Awesome

<h1 align="center">detectify-cves</h1> <h4 align="center">Find CVEs that don't have a Detectify modules.</h4> <p align="center"> <img src="https://img.shields.io/badge/python-v3-blue" alt="python badge"> <img src="https://img.shields.io/badge/license-MIT-green" alt="MIT license badge"> <a href="https://twitter.com/intent/tweet?text=https%3a%2f%2fgithub.com%2fgwen001%2fdetectify-cves%2f" target="_blank"><img src="https://img.shields.io/twitter/url?style=social&url=https%3A%2F%2Fgithub.com%2Fgwen001%2Fdetectify-cves" alt="twitter badge"></a> </p>

Description

This Python tool compares the official public list of CVEs from cve.mitre.org and the list of Detectify modules to find CVEs that don't have a modules yet.

Install

git clone https://github.com/gwen001/detectify-cves
cd detectify-cves
pip3 install -r requirements.txt

Requirements

1/ Once cloned, go to the script directory:

cd detectify-cves

2/ Get the full CVEs database:

wget https://cve.mitre.org/data/downloads/allitems.csv

3/ Get the full Detectify modules list (you need a crowdsourced Detectify account):

login on Detectify: https://cs.detectify.com/login
Browse to Scanner modules on the left menu: https://cs.detectify.com/dashboard/modules
Check the background requests performed by your browser and find https://fedeo.cs.detectify.com/graphql with a fat JSON response ~1.5Mo.
Save the output (with no HTTP headers) in the script directory as detectify-modules.json

Usage

$ python3 detectify-cves.py -s wordpress

usage: detectify-cves.py [-h] [-s SEARCH] [-l LIMIT] [-d DETECTIFY]

options:
  -h, --help            show this help message and exit
  -s SEARCH, --search SEARCH
                        search a specific keyword
  -l LIMIT, --limit LIMIT
                        display only n first results
  -d DETECTIFY, --detectify DETECTIFY
                        related to Detectify modules: 0:no module available, 1:module available (default), -1:doesn't matter

Feel free to open an issue if you have any problem with the script.