CVEMap

Features • Installation • Usage • Example • Join Discord

Navigate the Common Vulnerabilities and Exposures (CVE) jungle with ease using CVEMAP, a command-line interface (CLI) tool designed to provide a structured and easily navigable interface to various vulnerability databases.

Features

• CVE Dataset Search & Query
• CVE to EPSS Mapping
• CVE to KEV Mapping
• CVE to CPE Mapping
• CVE to GitHub POCs Mapping
• CVE to Nuclei Template Mapping
• CVE to HackerOne report Mapping
• Customizable Filters on CVE data
• STDIN Input / JSONL Output

Installation

cvemap requires Go 1.21 to install successfully. To install, just run the below command or download pre-compiled binary from release page.

go install github.com/projectdiscovery/cvemap/cmd/cvemap@latest

Usage

cvemap -h

This will display help for the tool. Here are all the switches it supports.

Usage:
  cvemap [flags]

Flags:
CONFIG:
   -auth  configure projectdiscovery cloud (pdcp) api key (default true)

OPTIONS:
   -id string[]                    cve to list for given id
   -cwe, -cwe-id string[]          cve to list for given cwe id
   -v, -vendor string[]            cve to list for given vendor
   -p, -product string[]           cve to list for given product
   -eproduct string[]              cves to exclude based on products
   -s, -severity string[]          cve to list for given severity
   -cs, -cvss-score string[]       cve to list for given cvss score
   -c, -cpe string                 cve to list for given cpe
   -es, -epss-score string         cve to list for given epss score
   -ep, -epss-percentile string[]  cve to list for given epss percentile
   -age string                     cve to list published by given age in days
   -a, -assignee string[]          cve to list for given publisher assignee
   -vs, -vstatus value             cve to list for given vulnerability status in cli output. supported: new, confirmed, unconfirmed, modified, rejected, unknown

UPDATE:
   -up, -update                 update cvemap to latest version
   -duc, -disable-update-check  disable automatic cvemap update check

FILTER:
   -q, -search string  search in cve data
   -k, -kev            display cves marked as exploitable vulnerabilities by cisa (default true)
   -t, -template       display cves that has public nuclei templates (default true)
   -poc                display cves that has public published poc (default true)
   -h1, -hackerone     display cves reported on hackerone (default true)
   -re, -remote        display remotely exploitable cves (AV:N & PR:N | PR:L) (default true)

OUTPUT:
   -f, -field value         fields to display in cli output. supported: product, vendor, assignee, age, poc, cwe, epss, vstatus, kev, template
   -fe, -exclude value      fields to exclude from cli output. supported: product, vendor, assignee, age, poc, cwe, epss, vstatus, kev, template
   -lsi, -list-id           list only the cve ids in the output
   -l, -limit int           limit the number of results to display (default 50)
   -offset int              offset the results to display
   -j, -json                return output in json format
   -epk, -enable-page-keys  enable page keys to navigate results

DEBUG:
   -version            Version
   -silent             Silent
   -verbose            Verbose
   -debug              Debug
   -hc, -health-check  run diagnostic check up

Configuring CVEMap CLI

CVEMap CLI is built on top of the CVEMap API that requires API Token from ProjectDiscovery Cloud Platform that can be configured using environment variable named PDCP_API_KEY or using interactive -auth option as shown below.

Using environment variable

export PDCP_API_KEY=*************

Using auth option

cvemap -auth


   ______   _____  ____ ___  ____  ____
  / ___/ | / / _ \/ __ \__ \/ __ \/ __ \
 / /__ | |/ /  __/ / / / / / /_/ / /_/ /
 \___/ |___/\___/_/ /_/ /_/\__,_/ .___/ 
                               /_/
            

    projectdiscovery.io

[INF] Get your free api key by signing up at https://cloud.projectdiscovery.io
[*] Enter PDCP API Key (exit to abort): *************
[INF] Successfully logged in as (@user)

Running CVEMap

For details about running cvemap, see https://docs.projectdiscovery.io/tools/cvemap/running.

Note

• CVE dataset gets updated in every 6 hours.

References

• National Vulnerability Database (NVD): Comprehensive CVE vulnerability data.
• Known Exploited Vulnerabilities Catalog (KEV): Exploited vulnerabilities catalog.
• Exploit Prediction Scoring System (EPSS): Exploit prediction scores.
• HackerOne: CVE discoveries disclosure.
• Nuclei Templates: Vulnerability validation templates.
• Trickest CVE / PoC-in-GitHub GitHub Repository: Vulnerability PoCs references.