration (CPE) strings using software names and titles.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ra1nb0rn from gravatar.com ra1nb0rn

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Dustin Born
  • Tags cpe , enumeration , match , nvd , platform , search , software
  • Requires: Python >=3.10
  • Provides-Extra: all , dev , mariadb
Classifiers
Report project as malware

Project description

cpe_search

Search for Common Platform Enumeration (CPE) strings using software names and titles.

About

cpe_search can be used to search for Common Platform Enumeration (CPE) strings using software names and titles. For example, if some tool discovered a web server running Apache 2.4.39, you can use this tool to easily and quickly retrieve the corresponding CPE 2.3 string cpe:2.3:a:apache:http_server:2.4.39:*:*:*:*:*:*:*. Thereafter, the retrieved CPE string can be used to accurately search for vulnerabilities, e.g. via the Online NVD or the search_vulns tool.

Installation

You can install cpe_search via pip directly:

pip3 install cpe_search

You can also clone this repository and run:

pip3 install .

Note that to use cpe_search, a local database containing all available CPEs is required. You can download a prebuilt version from cpe_search's GitHub releases, which also happens automatically during the first use:

cpe_search -d

You can also have cpe_search build the database itself, based on all available CPEs from the NVD's official API:

cpe_search -u -k "<YOUR_NVD_API_KEY>"

An NVD API key is optional, but speeds up the building process - and it's free. Building the database yourself typically takes a couple of minutes, since data for subsequent searches is precomputed as well and put into the local database. You can also set up and provide a configuration file, see config.json.

Usage

cpe_search's usage information is shown in the following:

usage: cpe_search [-h] [-u] [-k API_KEY] [-n NUMBER] [-q QUERY] [-v] [-V] [-d] [-c CONFIG]

Search for CPEs using software names and titles -- Created by Dustin Born (ra1nb0rn)

options:
  -h, --help            show this help message and exit
  -u, --update          Update the local CPE database
  -k API_KEY, --api-key API_KEY
                        NVD API key to use for updating the local CPE dictionary
  -n NUMBER, --number NUMBER
                        The number of CPEs to show in the similarity overview (default: 3)
  -q QUERY, --query QUERY
                        A query, i.e. textual software name / title like 'Apache 2.4.39' or 'Wordpress 5.7.2'
  -v, --verbose         Be verbose and print status information
  -V, --version         Print the version of cpe_search
  -d, --download-database
                        Download cpe_search database from latest GitHub release
  -c CONFIG, --config CONFIG
                        A config file to use (default: config.json)
  --no-progress         Do not show progress bar when updating

Note that when querying software with -q you have to put the software information in quotes if it contains any spaces. Also, you can use -q multiple times to make multiple queries at once. Moreover, the output can be piped to be directly useable with other tools. Here are some examples:

  • Query Sudo 1.8.2 to retrieve its CPE 2.3 string: 
    $ cpe_search -q "Sudo 1.8.2"
cpe:2.3:a:sudo_project:sudo:1.8.2:*:*:*:*:*:*:*
[('cpe:2.3:a:sudo_project:sudo:1.8.2:*:*:*:*:*:*:*', 0.8660254037844385),
 ('cpe:2.3:a:sudo_project:sudo:1.3.0:*:*:*:*:*:*:*', 0.5773502691896256),
 ('cpe:2.3:a:cryptography.io:cryptography:1.8.2:*:*:*:*:*:*:*',
  0.4714045207910316)]
  • Make a query and pipe the retrieved CPE to another tool: 
    $ cpe_search -q "Windows 10 1809" | xargs echo
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
  • Make two queries at once: 
    $ cpe_search -q "Apache 2.4.39" -q "Wordpress 5.7.2"
cpe:2.3:a:apache:http_server:2.4.39:*:*:*:*:*:*:*
[('cpe:2.3:a:apache:http_server:2.4.39:*:*:*:*:*:*:*', 0.6666664603674289),
('cpe:2.3:a:apache:apache-airflow-providers-apache-spark:-:*:*:*:*:*:*:*',
  0.600000153741923),
('cpe:2.3:a:apache:apache-airflow-providers-apache-hive:-:*:*:*:*:*:*:*',
  0.600000153741923)]

cpe:2.3:a:wordpress:wordpress:5.7.2:*:*:*:*:*:*:*
[('cpe:2.3:a:wordpress:wordpress:5.7.2:*:*:*:*:*:*:*', 0.9805804786431419),
('cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*', 0.7071067811865475),
('cpe:2.3:a:adenion:blog2social:5.7.2:*:*:*:*:wordpress:*:*',
  0.6859944446591075)]

License

cpe_search is licensed under the MIT license, see here.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ra1nb0rn from gravatar.com ra1nb0rn

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Dustin Born
  • Tags cpe , enumeration , match , nvd , platform , search , software
  • Requires: Python >=3.10
  • Provides-Extra: all , dev , mariadb
Classifiers

Release history Release notifications | RSS feed

This version

0.2.8

0.2.7

0.2.6

0.2.5

0.2.4

0.2.3

0.2.2

0.2.1

0.2.0

0.1.9

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cpe_search-0.2.8.tar.gz (24.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cpe_search-0.2.8-py3-none-any.whl (22.6 kB view details)

Uploaded Python 3

File details

Details for the file cpe_search-0.2.8.tar.gz.

File metadata

  • Download URL: cpe_search-0.2.8.tar.gz
  • Upload date:
  • Size: 24.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for cpe_search-0.2.8.tar.gz
Algorithm Hash digest
SHA256 1a6b612112715a7ff8ed40a361e6be95c7997875dbdb1495d5af5517ce8c8478
MD5 ea08e08e89476483e6cc64acc0cf7754
BLAKE2b-256 2d3facaf6b5f34fa5c4a6de952d60885e354edcf7bbfd71fbd7029f1c0301f50

See more details on using hashes here.

Provenance

The following attestation bundles were made for cpe_search-0.2.8.tar.gz:

Publisher: publish_pypi_package_on_new_release.yml on ra1nb0rn/cpe_search

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cpe_search-0.2.8-py3-none-any.whl.

File metadata

  • Download URL: cpe_search-0.2.8-py3-none-any.whl
  • Upload date:
  • Size: 22.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for cpe_search-0.2.8-py3-none-any.whl
Algorithm Hash digest
SHA256 4a4f9d5b8d6b4b4af791fc58fcc363f52f63b79f516397d151f63d3c02db8a95
MD5 8002e858ba03e49d9e6a1001979a4a82
BLAKE2b-256 5a4feb718db3841e9dcadedbfe08991e7a1b100361501731c4e01ce8e9963eba

See more details on using hashes here.

Provenance

The following attestation bundles were made for cpe_search-0.2.8-py3-none-any.whl:

Publisher: publish_pypi_package_on_new_release.yml on ra1nb0rn/cpe_search

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page