CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction

When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like NVD and MITRE are valuable, but relying on them directly can expose sensitive queries or create delays. That’s where CVE-Search steps in.

CVE-Search is an open-source tool that imports CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) data into MongoDB. This allows you to build a local CVE vulnerability database, making queries faster, private, and automation-ready.

It includes:

• A back-end database for vulnerabilities and related metadata
• An intuitive web interface for searching and managing CVEs
• Powerful command-line tools for querying
• A REST API for integration into workflows

---

Why Use CVE-Search?

• Faster queries: Local MongoDB searches are much quicker than remote lookups.
• Privacy protection: Sensitive queries never leave your network.
• Versatility: Choose between CLI, web, or API interfaces.
• Automation friendly: Perfect for CI/CD pipelines or continuous monitoring.

---

Installing MongoDB

CVE-Search requires Python 3.3+ and MongoDB 2.2+ (or newer). Install MongoDB either from your distribution’s package manager or directly from MongoDB. Don’t forget to include the development headers.

For installation instructions, refer to the MongoDB manual.

---

Populating the Database

Once MongoDB is running, populate your CVE and CPE data:

./sbin/db_mgmt.py -p
./sbin/db_mgmt_cpe_dictionary.py
./sbin/db_updater.py -c

This fetches XML data from official CVE and CPE databases. The first import can take time depending on your system.

To add cross-references from NIST, Red Hat, and other vendors:

./sbin/db_mgmt_ref.py

---

Keeping the Database Updated

To update the database regularly:

./sbin/db_updater.py -v

• Can be automated with cron
• Logs are written to syslog by default

To fully reset and repopulate:

./sbin/db_updater.py -v -f

---

Usage Examples

With your database populated, query it using search.py:

./bin/search.py -p cisco:ios:12.4
./bin/search.py -p cisco:ios:12.4 -o json
./bin/search.py -f nagios -n
./bin/search.py -p microsoft:windows_7 -o html

Example: Find all Cisco WebEx vulnerabilities with official references:

./bin/search.py -p webex: -o csv -v "cisco"

Lookup a specific CVE:

./bin/search.py -c CVE-2010-3333

Other utilities include:

• XMPP bot: ./bin/search_xmpp.py -j mybot@jabber.org -p strongpassword
• Dump last CVEs (RSS/Atom): ./bin/dump_last.py -f atom -l 2
• Web Interface: ./web/index.py

---

Ranking Database

CVE-Search allows ranking vulnerabilities per organization or department.

Example: Mark SAP NetWeaver as critical for accounting:

./sbin/db_ranking.py -c "sap:netweaver" -g "accounting" -r 3
./bin/search.py -c CVE-2012-4341 -r -n

---

Advanced Usage

Because CVE-Search is modular, you can combine it with Unix tools for analysis.

Example: Top vendors with “unknown” vulnerabilities

python3 bin/search_fulltext.py -q unknown -f \
| jq -c '.vulnerable_configuration[0]' \
| cut -f5 -d: | sort | uniq -c | sort -nr | head -10

Example: Compare CVSS scores (Oracle vs Sun JRE)

python3 bin/search.py -p oracle:java -o json | jq -r '.cvss' | Rscript -e 'summary(...)'
python3 bin/search.py -p sun:jre -o json | jq -r '.cvss' | Rscript -e 'summary(...)'

---

Full-Text Indexing & Visualization

Index CVEs:

./sbin/db_fulltext.py

Search full-text index:

./bin/search_fulltext.py -q NFS -q Linux

Generate visualization JSON (requires NLTK):

./bin/search_fulltext.py -g -s > cve.json

This produces keyword insights and frequency analysis for vulnerabilities.

---

Web Interface & API

CVE-Search includes:

• Minimal web UI: View latest CVEs, query by ID. Runs on Flask + Flask-PyMongo.
• JSON API: Programmatic access to vendors, products, and CVEs.

Examples:

curl http://127.0.0.1:5000/api/browse/      # List vendors
curl http://127.0.0.1:5000/api/browse/zyxel # Zyxel products
curl http://127.0.0.1:5000/api/search/zyxel/p-660hw

A public API is also available at cve.circl.lu.

---

Ecosystem & Integrations

Several projects extend CVE-Search:

• cve-portal: CVE notification portal
• cve-search-mt: Management toolkit
• cve-scan: Nmap-based CVE scanner

Together, these enhance automation, monitoring, and proactive vulnerability management.

---

Docker Deployment & Quickstart

One of the easiest ways to get started with CVE-Search today is by using its official Docker Compose setup. This avoids the need to manually configure MongoDB, Redis, or dependencies on your host system.

Step 1: Clone the CVE-Search Docker Repository

git clone https://github.com/cve-search/CVE-Search-Docker.git
cd CVE-Search-Docker

Step 2: Start the Containers

Use Docker Compose to bring up the full stack (CVE-Search, MongoDB, Redis):

docker compose up -d

This launches all required services in the background.

Step 3: Access the Web Interface

Once running, the web interface is available at:

http://127.0.0.1:5000

From here, you can browse recent CVEs, search by vendor or product, and interact with the REST API.

Step 4: Keep Your Data Updated

Update CVE and CPE data inside the container with:

docker compose exec cvesearch ./sbin/db_updater.py -v

Step 5: Stop or Remove Containers

To gracefully shut down:

docker compose down

To remove all containers and volumes (resetting the database):

docker compose down -v

---

Why Use Docker for CVE-Search?

• Fast setup: Get running in minutes without manual dependency management
• Portable & reproducible: Works across different environments with the same configuration
• Isolated services: MongoDB and Redis are preconfigured inside containers
• Easy resets: Quickly rebuild or refresh your vulnerability database