Skip to content

CPE guesser v1.0 released - guess CPE from one or more keyword(s)

Compare
Choose a tag to compare
@adulau adulau released this 19 Oct 16:36
· 26 commits to main since this release
v1.0
This tag was signed with the committer’s verified signature.
adulau Alexandre Dulaunoy
GPG key ID: 09E2CD4944E6CBCD
Verified
Learn about vigilant mode.
80f0542
This commit was signed with the committer’s verified signature.
adulau Alexandre Dulaunoy
GPG key ID: 09E2CD4944E6CBCD
Verified
Learn about vigilant mode.

CPE guesser

CPE guesser is a command-line and web service to guess the CPE name based on one or more keyword(s). Then the result can be used against cve-search to do actual searches by CPE names. The algorithm made by @adulau is described there.

Public online version

cpe-guesser.cve-search.org is public online version of CPE guesser which can be used via a simple API (if you don't want to install this software). The endpoint is /search and the JSON is composed of a query list with the list of keyword(s) to search for.

curl -s -X POST https://cpe-guesser.cve-search.org/search -d "{\"query\": [\"outlook\", \"connector\"]}" | jq .
[
  [
    18117,
    "cpe:2.3:a:microsoft:outlook_connector"
  ],
  [
    60947,
    "cpe:2.3:a:oracle:oracle_communications_unified_communications_suite_connector_for_microsoft_outlook"
  ],
  [
    68306,
    "cpe:2.3:a:oracle:corporate_time_outlook_connector"
  ]
]

What's Changed

  • CPE guessing logic & database access as a class. by @oh2fih in #2
  • Implement the import process fully in Python by @oh2fih in #4
  • Optimization: replace format() with f-strings by @oh2fih in #5
  • chg: [lookup] use positional arguments for WORD(s) by @oh2fih in #6

New Contributors

  • @oh2fih made their first contribution in #2

Full Changelog: https://github.com/cve-search/cpe-guesser/commits/v1.0

Contributors

adulau and oh2fih
Assets 2
Loading