The vulnerability knowledge store
Project description
Patton - The vulnerability knowledge store
Current version |
0.0.3 |
Project site |
|
Issues |
|
Documentation |
|
Python versions |
3.6 or above |
How it works
patton-server is a small service that preprocess CVEs and CPEs from NIST and perform intelligent queries to a postgres database. You can consume the service via api, cli or with the postman in this repository.
What’s Patton Server
Patton server is project that store the vulnerability information (CVEs) and link it with product details (CPE) and allow to ask in a very clever way.
For example:
Finding library vulnerabilities
Given a software library in raw format, i.e: django
And a version in a possible version, i.e: 1.2
Patton can find all the Product Identification for Django and their public vulnerabilities.
Finding software from raw text
Given a HTTP server banner, i.e: “Apache 2.2-ubuntu2 +PHP Mod”
Patton can find, with a very exact way, vulnerabilities for Apache and the specific version
What’s the different with other projects?
There’re other project, like CVE Search that also stores CVE information. What’s is the difference then with Patton?
Clever matching
Differing with the approach of CVE-Search (and other projects) Patton don’t need a CPE as input. Patton deduces the CPE.
The actually Patton purpose is build clever queries and deduce information. Por example: from a library name and their version, can deduce the related CPEs and associated CVEs.
Be updated
Patton can alert you when new vulnerabilities are released:
You can configure the Patton web-hook and it will alert you with ONLY with new vulnerabilities published.
How to use Patton server?
Patton serve has a REST API. You can check if in different ways:
Using raw curl / wget / [YOUR FAVORITE HTTP CLIENT]
Using the Postman collection you can find in this repo (named patton_server.postman.json)
Using Patton-cli (https://github.com/bbva/patton-cli/: We recommend to use this way. Patton-cli is a powerful client for Patton server that allow to extract and check vulnerabilities for your systems in a many different ways.
Documentation
Go to documentation site: https://patton-server.readthedocs.org/
Contributing
Any collaboration is welcome!
There’re many tasks to do.You can check the Issues and send us a Pull Request.
Also you can read the TODO file.
License
This project is distributed under Apache 2 license
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Hashes for patton-server-0.0.4.post10.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 189868a0a41c68067242268b34e00842bbd12e0bc7aa87ee61fdc40c1f62a374 |
|
| MD5 | 777286e694c7f6b3bee42b8cb700baa9 |
|
| BLAKE2b-256 | a8a879eb13af295730e6ccee2b4bd8e28a55559c8cdc727cd103888cdca47b1e |
