Avatar of janhoedt
janhoedt
 asked on

CVE score: Docker, Powershell ...

Hi,

Please see https://www.experts-exchange.com/questions/29170630/Powershell-get-cve-score-specific-soft-version-via-cve-api.html

I could also use Docker to run on my Windows 2016 labserver and install the  CVE stuff on it: https://github.com/cve-search/cve-search

Just wonder: howto do this? When it is there, how can I scan for a CVE score, f.e. Firefox 60.1, what is its CVE score (preferrably Powershell based (run a ssh session or other options?)?

J
PowershellDockerSecurity

Avatar of undefined
Last Comment
janhoedt

8/22/2022 - Mon
David Favor

Docker is a lightweight container system.

If you're trying to run Windows, likely LXD + VirtualBox + Windows will be a better fit.

To do a CVE scan, you'll follow the installation + scanning process described on the GitHub URL you provided.

Keep in mind...

Windows != Linux

This means you'll likely have to jump through some hoops to either install the CVE scanner on Windows or create/export a filesystem from your Windows install your Linux Distro can understand.
David Favor

Scanning the cve-search page... fastest approach to getting your CVE scanning working will be to do a Windows install using a filesystem Linux can understand.
janhoedt

ASKER

Thanks a lot, but I wonder what new info you provided.

I know Docker, why would I install Linux when there are Docker images for cve.

Linux is not Windows, that s correct.

Follow the link I provided. Ok.

But nowhere I find a way to find a cve score for a version of a software f.e. Mozilla Firefox 61, like I mentioned.


" fastest approach to getting your CVE scanning working will be to do a Windows install using a filesystem Linux can understand."


There you totally lost me. A Windows install what Linux understands. Ehm, to do.what exactly? No. You lost me.


I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
btan

For Windows 2016 to run Docker apps, it will need at least Docker Engine - Enterprise. There steps for installing it using OneGet PowerShell Module that was shipped in Windows 10 and 2016.

https://docs.docker.com/ee/docker-ee/windows/docker-ee/

https://github.com/oneget/oneget


With the installed Docker engine, we need to pull the cve-search image down and then run it. I saw there is ready package Dockerfile though it may be quite a while back. 

https://hub.docker.com/r/ttimasdf/cve-search/

docker run -d -p 5000:5000 --name cve ttimasdf/cve-search:withdb

Open in new window

  • The database will be downloaded when the container is first launched, this can take some time.
  • You can then run, for example docker exec -it [CONTAINER] search.py -f nagios -n or other scripts provided by cve-search to interact with the database.
  • Use docker exec -it [CONTAINER] cvedb -u to update the database.
  • Most importantly, you can use the WEB INTERFACE at port 5000 (or whatever you exposed)


Thereafter, the cve-search usage will then follow the example in  https://github.com/cve-search/cve-search


janhoedt

ASKER

Thanks. Looking good. But again: how can I get a version, f.e. Firefox 61 out of it using Powershell.

Don t see an option to get a version and don't see howto get it via Powershell.

If I cannot automate it via Powershell, it's pretty useless to me ( I d need to map existing software in sccm to its cve score ).

Then I might as well browse to cve site and search it by hand (which I won't because it would be a day job keeping that up to date).

btan

Understand. Since you are not into scripting, as automate the HTTP get thru Powershell will take efforts, professional services is required. What looks more easier for you to use Python. 

https://github.com/barnumbirr/ares/blob/master/README.md


Anyway, either you go online, which you can also automate , or go for the NVD tool with ready PS to use. 

https://github.com/nicbrink/NVD_Tools/find/master?q=

⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
janhoedt

ASKER

Since you are not into scripting

>What makes you think that?

The title of my question contains Powershell, that s scripting. I do want to automate everything via Powershell, that s the whole idea.

janhoedt

ASKER

I m just missing the link here: I have my cve db in a Docker. Great, how do I query this via Powershell so I can match the sccm applications to cve score?

btan

Powershell has web calls similar to curl.. which is to make http queries. So if the docker presents as the web services as I shared in the docker example, then it will make it possible to query it via the port exposed. 

All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
janhoedt

ASKER

That makes so sense. Why install a local db then? Then you might as well crawl the public site. Which is what I don't want to do since, besides it is slow, you have to build up logic depending on the way they format the site. If it is redesigned, it won't work anymore.

janhoedt

ASKER

This would make sense: https://stackoverflow.com/questions/25530172/powershell-querying-mongodb

btan

Sure you can query direct to the db which is faster, and what I suggested is more to use its exposed interfaces . Extracted in cve search


The web interface is a minimal interface to see the last CVE entries and query a specific CVE. You'll need flask in order to run the website and Flask-PyMongo. To start the web interface:

cd ./web ./index.py 

Open in new window

Then you can connect on http://127.0.0.1:5000/ to browser the last CVE.

⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
janhoedt

ASKER
My question from the start is to query via Powershell, why you go for html again and again?
I m not interested to browse to an html page. I need to automate cve search, why would I want to browse??
ASKER CERTIFIED SOLUTION
btan

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
janhoedt

ASKER
Still no final solution, but I gave up.