API tools faq
paste
OrlandoDC

How to retrieve CVSS Scores with Bulk CVE Lookup in NIST NVD via Python

OrlandoDC
Jan 15th, 2022 (edited)
538
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.08 KB | None | 0 0
raw download clone embed print report
  1. # Inspiration: https://thecyberbyte.com/nist-bulk-cve-lookup-for-cvss-with-python/
  2. # This source: https://pastebin.com/edit/GPRkbrut
  3. #
  4. # I used a Ubuntu VM (Ubuntu 20.04.3 LTS) and basic text editor (vi) at command line to interactively test
  5. # code snippets and wrap-up with the results below. I started a weekend run batch retrieval of all NIST NVD CVSS
  6. # scores that took over 24 hours to complete, required restarting once with a trimmed up CVE list to complete
  7. # the approx. 20 percent remaining. (perhaps due to NIST website protections with session limit, disconnect).
  8. #
  9. # The ability to iterate forward and test ideas and syntax with a barebones CLI approach worked well.
  10. #
  11. # Python and its ecosystem are just amazing for my occasional dabbling even without a really good reason to go further
  12. # or work "full stack" projects so far.
  13. #
  14. # I hope this code example helps!
  15. #
  16. # Orlando Stevenson
  17. # https://www.linkedin.com/in/orlandostevenson/
  18. #
  19. import sys
  20. import requests
  21. import json
  22. import time
  23. from bs4 import BeautifulSoup
  24.  
  25. Cvss2id = "Cvss2CalculatorAnchor"
  26. Cvss3id = "Cvss3NistCalculatorAnchor"
  27.  
  28. if len(sys.argv) < 2:
  29. print('Enter File Name (E.g. python3 bulk_cve_lookup.py cve.txt)')
  30. exit()
  31.  
  32.  
  33. with open(sys.argv[1], "r") as cve_file:
  34. lines = cve_file.readlines()
  35.  
  36. cve_list = []
  37.  
  38. for l in lines:
  39. as_list = l.split(", ")
  40. cve_list.append(as_list[0].replace("\n", ""))
  41.  
  42.  
  43.  
  44. print("CVE-ID,","CVSS 3 Base Score,","CVSS 2 Base Score")
  45.  
  46. for CVEs in cve_list:
  47. response = requests.get('https://nvd.nist.gov/vuln/detail/'+str(CVEs))
  48. soup = BeautifulSoup(response.content, 'html.parser')
  49.  
  50. tsC2 = str(soup.find(id=Cvss2id))
  51. tsC3 = str(soup.find(id=Cvss3id))
  52.  
  53.  
  54. if len(tsC2) > 10:
  55. fsC2 = tsC2.split(Cvss2id,1)[1]
  56. VsC2 = fsC2[2:fsC2.find(" ")]
  57. else:
  58. VsC2 = ""
  59.  
  60. if len(tsC3) > 10:
  61. fsC3 = tsC3.split(Cvss3id,1)[1]
  62. VsC3 = fsC3[2:fsC3.find(" ")]
  63. else:
  64. VsC3 = ""
  65.  
  66. print(CVEs,",",VsC3,",",VsC2)
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!