Take Information in NIST NVD for ICS

This project developed with Python.

When you search in the NIST NVD data, you write a keyword which is explain your research.(https://nvd.nist.gov/vuln/search) After that, you see the vuln ID, description, Published time ,and CVSS severity (Version 2 and Version3) fields.

I use the BeautifulSoup library for taking this fileds. The library parse the htlm codes in web sites for what do you want to take.
I write the results Sqlite database and json format.

I run the project with -w parameter. This parameter is that what dou you want the search in NIST NVD databse.

Screen Shot 2022-01-03 at 15 13 21

You can see the research results in the json and database files.

Screen Shot 2022-01-03 at 15 13 41

Screen Shot 2022-01-03 at 15 14 41

You can see the NVD result numbers are same with my results.

Screen Shot 2022-01-03 at 15 16 17

You can use this project in blue team opportunities. For example, you want to monitor which products have vulnerabilities. When the product has a new vulnerability, you will see this problem and take a solution.

I used this results for ICS Security. I developed this project at the National Testbed Center for Critical Infrastructures – CENTER SAU (https://center.sakarya.edu.tr). I developed another project called Asset Management in ICS Systems in there. I got ip addresses, mac addresses, vendor names, protocols, version numbers to identify ICS products. I used the vendor name keywords to submit to NVD databases. You can see “Siemens S7-1200” keyword results for monitoring in ELK Stack. If the product has a new CVE or vulnerability, I can monitor in the ELK Stack.

image

GitHub

View Github