National Vulnerability Database (NVD) Query Tool

摘要

Currently, there are no programmatic methods to query the NIST National Vulnerability Database (NVD) without downloading the entire database in XML format, parsing the content, loading the resulting data into a self-hosted database, and then developing an interface for querying the content. This tool takes advantage of the fact that NVD provides an interactive user form for query on the website, and extends it to allow for programmatic queries to generate vulnerability reports. This command line utility queries the NVD by making HTTPS GET requests. The tool queries the local system for software package names and versions in the form of a Common Platform Enumeration (CPE), queries the NVD, and returns a list of Common Vulnerability Enumerations (CVEs) - vulnerabilities associated with the software.