Vulnerability Analysis

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction

When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like NVD and MITRE are valuable, but relying on them directly can expose sensitive queries or create delays. That’s where CVE-Search steps in.

CVE-Search is an open-source tool that imports CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) data into MongoDB. This allows you to build a local CVE vulnerability database, making queries faster, private, and automation-ready.

It includes:

  • A back-end database for vulnerabilities and related metadata
  • An intuitive web interface for searching and managing CVEs
  • Powerful command-line tools for querying
  • A REST API for integration into workflows

Why Use CVE-Search?

  • Faster queries: Local MongoDB searches are much quicker than remote lookups.
  • Privacy protection: Sensitive queries never leave your network.
  • Versatility: Choose between CLI, web, or API interfaces.
  • Automation friendly: Perfect for CI/CD pipelines or continuous monitoring.

Installing MongoDB

CVE-Search requires Python 3.3+ and MongoDB 2.2+ (or newer). Install MongoDB either from your distribution’s package manager or directly from MongoDB. Don’t forget to include the development headers.

For installation instructions, refer to the MongoDB manual.


Populating the Database

Once MongoDB is running, populate your CVE and CPE data:

./sbin/db_mgmt.py -p
./sbin/db_mgmt_cpe_dictionary.py
./sbin/db_updater.py -c

This fetches XML data from official CVE and CPE databases. The first import can take time depending on your system.

To add cross-references from NIST, Red Hat, and other vendors:

./sbin/db_mgmt_ref.py

Keeping the Database Updated

To update the database regularly:

./sbin/db_updater.py -v
  • Can be automated with cron
  • Logs are written to syslog by default

To fully reset and repopulate:

./sbin/db_updater.py -v -f

Usage Examples

With your database populated, query it using search.py:

./bin/search.py -p cisco:ios:12.4
./bin/search.py -p cisco:ios:12.4 -o json
./bin/search.py -f nagios -n
./bin/search.py -p microsoft:windows_7 -o html

Example: Find all Cisco WebEx vulnerabilities with official references:

./bin/search.py -p webex: -o csv -v "cisco"

Lookup a specific CVE:

./bin/search.py -c CVE-2010-3333

Other utilities include:

  • XMPP bot: ./bin/search_xmpp.py -j mybot@jabber.org -p strongpassword
  • Dump last CVEs (RSS/Atom): ./bin/dump_last.py -f atom -l 2
  • Web Interface: ./web/index.py

Ranking Database

CVE-Search allows ranking vulnerabilities per organization or department.

Example: Mark SAP NetWeaver as critical for accounting:

./sbin/db_ranking.py -c "sap:netweaver" -g "accounting" -r 3
./bin/search.py -c CVE-2012-4341 -r -n

Advanced Usage

Because CVE-Search is modular, you can combine it with Unix tools for analysis.

Example: Top vendors with “unknown” vulnerabilities

python3 bin/search_fulltext.py -q unknown -f \
| jq -c '.vulnerable_configuration[0]' \
| cut -f5 -d: | sort | uniq -c | sort -nr | head -10

Example: Compare CVSS scores (Oracle vs Sun JRE)

python3 bin/search.py -p oracle:java -o json | jq -r '.cvss' | Rscript -e 'summary(...)'
python3 bin/search.py -p sun:jre -o json | jq -r '.cvss' | Rscript -e 'summary(...)'

Full-Text Indexing & Visualization

Index CVEs:

./sbin/db_fulltext.py

Search full-text index:

./bin/search_fulltext.py -q NFS -q Linux

Generate visualization JSON (requires NLTK):

./bin/search_fulltext.py -g -s > cve.json

This produces keyword insights and frequency analysis for vulnerabilities.


Web Interface & API

CVE-Search includes:

  • Minimal web UI: View latest CVEs, query by ID. Runs on Flask + Flask-PyMongo.
  • JSON API: Programmatic access to vendors, products, and CVEs.

Examples:

curl http://127.0.0.1:5000/api/browse/      # List vendors
curl http://127.0.0.1:5000/api/browse/zyxel # Zyxel products
curl http://127.0.0.1:5000/api/search/zyxel/p-660hw

A public API is also available at cve.circl.lu.


Ecosystem & Integrations

Several projects extend CVE-Search:

  • cve-portal: CVE notification portal
  • cve-search-mt: Management toolkit
  • cve-scan: Nmap-based CVE scanner

Together, these enhance automation, monitoring, and proactive vulnerability management.


Docker Deployment & Quickstart

One of the easiest ways to get started with CVE-Search today is by using its official Docker Compose setup. This avoids the need to manually configure MongoDB, Redis, or dependencies on your host system.

Step 1: Clone the CVE-Search Docker Repository

git clone https://github.com/cve-search/CVE-Search-Docker.git
cd CVE-Search-Docker

Step 2: Start the Containers

Use Docker Compose to bring up the full stack (CVE-Search, MongoDB, Redis):

docker compose up -d

This launches all required services in the background.

Step 3: Access the Web Interface

Once running, the web interface is available at:

http://127.0.0.1:5000

From here, you can browse recent CVEs, search by vendor or product, and interact with the REST API.

Step 4: Keep Your Data Updated

Update CVE and CPE data inside the container with:

docker compose exec cvesearch ./sbin/db_updater.py -v

Step 5: Stop or Remove Containers

To gracefully shut down:

docker compose down

To remove all containers and volumes (resetting the database):

docker compose down -v

Why Use Docker for CVE-Search?

  • Fast setup: Get running in minutes without manual dependency management
  • Portable & reproducible: Works across different environments with the same configuration
  • Isolated services: MongoDB and Redis are preconfigured inside containers
  • Easy resets: Quickly rebuild or refresh your vulnerability database
0xSnow

0xSnow is a cybersecurity researcher with a focus on both offensive and defensive security. Working with ethical hacking, threat detection, Linux tools, and adversary simulation, 0xSnow explores vulnerabilities, attack chains, and mitigation strategies. Passionate about OSINT, malware analysis, and red/blue team tactics, 0xSnow shares detailed research, technical walkthroughs, and security tool insights to support the infosec community.

Recent Posts

Nmap cheat sheet for beginners

Nmap (Network Mapper) is a free tool that helps you find devices on a network,…

6 hours ago

Understanding the Model Context Protocol (MCP) and How It Works

Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…

1 week ago

The file Command – Quickly Identify File Contents in Linux

While file extensions in Linux are optional and often misleading, the file command helps decode what a…

1 week ago

How to Use the touch Command in Linux

The touch command is one of the quickest ways to create new empty files or update timestamps…

1 week ago

How to Search Files and Folders in Linux Using the find Command

Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…

1 week ago

How to Move and Rename Files in Linux with the mv Command

Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…

1 week ago