Repository files navigation

DISCONTINUED: Since October 16th, 2019, the NVD discontinued support for XML Data Feeds. You canread more here. There are JSON data feeds available that are going to be discontinued by the end of 2023. They recommend to use their API instead.

Pipe-able parser from XML to JSON of the nvdcve list.

First, install it with:

go get github.com/ghostbar/nvdcve2json

Or just go to thereleasespage and download the binary for your system.

Then, just run it like:

$GOPATH/bin/nvdcve2json < nvdcve-2.0-2016.xmlcurl https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Recent.xml.gz | \  gunzip - | $GOPATH/bin/nvdcve2json$GOPATH/bin/nvdcve2json --input nvdcve-2.0-2016.xml$GOPATH/bin/nvdcve2json --input nvdcve-2.0-2016.xml > nvdcve-2.0-2016.json

More help can be found on$GOPATH/bin/nvdcve2json --help.

You can use the flag--filter sincev1.0.0 to just get the CVEs you want,like:"cpe:/o:apple:mac_os_x", thennvdcve2json will use the logical testson thevulnerable-configuration field to determine if thatcpe stringmatches any of the CVEs and will print out just that.

Protip: you can send multiple--filter, like:

curl https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Recent.xml.gz | \  gunzip - | $GOPATH/bin/nvdcve2json --filter "cpe:/o:apple:mac_os_x"  --filter "cpe:/o:microsoft:windows" > cves-for-mac-n-windows.json

© Jose-Luis Rivas<me@ghostbar.co>.

This software is licensed under the MIT terms, a copy of the license can befound in theLICENSE file in this repository.