Skip to main content

Search for Common Platform Enumeration (CPE) strings using software names and titles.

Project description

cpe_search

Search for Common Platform Enumeration (CPE) strings using software names and titles.

About

cpe_search can be used to search for Common Platform Enumeration (CPE) strings using software names and titles. For example, if some tool discovered a web server running Apache 2.4.39, you can use this tool to easily and quickly retrieve the corresponding CPE 2.3 string cpe:2.3:a:apache:http_server:2.4.39:*:*:*:*:*:*:*. Thereafter, the retrieved CPE string can be used to accurately search for vulnerabilities, e.g. via the Online NVD or the search_vulns tool.

Installation

You can install cpe_search via pip directly:

pip3 install cpe_search

You can also clone this repository and run:

pip3 install .

Note that to use cpe_search, a local database containing all available CPEs is required. You can download a prebuilt version from cpe_search's GitHub releases, which also happens automatically during the first use:

cpe_search -d

You can also have cpe_search build the database itself, based on all available CPEs from the NVD's official API:

cpe_search -u -k "<YOUR_NVD_API_KEY>"

An NVD API key is optional, but speeds up the building process - and it's free. Building the database yourself typically takes a couple of minutes, since data for subsequent searches is precomputed as well and put into the local database. You can also set up and provide a configuration file, see config.json.

Usage

cpe_search's usage information is shown in the following:

usage: cpe_search [-h] [-u] [-k API_KEY] [-n NUMBER] [-q QUERY] [-v] [-V] [-d] [-c CONFIG]

Search for CPEs using software names and titles -- Created by Dustin Born (ra1nb0rn)

options:
  -h, --help            show this help message and exit
  -u, --update          Update the local CPE database
  -k API_KEY, --api-key API_KEY
                        NVD API key to use for updating the local CPE dictionary
  -n NUMBER, --number NUMBER
                        The number of CPEs to show in the similarity overview (default: 3)
  -q QUERY, --query QUERY
                        A query, i.e. textual software name / title like 'Apache 2.4.39' or 'Wordpress 5.7.2'
  -v, --verbose         Be verbose and print status information
  -V, --version         Print the version of cpe_search
  -d, --download-database
                        Download cpe_search database from latest GitHub release
  -c CONFIG, --config CONFIG
                        A config file to use (default: config.json)
  --no-progress         Do not show progress bar when updating

Note that when querying software with -q you have to put the software information in quotes if it contains any spaces. Also, you can use -q multiple times to make multiple queries at once. Moreover, the output can be piped to be directly useable with other tools. Here are some examples:

  • Query Sudo 1.8.2 to retrieve its CPE 2.3 string:
    $ cpe_search -q "Sudo 1.8.2"
    cpe:2.3:a:sudo_project:sudo:1.8.2:*:*:*:*:*:*:*
    [('cpe:2.3:a:sudo_project:sudo:1.8.2:*:*:*:*:*:*:*', 0.8660254037844385),
     ('cpe:2.3:a:sudo_project:sudo:1.3.0:*:*:*:*:*:*:*', 0.5773502691896256),
     ('cpe:2.3:a:cryptography.io:cryptography:1.8.2:*:*:*:*:*:*:*',
      0.4714045207910316)]
    
  • Make a query and pipe the retrieved CPE to another tool:
    $ cpe_search -q "Windows 10 1809" | xargs echo
    cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
    
  • Make two queries at once:
    $ cpe_search -q "Apache 2.4.39" -q "Wordpress 5.7.2"
    cpe:2.3:a:apache:http_server:2.4.39:*:*:*:*:*:*:*
    [('cpe:2.3:a:apache:http_server:2.4.39:*:*:*:*:*:*:*', 0.6666664603674289),
    ('cpe:2.3:a:apache:apache-airflow-providers-apache-spark:-:*:*:*:*:*:*:*',
      0.600000153741923),
    ('cpe:2.3:a:apache:apache-airflow-providers-apache-hive:-:*:*:*:*:*:*:*',
      0.600000153741923)]
    
    cpe:2.3:a:wordpress:wordpress:5.7.2:*:*:*:*:*:*:*
    [('cpe:2.3:a:wordpress:wordpress:5.7.2:*:*:*:*:*:*:*', 0.9805804786431419),
    ('cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*', 0.7071067811865475),
    ('cpe:2.3:a:adenion:blog2social:5.7.2:*:*:*:*:wordpress:*:*',
      0.6859944446591075)]
    

Using cpe_search as a Library

You can also use cpe_search as a library, primarily via its search_cpes function:

import json
from cpe_search.cpe_search import search_cpes
print(json.dumps(search_cpes("dell omsa 9.4.0.2"), indent=4))

This will return a dict similar to the following:

{
    "cpes": [...],
    "pot_cpes": [
        [
            "cpe:2.3:a:dell:openmanage_server_administrator:9.4.0.2:*:*:*:*:*:*:*",
            -0.7648908973691578
        ],
        [
            "cpe:2.3:a:dell:openmanage_server_administrator:-:*:*:*:*:*:*:*",
            0.7648908973691578
        ],
        [
            "cpe:2.3:a:dell:openmanage_server_administrator:5.2.0:*:*:*:*:*:*:*",
            0.7496154837764638
        ],
        [
            "cpe:2.3:a:dell:openmanage_server_administrator_installer:9.4.0.2:*:*:*:*:*:*:*",
            -0.6684871824798747
        ],
        [...]
    ]

cpes and pot_cpes each contains a list of CPEs and their match/similarity score. The lists are sorted by the (absolute) score. cpes contains only existing CPEs that are determined to be a valid match.

In difference, pot_cpes contains CPEs that are similar to the query but may not match it. It also contains CPEs that were automatically created by cpe_search, based on the official NVD dictionary. This is cpe_search's attempt to compensate for the NVD's dictionary occasionally being out of date regarding product versions. Such created CPEs are denoted by a negative similarity score, whose absolute value is identical to the CPE it was created from. The above query, dell omsa 9.4.0.2, is a good example of this, since there is no official CPE for that specific version of Dell OMSA.

License

cpe_search is licensed under the MIT license, see here.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cpe_search-0.2.9.tar.gz (25.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cpe_search-0.2.9-py3-none-any.whl (23.4 kB view details)

Uploaded Python 3

File details

Details for the file cpe_search-0.2.9.tar.gz.

File metadata

  • Download URL: cpe_search-0.2.9.tar.gz
  • Upload date:
  • Size: 25.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for cpe_search-0.2.9.tar.gz
Algorithm Hash digest
SHA256 fbc56d47428ba76b4ab545179be071903431294adf264f0a228decf4f3d188f8
MD5 e6341d20de8faa8539e0b9bc71a436aa
BLAKE2b-256 4f42e97f88eab109cd7902f39139fd69c886ee183bda782e21daef3a1a4057c9

See more details on using hashes here.

Provenance

The following attestation bundles were made for cpe_search-0.2.9.tar.gz:

Publisher: publish_pypi_package_on_new_release.yml on ra1nb0rn/cpe_search

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cpe_search-0.2.9-py3-none-any.whl.

File metadata

  • Download URL: cpe_search-0.2.9-py3-none-any.whl
  • Upload date:
  • Size: 23.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for cpe_search-0.2.9-py3-none-any.whl
Algorithm Hash digest
SHA256 e14009f9928a875cd002a3bdf664f1395da9968a8a7b66f54c289318811df043
MD5 a62235cde1b7bbef64815fb26ee89306
BLAKE2b-256 331dff0f65b57a99b6bd94df3f78540dde68a5bc0fd2443894da3d0cd31a9f70

See more details on using hashes here.

Provenance

The following attestation bundles were made for cpe_search-0.2.9-py3-none-any.whl:

Publisher: publish_pypi_package_on_new_release.yml on ra1nb0rn/cpe_search

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page