CPE¶
Search CPE¶
Searching for CPEs is similar to searching for CVEs albeit less parameters. CPE match strings are allowed, meaning if partial strings are known, you can search for all possible CPE names. Like searching CVEs, the parameters are not positional.
Note
Due to rate limiting restrictions by NVD, a request will take 6 seconds with no API key. Requests with an API key have the ability to define a delay argument. The delay argument must be a integer/float greater than 0.6 (seconds).
Get a NIST NVD API key here (free): https://nvd.nist.gov/developers/request-an-api-key
Here is an example of a CPE search with a keyword and a limit of 2 results then iterate through said CPE names.
import nvdlib
r = nvdlib.searchCPE(keywordSearch = 'Microsoft Exchange', limit = 2)
for eachCPE in r:
print(eachCPE.cpeName)
'cpe:2.3:a:ca:unicenter_management_microsoft_exchange:-:*:*:*:*:*:*:*'
'cpe:2.3:a:microsoft:exchange_instant_messenger:-:*:*:*:*:*:*:*''
- class nvdlib.classes.CPE(response)[source]¶
JSON dump class for CPEs
- Variables:
deprecated (bool) – Indicates whether CPE has been deprecated
cpeName – CPE URI name
cpeNameId (str) – CPE UUID
lastModifiedDate – CPE modification date
created (str) – CPE creation date
titles – List of available titles for the CPE
deprecatedBy – If deprecated=true, one or more CPE that replace this one
vulnerabilities (list) – Optional vulnerabilities associated with this CPE. Must use ‘cves = true’ argument in searchCPE.
In addition to searchCPE there is also searchCPE_V2. This function uses the same parameters as searchCPE except creates a generator. This is useful if the search performed consumes a lot of data and there are memory constraints on the system. It will convert the CVE response one object at a time, instead of attempting to convert the entire data set into memory at once. Here is an example using next().
>>> r = nvdlib.searchCPE_V2(keywordSearch='Microsoft Exchange 2010', limit=100)
>>> oneCVE = next(r)
>>> print(oneCVE.cpeName)
CPE Search Examples¶
Filter for a partial cpeMatchString for Microsoft Exchange 2013, return all the vulnerabilities for said matching CPEs, and print their CVE IDs.
Note
The new NVD API version 2 (starting with NVDLib 0.7.0) cannot include CVE names in CPE searches anymore.
r = nvdlib.searchCPE(cpeMatchString='cpe:2.3:a:microsoft:exchange_server:2013:', key='xxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxx', delay=6)
for eachCPE in r:
print(eachCPE.cpeName)
Filter for CPE names modfied between 2019-01-01 and 2021-01-01 with the keyword of PHP.
Note
There is a maximum 120 day range when using date ranges. If searching publication or modified dates, start and end dates are required. A datetime object can also be used instead of a string.
r = nvdlib.searchCPE(lastModStartDate='2020-01-01 00:00', lastModEndDate='2020-02-01 00:00', keywordSearch='PHP')
print(len(r))
1599
Filter for all CPE names modified in the last 30 days using datetime objects.
>>> import datetime
>>> end = datetime.datetime.now()
>>> start = end - datetime.timedelta(days=30)
>>> r = nvdlib.searchCPE(lastModStartDate=start, lastModEndDate=end)
CPE Match Criteria API¶
This will allow you to search for CPE Match Strings that you can then use in CPE searches. When you search using this API, it will return a list of MatchStrings. I hightly recommend playing around with this API to get an understanding of how the responses work.
More information on how to utilize this API can be found on NVD’s API page: https://nvd.nist.gov/developers/products
- class nvdlib.classes.MatchString(response)[source]¶
JSON dump class for CPE match strings
- Variables:
matchCriteriaId (str) – UUID match criteria
criteria (str) – CPE name
lastModifiedDate (str) – Match string modification date
cpeLastModified (str) – CPE modification date
created (str) – CPE creation date
status (str) – CPE active status
matches (list) – CPE Names and IDs within the CPE Dictionary that matches the CPE Match Criteria
CPE Match String Search Examples¶
To obtain the CPE match strings for a single CVE and print the matchCriteriaId for each match.
r = nvdlib.searchCPEmatch(cveId='CVE-2017-0144')
for eachMatchString in r:
print(eachMatchString.matchCriteriaId)
Within each MatchString element in the response there are the CPE names that match. Here is how we can print them.
r = nvdlib.searchCPEmatch(cveId='CVE-2017-0144')
for eachMatchString in r:
for eachCPE in eachMatchString.matches:
print(eachCPE.cpeName)
We can also filter down this result even further using the other arguments for the Match String API. Here is searching for all match strings for the CVE ID CVE-2017-0144, along with only matchStrings that contain cpe:2.3:o:microsoft:windows_server_2012:*.
r = nvdlib.searchCPEmatch(cveId='CVE-2017-0144', matchStringSearch='cpe:2.3:o:microsoft:windows_server_2012:*')
for eachMatchString in r:
for eachCPE in eachMatchString.matches:
print(eachCPE.cpeName)
Not that this search would be very useful in reality, but we can also search for a specific matchCriteriaId on top of the other two filters. This will search for all CPE match strings for the CVE ID CVE-2017-0144, match strings that contain cpe:2.3:o:microsoft:windows_server_2012:*, and that have a matchCriteriaId UUID of ‘AB506484-7F0C-46BF-8EA6-4FB5AF454CED’. Match criteria is a unique UUID to a match string, so searching for them will only yield a single result. Keep in mind nvdlib.searchCPEmatch is still returning a list, so even though there is only one element in the list, you must select element index 0 to access that data of that element.
r = nvdlib.searchCPEmatch(cveId='CVE-2017-0144', matchStringSearch='cpe:2.3:o:microsoft:windows_server_2012:*', matchCriteriaId='AB506484-7F0C-46BF-8EA6-4FB5AF454CED')
print(r[0].matchCriteriaId)
'AB506484-7F0C-46BF-8EA6-4FB5AF454CED'