Mine SCCM and NIST NVD for host vulnerability data
Project description
Vulnmine uses simple Machine Learning to mine Microsoft’s SCCM host and software inventory data for vulnerable 3rd-party software.
NIST’s NVD vulnerability feeds are pulled in on a daily basis to determine the latest vulnerabilities to search for.
Running Vulnmine
There is a public container with test data ready for use on Docker Hub: lorgor/vulnmine
To download and run the Vulnmine container:
docker run -it --rm lorgor/vulnmine bash
python vulnmine/__main__.py -a 'all'Commandline Start Options
Here are the possible options when starting Vulnmine:
vulnmine.py [-h] [--version] [-l Logging] [-a Action] [-y Years] [-w Workdir]
-h --help Help information
-l --loglevel Set desired verbosity for logging:
'debug','info','warning','error','critical'
-a --action Desired action to perform:
'rd_sccm_hosts' Read SCCM host inventory data
'rd_sccm_sft' Read SCCM software inventory
'rd_cpe' Read/parse NIST CPE
vendor/product file
'rd_cve' Read/parse NIST CVE
vulnerability data
'match_vendors' Match SCCM publishers to NIST
CPE vendors
'match_sft' Match SCCM software to NIST CPE
software
'upd_hots_vulns' Produce consolidated host / vulnerable
software data
'output_stats' Output statistics
-y --years Number of yrs of CVE vulnerability data to download. There is
one file for each year
-w --workdir Specify the working directory
Production mode
If no parameters are specified, then Vulnmine runs in production mode:
The main vulnmine.py starts and sets up an endless schedule loop.
The loop fires once daily by default.
Each day Vulnmine:
Reads the SCCM inventory data files (UTF16 csv format) in the its CSV directory.
Downloads updated NVD feed files.
Processes the SCCM and NVD data.
Produces output JSON files into the same csv directory.
Yet more information …
Where to get more information
Vulnmine is on Github: https://github.com/lorgor/vulnmine And on Docker Hub: https://hub.docker.com/r/lorgor/vulnmine/
The docs directory has the full Vulnmine documentation.
To install vulnmine directly
Vulnmine can be installed using pip.
pip install [-U] python-dev vulnmineOn Ubuntu at least, the python-dev library must be installed on the system.
Change log
- 1.0
Initial release
- 1.3.0
Alpha release of .INI configuration support, publish to PyPI
- 1.4.0
Beta release
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file vulnmine-1.0.5.tar.gz.
File metadata
- Download URL: vulnmine-1.0.5.tar.gz
- Upload date:
- Size: 682.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b5166cab00c438e48c6cfe30ea3ebd708db426077c200ad784823f78acaff233
|
|
| MD5 |
448928ac03f1937b47aad6523f122aed
|
|
| BLAKE2b-256 |
e9abb2e07ff0c5323cf18e70931f6c2df769ef74626089e9e370d85ccc5297a7
|
File details
Details for the file vulnmine-1.0.5-py2-none-any.whl.
File metadata
- Download URL: vulnmine-1.0.5-py2-none-any.whl
- Upload date:
- Size: 705.7 kB
- Tags: Python 2
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5d367fa3e40fbc6ae99894dcbde001166a8275904a209a2c16ddb622dc9b3a3f
|
|
| MD5 |
7a9daaa38bdc520c2c76770a63d9248e
|
|
| BLAKE2b-256 |
e6d6e53c457974947a9a1d1efe3c6f9945e765fd236f42a54218b27e9bf883ae
|
