The vulnerability knowledge store
Patton - The vulnerability knowledge store
|Python versions||3.6 or above|
How it works
patton-server is a small service that preprocess CVEs and CPEs from NIST and perform intelligent queries to a postgres database. You can consume the service via api, cli or with the postman in this repository.
You can see the Demo video for a quick start:
What’s Patton Server
Patton server is project that store the vulnerability information (CVEs) and link it with product details (CPE) and allow to ask in a very clever way.
Finding library vulnerabilities
- Given a software library in raw format, i.e: django
- And a version in a possible version, i.e: 1.2
Patton can find all the Product Identification for Django and their public vulnerabilities.
Finding software from raw text
- Given a HTTP server banner, i.e: “Apache 2.2-ubuntu2 +PHP Mod”
Patton can find, with a very exact way, vulnerabilities for Apache and the specific version
What’s the different with other projects?
There’re other project, like CVE Search that also stores CVE information. What’s is the difference then with Patton?
Differing with the approach of CVE-Search (and other projects) Patton don’t need a CPE as input. Patton deduces the CPE.
The actually Patton purpose is build clever queries and deduce information. Por example: from a library name and their version, can deduce the related CPEs and associated CVEs.
Patton can alert you when new vulnerabilities are released:
You can configure the Patton web-hook and it will alert you with ONLY with new vulnerabilities published.
How to use Patton server?
Patton serve has a REST API. You can check if in different ways:
- Using raw curl / wget / [YOUR FAVORITE HTTP CLIENT]
- Using the Postman collection you can find in this repo (named patton_server.postman.json)
- Using Patton-cli (https://github.com/bbva/patton-cli/: We recommend to use this way. Patton-cli is a powerful client for Patton server that allow to extract and check vulnerabilities for your systems in a many different ways.
Go to documentation site: https://patton-server.readthedocs.org/
Any collaboration is welcome!
There’re many tasks to do.You can check the Issues and send us a Pull Request.
Also you can read the TODO file.
This project is distributed under Apache 2 license