asked on
CVE score: Docker, Powershell ...
Please see https://www.experts-exchange.com/questions/29170630/Powershell-get-cve-score-specific-soft-version-via-cve-api.html
I could also use Docker to run on my Windows 2016 labserver and install the CVE stuff on it: https://github.com/cve-search/cve-search
Just wonder: howto do this? When it is there, how can I scan for a CVE score, f.e. Firefox 60.1, what is its CVE score (preferrably Powershell based (run a ssh session or other options?)?
J
ASKER
Thanks a lot, but I wonder what new info you provided.
I know Docker, why would I install Linux when there are Docker images for cve.
Linux is not Windows, that s correct.
Follow the link I provided. Ok.
But nowhere I find a way to find a cve score for a version of a software f.e. Mozilla Firefox 61, like I mentioned.
" fastest approach to getting your CVE scanning working will be to do a Windows install using a filesystem Linux can understand."
There you totally lost me. A Windows install what Linux understands. Ehm, to do.what exactly? No. You lost me.
For Windows 2016 to run Docker apps, it will need at least Docker Engine - Enterprise. There steps for installing it using OneGet PowerShell Module that was shipped in Windows 10 and 2016.
https://docs.docker.com/ee/docker-ee/windows/docker-ee/
https://github.com/oneget/oneget
With the installed Docker engine, we need to pull the cve-search image down and then run it. I saw there is ready package Dockerfile though it may be quite a while back.
https://hub.docker.com/r/ttimasdf/cve-search/
docker run -d -p 5000:5000 --name cve ttimasdf/cve-search:withdb
- The database will be downloaded when the container is first launched, this can take some time.
- You can then run, for example
docker exec -it [CONTAINER] search.py -f nagios -nor other scripts provided by cve-search to interact with the database.- Use
docker exec -it [CONTAINER] cvedb -uto update the database.- Most importantly, you can use the WEB INTERFACE at port 5000 (or whatever you exposed)
Thereafter, the cve-search usage will then follow the example in https://github.com/cve-search/cve-search
ASKER
Thanks. Looking good. But again: how can I get a version, f.e. Firefox 61 out of it using Powershell.
Don t see an option to get a version and don't see howto get it via Powershell.
If I cannot automate it via Powershell, it's pretty useless to me ( I d need to map existing software in sccm to its cve score ).
Then I might as well browse to cve site and search it by hand (which I won't because it would be a day job keeping that up to date).
Understand. Since you are not into scripting, as automate the HTTP get thru Powershell will take efforts, professional services is required. What looks more easier for you to use Python.
https://github.com/barnumbirr/ares/blob/master/README.md
Anyway, either you go online, which you can also automate , or go for the NVD tool with ready PS to use.
ASKER
Since you are not into scripting
>What makes you think that?
The title of my question contains Powershell, that s scripting. I do want to automate everything via Powershell, that s the whole idea.
ASKER
I m just missing the link here: I have my cve db in a Docker. Great, how do I query this via Powershell so I can match the sccm applications to cve score?
Powershell has web calls similar to curl.. which is to make http queries. So if the docker presents as the web services as I shared in the docker example, then it will make it possible to query it via the port exposed.
ASKER
That makes so sense. Why install a local db then? Then you might as well crawl the public site. Which is what I don't want to do since, besides it is slow, you have to build up logic depending on the way they format the site. If it is redesigned, it won't work anymore.
ASKER
This would make sense: https://stackoverflow.com/questions/25530172/powershell-querying-mongodb
Sure you can query direct to the db which is faster, and what I suggested is more to use its exposed interfaces . Extracted in cve search
The web interface is a minimal interface to see the last CVE entries and query a specific CVE. You'll need flask in order to run the website and Flask-PyMongo. To start the web interface:
cd ./web ./index.py Then you can connect on http://127.0.0.1:5000/ to browser the last CVE.
ASKER
I m not interested to browse to an html page. I need to automate cve search, why would I want to browse??
ASKER
If you're trying to run Windows, likely LXD + VirtualBox + Windows will be a better fit.
To do a CVE scan, you'll follow the installation + scanning process described on the GitHub URL you provided.
Keep in mind...
Windows != Linux
This means you'll likely have to jump through some hoops to either install the CVE scanner on Windows or create/export a filesystem from your Windows install your Linux Distro can understand.