Cvemap from ProjectDiscovery

Introduction

Cvemap is a new tool developed by Project Discovery to deliver a structured and easily navigable interface to Common Vulnerabilities and Exposures (CVEs) within multiple databases.

It takes a comprehensive approach to prioritize CVEs, moving beyond the usual Common Vulnerability Scoring System (CVSS) score. It looks at aspects like how likely a vulnerability can be exploited, critical deadlines, probability assessments, and real-world exploit data.

Cvemap integrates diverse and high-value sources, including the Known Exploited Vulnerabilities Catalog (KEV), Exploit Prediction Scoring System (EPSS), Proofs of Concept (POCs), HackerOne CVE Discovery, and more.

Install

There are different ways of installing Cvemap:

Go to its GitHub page and run:

go install github.com/projectdiscovery/cvemap/cmd/cvemap@latest

Or also using pdtm (ProjectDiscovery’s Open Source Tool Manager)

❯ pdtm -i cvemap


                ____          
     ____  ____/ / /_____ ___ 
    / __ \/ __  / __/ __ __  \
   / /_/ / /_/ / /_/ / / / / /
  / .___/\__,_/\__/_/ /_/ /_/ 
 /_/                         

		projectdiscovery.io

[INF] Current pdtm version v0.0.9 (latest)
[INF] Run `source ~/.zshrc` to add /home/ruben/.pdtm/go/bin to $PATH 
[INF] installing cvemap...
[INF] installed cvemap 0.0.4 (latest)

Before using cvemap, create a ProjectDiscovery Cloud Platform (PDCP) account and obtain an API key. Follow the steps on https://cloud.projectdiscovery.io/ to sign up and retrieve your API key.

❯ cvemap -auth


   ______   _____  ____ ___  ____  ____
  / ___/ | / / _ \/ __ \__ \/ __ \/ __ \
 / /__ | |/ /  __/ / / / / / /_/ / /_/ /
 \___/ |___/\___/_/ /_/ /_/\__,_/ .___/ 
                               /_/
					 

		projectdiscovery.io

[INF] Get your free api key by signing up at https://cloud.projectdiscovery.io
[*] Enter PDCP API Key (exit to abort): 
[INF] Successfully logged in as (@ruben)

Running cvemap

To list the top known exploited vulnerabilities, use the following command:

❯ cvemap --limit 10

Results can also be filtered by different parameters such as: Product, Vendor, Severity, CPE, Assignee, CVSS-Score, EPSS-Score, Age, …and more!

❯ cvemap -product wordpress -l 5 -silent

You can also specify what fields are returned with -field

❯ cvemap -product wordpress -l 5 -field poc -silent

❯ cvemap -product mysql -l 5 -field poc -silent

And also specify ranges of scores.

❯ cvemap -product wordpress -l 5 -field poc -cvss-score '>7' -silent

All return output can be obtained in JSON format with -json.

Using also a specific CVE piped with cvemap -json you can get all the details of that CVE in JSON format.

❯ echo CVE-2022-21661 | cvemap -json


   ______   _____  ____ ___  ____  ____
  / ___/ | / / _ \/ __ \__ \/ __ \/ __ \
 / /__ | |/ /  __/ / / / / / /_/ / /_/ /
 \___/ |___/\___/_/ /_/ /_/\__,_/ .___/ 
                               /_/
					 

		projectdiscovery.io

[INF] Current cvemap version v0.0.4 (latest)
[
  {
    "cve_id": "CVE-2022-21661",
    "cve_description": "WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.",
    "severity": "high",
    "cvss_score": 7.5,
    "cvss_metrics": {
      "cvss2": {
        "score": 5,
        "vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N",
        "severity": "medium"
      },
      "cvss31": {
        "score": 7.5,
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "severity": "high"
      }
    },
    "weaknesses": [
      {
        "cwe_id": "CWE-89",
        "cwe_name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
      }
    ],
    "epss": {
      "epss_score": 0.94068,
      "epss_percentile": 0.98999
    },
    "cpe": {
      "cpe": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
      "vendor": "wordpress",
      "product": "wordpress"
    },
    "reference": [
      "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84",
      "https://lists.debian.org/debian-lts-announce/2022/01/msg00019.html",
      "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4UNEC63UU5GEU47IIR4RMTZAHNEOJG/",
      "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DM6XPH3JN6V4NF4WBOJTOXZIVE6VKKE3/",
      "https://www.debian.org/security/2022/dsa-5039",
      "https://www.zerodayinitiative.com/advisories/ZDI-22-020/",
      "https://github.com/k0mi-tg/CVE-POC",
      "https://github.com/0x4E0x650x6F/Wordpress-cve-CVE-2022-21661",
      "https://github.com/Afetter618/WordPress-PenTest",
      "https://github.com/binganao/vulns-2022"
    ],
    "poc": [
      {
        "url": "http://packetstormsecurity.com/files/165540/WordPress-Core-5.8.2-SQL-Injection.html",
        "source": "NVD",
        "added_at": ""
      },
      {
        "url": "https://www.exploit-db.com/exploits/50663",
        "source": "NVD",
        "added_at": ""
      },
      {
        "url": "https://github.com/p4ncontomat3/CVE-2022-21661",
        "source": "gh-nomi-sec",
        "added_at": "2024-01-04T15:49:00Z"
      },
      {
        "url": "https://github.com/sealldeveloper/CVE-2022-21661-PoC",
        "source": "gh-nomi-sec",
        "added_at": "2023-04-27T00:36:16Z"
      },
      {
        "url": "https://github.com/daniel616/CVE-2022-21661-Demo",
        "source": "gh-nomi-sec",
        "added_at": "2023-02-08T04:58:57Z"
      },
      {
        "url": "https://github.com/WellingtonEspindula/SSI-CVE-2022-21661",
        "source": "gh-nomi-sec",
        "added_at": "2023-01-13T13:31:34Z"
      },
      {
        "url": "https://github.com/APTIRAN/CVE-2022-21661",
        "source": "gh-nomi-sec",
        "added_at": "2022-11-06T20:44:10Z"
      },
      {
        "url": "https://github.com/guestzz/CVE-2022-21661",
        "source": "gh-nomi-sec",
        "added_at": "2022-07-31T11:53:06Z"
      },
      {
        "url": "https://github.com/z92g/CVE-2022-21661",
        "source": "gh-nomi-sec",
        "added_at": "2022-07-28T13:12:51Z"
      },
      {
        "url": "https://github.com/0x4E0x650x6F/Wordpress-cve-CVE-2022-21661",
        "source": "gh-nomi-sec",
        "added_at": "2022-05-28T10:46:48Z"
      }
    ],
    "vendor_advisory": "https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/",
    "patch_url": [
      "https://github.com/WordPress/wordpress-develop/commit/17efac8c8ec64555eff5cf51a3eff81e06317214"
    ],
    "is_template": true,
    "nuclei_templates": {
      "template_path": "http/cves/2022/CVE-2022-21661.yaml",
      "template_url": "https://cloud.projectdiscovery.io/public/CVE-2022-21661",
      "created_at": "2023-03-24T11:34:38-03:00",
      "updated_at": "2024-01-30T06:46:18Z"
    },
    "is_exploited": false,
    "assignee": "security-advisories@github.com",
    "published_at": "2022-01-06T23:15:07.933",
    "updated_at": "2023-11-07T03:43:39.493",
    "hackerone": {
      "rank": 735,
      "count": 5
    },
    "age_in_days": 758,
    "vuln_status": "modified",
    "is_poc": true,
    "is_remote": true,
    "is_oss": true,
    "vulnerable_cpe": [
      "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
      "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
      "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
      "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
      "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
      "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*"
    ],
    "shodan": {
      "count": 1466499,
      "query": [
        "http.component:\"WordPress\""
      ]
    },
    "oss": {
      "all_languages": {
        "CSS": 4931536,
        "HTML": 41958,
        "JavaScript": 5371139,
        "PHP": 18981160,
        "SCSS": 316869
      },
      "description": "WordPress, Git-ified. This repository is just a mirror of the WordPress subversion repository. Please do not send pull requests. Submit pull requests to https://github.com/WordPress/wordpress-develop and patches to https://core.trac.wordpress.org/ instead.",
      "forks": 12591,
      "language": "PHP",
      "stars": 18453,
      "subscribers": 1421,
      "pushed_at": "2024-02-03T14:26:06Z",
      "created_at": "2011-12-01T07:05:17Z",
      "updated_at": "2024-02-04T00:53:01Z",
      "url": "https://github.com/WordPress/WordPress"
    }
  }
]

Help

❯ cvemap --help

Navigate the CVE jungle with ease.

Usage:
  cvemap [flags]

Flags:
CONFIG:
   -auth  configure projectdiscovery cloud (pdcp) api key

OPTIONS:
   -id string[]                    cve to list for given id
   -cwe, -cwe-id string[]          cve to list for given cwe id
   -v, -vendor string[]            cve to list for given vendor
   -p, -product string[]           cve to list for given product
   -eproduct string[]              cves to exclude based on products
   -s, -severity string[]          cve to list for given severity
   -cs, -cvss-score string[]       cve to list for given cvss score
   -c, -cpe string                 cve to list for given cpe
   -es, -epss-score string         cve to list for given epss score
   -ep, -epss-percentile string[]  cve to list for given epss percentile
   -age string                     cve to list published by given age in days
   -a, -assignee string[]          cve to list for given publisher assignee
   -vs, -vstatus value             cve to list for given vulnerability status in cli output. supported: rejected, unknown, new, confirmed, unconfirmed, modified

UPDATE:
   -up, -update                 update cvemap to latest version
   -duc, -disable-update-check  disable automatic cvemap update check

FILTER:
   -q, -search string  search in cve data
   -k, -kev            display cves marked as exploitable vulnerabilities by cisa (default true)
   -t, -template       display cves that has public nuclei templates (default true)
   -poc                display cves that has public published poc (default true)
   -h1, -hackerone     display cves reported on hackerone (default true)
   -re, -remote        display remotely exploitable cves (AV:N & PR:N | PR:L) (default true)

OUTPUT:
   -f, -field value         fields to display in cli output. supported: vstatus, assignee, kev, template, epss, product, vendor, poc, cwe, age
   -fe, -exclude value      fields to exclude from cli output. supported: vstatus, assignee, kev, template, epss, product, vendor, poc, cwe, age
   -lsi, -list-id           list only the cve ids in the output
   -l, -limit int           limit the number of results to display (default 50)
   -offset int              offset the results to display
   -j, -json                return output in json format
   -epk, -enable-page-keys  enable page keys to navigate results

DEBUG:
   -version  Version
   -silent   Silent
   -verbose  Verbose
   -debug    Debug