OrlandoDC

How to retrieve CVSS Scores with Bulk CVE Lookup in NIST NVD via Python

Jan 15th, 2022 (edited)
84
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # This source: https://pastebin.com/edit/GPRkbrut
  2. # Inspiration: https://thecyberbyte.com/nist-bulk-cve-lookup-for-cvss-with-python/
  3. #
  4. # I used a Ubuntu VM (Ubuntu 20.04.3 LTS) and basic text editor (vi) at command line to interactively test
  5. # code snippets and wrap-up with the results below. I started a weekend run batch retrieval of all NIST NVD CVSS
  6. # scores that is still in progress. The ability to iterate forward and test ideas and syntax with a barebones CLI
  7. # approach worked well.
  8. #
  9. # My background includes considerable coding in enterprise and various consult settings with many languages
  10. # and platforms, how I got my start many years ago (pre web). Python and its ecosystem are just amazing
  11. # for even a newbie like me that has occasionally dabbled even without a really good reason to go further
  12. # or work "full stack" projects so far.
  13. #
  14. # I hope this code example helps!
  15. #
  16. # Orlando Stevenson
  17. #
  18. #
  19. import sys
  20. import requests
  21. import json
  22. import time
  23. from bs4 import BeautifulSoup
  24.  
  25. Cvss2id = "Cvss2CalculatorAnchor"
  26. Cvss3id = "Cvss3NistCalculatorAnchor"
  27.  
  28. if len(sys.argv) < 2:
  29. print('Enter File Name (E.g. python3 bulk_cve_lookup.py cve.txt)')
  30. exit()
  31.  
  32.  
  33. with open(sys.argv[1], "r") as cve_file:
  34. lines = cve_file.readlines()
  35.  
  36. cve_list = []
  37.  
  38. for l in lines:
  39. as_list = l.split(", ")
  40. cve_list.append(as_list[0].replace("\n", ""))
  41.  
  42.  
  43.  
  44. print("CVE-ID,","CVSS 3 Base Score,","CVSS 2 Base Score")
  45.  
  46. for CVEs in cve_list:
  47. response = requests.get('https://nvd.nist.gov/vuln/detail/'+str(CVEs))
  48. soup = BeautifulSoup(response.content, 'html.parser')
  49.  
  50. tsC2 = str(soup.find(id=Cvss2id))
  51. tsC3 = str(soup.find(id=Cvss3id))
  52.  
  53.  
  54. if len(tsC2) > 10:
  55. fsC2 = tsC2.split(Cvss2id,1)[1]
  56. VsC2 = fsC2[2:fsC2.find(" ")]
  57. else:
  58. VsC2 = ""
  59.  
  60. if len(tsC3) > 10:
  61. fsC3 = tsC3.split(Cvss3id,1)[1]
  62. VsC3 = fsC3[2:fsC3.find(" ")]
  63. else:
  64. VsC3 = ""
  65.  
  66. print(CVEs,",",VsC3,",",VsC2)
RAW Paste Data