[Announcement] – New vFeed Python Wrapper 0.7.2 available

Posted on June 17, 2017

vFeed IO just released a new python wrapper for its vFeed Vulnerability & Threat database. Few enhancements included to comply with some modifications occur in the way Microsoft is distributing its security updates.

Here is the changelog

Support the new CAPEC (Common Attack Pattern Enumeration and Classification) version 2.10. Now the vFeed db includes newest CAPEC identifies (http://capec.mitre.org/data/reports/diff_reports/v2.9_v2.10.html)

CAPEC-559	Orbital Jamming
CAPEC-582	Route Disabling
CAPEC-583	Disabling Network Hardware
CAPEC-584	BGP Route Disabling
CAPEC-585	DNS Domain Seizure
CAPEC-586	Object Injection
CAPEC-587	Cross Frame Scripting (XFS)
CAPEC-588	DOM-Based XSS
CAPEC-589	DNS Blocking
CAPEC-590	IP Address Blocking
CAPEC-591	Reflected XSS
CAPEC-592	Stored XSS
CAPEC-593	Session Hijacking
CAPEC-599	Terrestrial Jamming

Support the new CWE (Common Weakness Enumeration) version 2.11. The database includes new addition (http://cwe.mitre.org/data/reports/diff_reports/v2.10_v2.11.html)
- CWE-1005 Input Validation and Representation

Align with the new Microsoft Security Update Guidance (https://portal.msrc.microsoft.com/en-us/security-guidance). Now vFeed database includes the newest articles. The method the get_ms was improved to returns both past bulletins/KBs and new advisories. Here is an example:

./vfeedcli.py -m get_ms CVE-2017-0143

[

  {

  “id”: “ms17-010”,

  “kb”: “4013389”,

  “title”: “Security Update for Microsoft Windows SMB Server”,

  “url”: “https://technet.microsoft.com/en-us/library/security/ms17-010“

  },

  {

  “id”: “4013198”,

  “kb”: “4013198”,

  “title”: “Security Update”,

  “url”: “https://support.microsoft.com/help/4013198“

  },

  {

  “id”: “4012217”,

  “kb”: “4012217”,

  “title”: “Monthly Rollup”,

  “url”: “https://support.microsoft.com/help/4012217“

  },

  {

  “id”: “4012214”,

  “kb”: “4012214”,

  “title”: “Security Only”,

  “url”: “https://support.microsoft.com/help/4012214“

  },

  {

  “id”: “4012215”,

  “kb”: “4012215”,

  “title”: “Monthly Rollup”,

  “url”: “https://support.microsoft.com/help/4012215“

  },

  {

  “id”: “4012212”,

  “kb”: “4012212”,

  “title”: “Security Only”,

  “url”: “https://support.microsoft.com/help/4012212“

  },

  {

  “id”: “4012598”,

  “kb”: “4012598”,

  “title”: “Security Update”,

  “url”: “https://support.microsoft.com/help/4012598“

  },

  {

  “id”: “4012213”,

  “kb”: “4012213”,

  “title”: “Security Only”,

  “url”: “https://support.microsoft.com/help/4012213“

  },

  {

  “id”: “4012606”,

  “kb”: “4012606”,

  “title”: “Security Update”,

  “url”: “https://support.microsoft.com/help/4012606“

  },

  {

  “id”: “4012216”,

  “kb”: “4012216”,

  “title”: “Monthly Rollup”,

  “url”: “https://support.microsoft.com/help/4012216“

  },

  {

  “id”: “4013429”,

  “kb”: “4013429”,

  “title”: “Security Update”,

  “url”: “https://support.microsoft.com/help/4013429“

  }

]

The method get_mskb is deprecated. Use get_ms instead. It returns both information whenever it is available
14 new NMAP NSE scripts was added. Whenever they are associated with a CVE, the method get_nmap will return the appropriate information. (http://seclists.org/nmap-announce/2017/3). Example:

./vfeedcli.py -m get_nmap CVE-2017-1001000

[

  {

  “family”: “vuln, safe”,

  “file”: “http-vuln-cve2017-1001000.nse”,

  “url”: “https://nmap.org/nsedoc/scripts/http-vuln-cve2017-1001000.html“

  }

]