CveMate is a tool designed to replicate and maintain a comprehensive database of all CVE (Common Vulnerabilities and Exposures) entries, enhanced with additional information from a variety of security-related sources, into a local MongoDB database.
CveMate currently utilizes the following sources for vulnerability data:
| Source | Description | Format |
|---|---|---|
| NVD | Fetches CVE data from the National Vulnerability Database. Using NVD Rest API v2.0. | NVD_CVE 2.0 |
| CVE.org | Fetches CVE data from CVE.org. Using CVE JSON 5.0 format. | CVE_RECORD 5.0 |
| CWE | Common Weakness Enumeration (CWE™) is a list of software and hardware weaknesses. 🆘 Improvement needed to capture full details. Help is welcome :) |
CWE v4.13 |
| Exploit-DB | Database of vulnerabilities and exploits. | exploit-db |
| Metasploit | The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection. | Metasploit-framework |
| EPSS | Estimate of the probability of exploitation. | EPSS |
| Debian Security-tracker | Bug database maintained by Debian's security team. | Debian Security Bug Tracker |
Plans are underway to further enrich the database by integrating additional sources such as the GitHub Advisory Database.
Any suggestion ?
Before you begin, ensure your environment is set up. There are two options to configure CveMate:
For a quick setup, you can configure the database connection using environment variables. Set the following environment variables as per your MongoDB setup:
- MONGODB_HOST: MongoDB host (default: value from configuration.ini)
- MONGODB_PORT: MongoDB port (default: value from configuration.ini)
- MONGODB_DB: MongoDB database name (default: value from configuration.ini)
- MONGODB_USERNAME: MongoDB username (default: value from configuration.ini)
- MONGODB_PASSWORD: MongoDB password (default: value from configuration.ini)
- MONGODB_AUTHDB: MongoDB authentication database (default: value from configuration.ini)
- MONGODB_PREFIX: MongoDB collection prefix (default: value from configuration.ini)
This method allows you to quickly set up only the database connection without the need to modify the configuration.ini file.
For a more comprehensive setup, including additional configuration options beyond the database:
Create a Configuration File Copy and edit the configuration.ini file with your MongoDB details and any other configurations for CveMate:
cp configuration.ini.template configuration.ini
This method provides more configuration options than the quick setup.
Install Dependencies Install required Python packages for CveMate:
pip3 install -r requirements.txt
Choose the option that best suits your setup needs. Option 1 is recommended for a simpler, database-only setup, while Option 2 is preferable for more comprehensive configuration requirements.
To initialize CveMate and create a local copy of the NVD CVE list, run:
python3 main.py --initThis process may vary in duration based on your internet connection and data size.
Keep your data up-to-date with scheduled updates. Set up a cron job as follows:
Edit your crontab file:
crontab -e
Add a line to run the update command regularly, e.g., daily at 3 AM:
0 3 * * * /path/to/python3 /path/to/main.py --update
We welcome contributions! If you have ideas or want to add new features.