We offer a fully hosted web version of Vulmatch which includes many additional features over those in this codebase. You can find out more about the web version here.
Vulmatch is a database of CVEs in STIX 2.1 format with a REST API wrapper to access them.
Some common reasons people use Vulmatch include filtering CVEs by;
- CVSS
- EPSS
- CWE classifcation
- ATT&CK classification
- Affected products
- Know expliots
# clone the latest code
git clone https://github.com/muchdogesec/vulmatch
Vulmatch has various settings that are defined in an .env
file.
To create one using the default settings:
cp .env.example .env
For the ARANGODB_DATABASE
, on first run it is best to use an empty database in ArangoDB you've created. You can then add the CVE, CPE, etc. data by running POST request to the API. This will ensure the naming convention of the Collections will be correct.
sudo docker compose build
sudo docker compose up
The webserver (Django) should now be running on: http://127.0.0.1:8005/
You can access the Swagger UI for the API in a browser at: http://127.0.0.1:8005/api/schema/swagger-ui/
Note, this script will not install an ArangoDB instance.
If you're new to ArangoDB, you can install the community edition quickly by following the instructions here.
If you are running ArangoDB locally, be sure to set ARANGODB='http://host.docker.internal:8529/'
in the .env
file otherwise you will run into networking errors.
The webserver is Django.
To create an admin user in Django
sudo docker-compose run django python manage.py createsuperuser
You can access the django admin UI at:
Note, if you intend on using this in production, you should also modify the variables in the .env
file for POSTGRES_DB
, POSTGRES_USER
, POSTGRES_PASS
, DJANGO_SECRET
and DEBUG
(to False
)
To get up and running quickly head to /utilities/README.md
for some scripts that will automate the backfill of data.