A list of URLs for security advisories and common-vulnerability-enumeration information (CVEs) to ease the process of finding free, fresh and reliable information about product vulnerabilities and related OSINT processes.
Finding up-to-date vulnerability information is still problematic and time consuming. The provided resources should help IT-people and users to identify resource and especially support the security life-cycle management. Enabling user to run OSINT without additional costs is a key function to IT security management.
The initial focus is Enterprise IT incl. industry automation, related Software and cost free resources.
Currently the 98 CVE-Resources include 25 Meta-Databases of which 4 Meta-Databases hold PoC/Exploit (e.g., KEV - Known Exploited Vulnerabilities) related information, and 73 Supplier-spezific resources.
There are 2 types of entries. Direct resources from a project or company e.g., Ubuntu Secondary resources of (free to accees) meta-cve-database like OpenCVE.io The type is indicated by "type" field of the JSON object.
Feel free to add resources
1.) that are meaningful
2.) validated to be not malicious
3.) uptodate and maintain
and that are
4.) not already part of the list
5.) reliable and trustworthy
6.) free to access
and feel free to remove/replace resource that
7.) are malicious
8.) pay-walled
9.) out of maintenance
Initially an object will provide 4 fields, those are
- Supplier - a mandatory string for the information provider and/or product supplier.
- Location (URL, RSSFeed, etc.) - a mandatory string indicating the information source.
- Comments - an optional string - describing the resource.
- Type - either "supplier-specific" or "meta-database"
The initial dataformat is JSON. The list is an Array/list of Objects, the Objects has the listed 4 attributes.
Array [
{Key-Value-Pair1, Key-Value-Pair2, Key-Value-Pair3, Key-Value-Pair4},
{Key-Value-Pair1, Key-Value-Pair2, Key-Value-Pair3, Key-Value-Pair4}
]
CSV version is available in file cve_resource_list_alpha_CSV
CSV version is comma (,) separated.
CSV includes Header-Information.
Order of attributes is Supplier,location,comment,type.
Autogeneratable HTML formate CVE resource collection is available in cveresources_fetched_DD-MM-YYYY.html.
Perl written HTML-generator CVE-resources-http-status-check.pl is available. The tool fetches the most recent release of cve_resources_list_alpha_sorted.JSON, checks all location URLs listed in the JSON file, and generates an output-file cveresources_fetched_.html containing the HTTP response code of each URL. The output-file has plain simple HTML format.
Check availability, accessibility and changes of for CVE-resources (URLs, URIs) is required to maintain an up-to-date list of resources. An updated version of the output of the status generator will be generated and provided on this project from time to time.
Status Code 404 and 500 indicates issues with the resource location. Status 200 indicates ok. Status 403 indicates authorization might be required.
To execute the tool a recent version of the Perl 5 interpreter is required. Download the file JSON2HTM_Formatter.pl and execute "perl CVE-resources-http-status-check.pl". Tested with Strawberry Perl 5.38.2. Should work on Windows as well as Linux. Perl and contained libraries should be in path variable.
Perl written HTML-generator JSON2HTM_Formatter.pl is available. The tool fetches the most recent release of cve_resources_list_alpha_sorted.JSON and generates the output-file cveresources_fetched_.html in plain simple HTML format.
To execute the tool a recent version of the Perl 5 interpreter is required. Download the file JSON2HTM_Formatter.pl and execute "perl JSON2HTM_Formatter.pl". Tested with Strawberry Perl 5.38.2. Should work on Windows as well as Linux. Perl and contained libraries should be in path variable.
Feel free to add other machine readable formats e.g., YML, XML, Bookmarks or even databases-table-dumps like MySQL, MariaDB, PostgreSQL, MongoDB and other Key-Value-Stores.
Please, feel free to contribute, maintain and keep up-to-date. Any help welcome.
Thanks, Boa