We help IT Professionals succeed at work.

CVE score: Docker, Powershell ...

janhoedt
janhoedt asked
on
Hi,

Please see https://www.experts-exchange.com/questions/29170630/Powershell-get-cve-score-specific-soft-version-via-cve-api.html

I could also use Docker to run on my Windows 2016 labserver and install the  CVE stuff on it: https://github.com/cve-search/cve-search

Just wonder: howto do this? When it is there, how can I scan for a CVE score, f.e. Firefox 60.1, what is its CVE score (preferrably Powershell based (run a ssh session or other options?)?

J
Comment
Watch Question

David FavorFractional CTO
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Docker is a lightweight container system.

If you're trying to run Windows, likely LXD + VirtualBox + Windows will be a better fit.

To do a CVE scan, you'll follow the installation + scanning process described on the GitHub URL you provided.

Keep in mind...

Windows != Linux

This means you'll likely have to jump through some hoops to either install the CVE scanner on Windows or create/export a filesystem from your Windows install your Linux Distro can understand.
David FavorFractional CTO
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Scanning the cve-search page... fastest approach to getting your CVE scanning working will be to do a Windows install using a filesystem Linux can understand.

Author

Commented:

Thanks a lot, but I wonder what new info you provided.

I know Docker, why would I install Linux when there are Docker images for cve.

Linux is not Windows, that s correct.

Follow the link I provided. Ok.

But nowhere I find a way to find a cve score for a version of a software f.e. Mozilla Firefox 61, like I mentioned.


" fastest approach to getting your CVE scanning working will be to do a Windows install using a filesystem Linux can understand."


There you totally lost me. A Windows install what Linux understands. Ehm, to do.what exactly? No. You lost me.


btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:

For Windows 2016 to run Docker apps, it will need at least Docker Engine - Enterprise. There steps for installing it using OneGet PowerShell Module that was shipped in Windows 10 and 2016.

https://docs.docker.com/ee/docker-ee/windows/docker-ee/

https://github.com/oneget/oneget


With the installed Docker engine, we need to pull the cve-search image down and then run it. I saw there is ready package Dockerfile though it may be quite a while back. 

https://hub.docker.com/r/ttimasdf/cve-search/

docker run -d -p 5000:5000 --name cve ttimasdf/cve-search:withdb
  • The database will be downloaded when the container is first launched, this can take some time.
  • You can then run, for example docker exec -it [CONTAINER] search.py -f nagios -n or other scripts provided by cve-search to interact with the database.
  • Use docker exec -it [CONTAINER] cvedb -u to update the database.
  • Most importantly, you can use the WEB INTERFACE at port 5000 (or whatever you exposed)


Thereafter, the cve-search usage will then follow the example in   https://github.com/cve-search/cve-search


Author

Commented:

Thanks. Looking good. But again: how can I get a version, f.e. Firefox 61 out of it using Powershell.

Don t see an option to get a version and don't see howto get it via Powershell.

If I cannot automate it via Powershell, it's pretty useless to me ( I d need to map existing software in sccm to its cve score ).

Then I might as well browse to cve site and search it by hand (which I won't because it would be a day job keeping that up to date).

btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:

Understand. Since you are not into scripting, as automate the HTTP get thru Powershell will take efforts, professional services is required. What looks more easier for you to use Python. 

https://github.com/barnumbirr/ares/blob/master/README.md


Anyway, either you go online, which you can also automate , or go for the NVD tool with ready PS to use. 

https://github.com/nicbrink/NVD_Tools/find/master?q=

Author

Commented:

Since you are not into scripting

>What makes you think that?

The title of my question contains Powershell, that s scripting. I do want to automate everything via Powershell, that s the whole idea.

Author

Commented:

I m just missing the link here: I have my cve db in a Docker. Great, how do I query this via Powershell so I can match the sccm applications to cve score?

btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:

Powershell has web calls similar to curl.. which is to make http queries. So if the docker presents as the web services as I shared in the docker example, then it will make it possible to query it via the port exposed. 

Author

Commented:

That makes so sense. Why install a local db then? Then you might as well crawl the public site. Which is what I don't want to do since, besides it is slow, you have to build up logic depending on the way they format the site. If it is redesigned, it won't work anymore.

Author

Commented:

This would make sense: https://stackoverflow.com/questions/25530172/powershell-querying-mongodb

btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:

Sure you can query direct to the db which is faster, and what I suggested is more to use its exposed interfaces . Extracted in cve search


The web interface is a minimal interface to see the last CVE entries and query a specific CVE. You'll need flask in order to run the website and Flask-PyMongo. To start the web interface:

cd ./web ./index.py 

Then you can connect on http://127.0.0.1:5000/ to browser the last CVE.

Author

Commented:
My question from the start is to query via Powershell, why you go for html again and again?
I m not interested to browse to an html page. I need to automate cve search, why would I want to browse??
Exec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:

I went to look at the DB translation layer using pymongoDB for cvedb and likely its format is along the below


def updateCVE(cve):   colCVE.update(

{"id": cve['id']}, 

{"$set": {"cvss": cve['cvss'], "summary": cve['summary'], "references": cve['references'], "impact": cve['impact'],      "vulnerable_product": cve["vulnerable_product"], "access": cve['access'], "cwe": cve['cwe'], "vulnerable_configuration": cve['vulnerable_configuration'],"vulnerable_configuration_cpe_2_2": cve['vulnerable_configuration_cpe_2_2'], 'last-modified': cve['Modified']}})


PS codes would probably be along such query for the "vulnerable_product"



Author

Commented:
Still no final solution, but I gave up.