Drop #119 (2022-10-14): CVEs; URLs; CLIs
Drop #119 (2022-10-14): CVEs; URLs; CLIs
nvdtools; pup; Collection of Awesome Command Lines
We've been prepping for a road-trip to see #2.1, so no "weekend project" edition today, just three resources that may be useful some day. Look for the Knowledge Drop on Sunday (I mentioned it in yesterday's edition).
nvdtools
I tend to over-compensate in the opposite direction of "cybersecurity" when choosing items for these drops, partly out of fear of having this appear to be yet-another-infosec resource. But, some tools save me time regularly, and nvdtools — which is a collection of Golang-based programs that work with the U.S. with National Vulnerability Database feeds — is one suite that deserves a mention.
Rather than cover all the toolbox components, I'd like to give a single shout out to nvdsync, a tool that synchronizes NVD data feeds to a local directory. You tell it which type (JSON/XML) and schema version you want, and it hits up NVD's site, compares file hashes, and syncs changed feeds superfast.
This is what runs in my crontab:
nvdsync -cve_feed cve-1.1.json.gz /data/feeds/nvd/jsonThe other tools are just as focused and solid, so if they aren't in your cyber data toolbox, they really should be.
pup
There are so many "pull HTML from the internet and dissect it" tools that it's hard to separate the good from the meh. I find myself increasingly using curl-impersonate (covered previously) and pup when I want to quickly slurp up something I've seen on a website and want to use immediately.
Pup works with CSS Selectors, and support some of the fancier pseudo classes, so you can, say, yank nodes based on content, just like XPath.
Here it is in action:
$ curl_chrome100 --silent https://text.npr.org/ | pup 'li > a.topic-title json{}'
[
{
"class": "topic-title",
"href": "/1128832571",
"tag": "a",
"text": "It\u0026#39;s almost impossible to find a CEO who isn\u0026#39;t bracing for a recession"
},
{
"class": "topic-title",
"href": "/1125333531",
"tag": "a",
"text": "The Jan. 6 Committee has voted to subpoena Trump. Here\u0026#39;s what else happened"
},
{
"class": "topic-title",
"href": "/1124371309",
"tag": "a",
"text": "Busting 5 common myths about water and hydration"
},
...You can also have plaintext output, colorful output, and choose indent levels. Plus, it works on HTML fragments, stdin, and local files just as well as URLs.
Collection of Awesome Command Lines
I'm sneaking in one more cyber-related resource today, since I've been migrating data from an old (old) SSD to a new SSD and being a bit picky about what I keep and what I throw away. As I've progressed through this clean up exercise, I came across an older, but no less useful PDF poster from SANS. It's a combination cheat sheet/mind-map/cookbook that has helpful hints for how to perform various tasks (not all are “cyber”) on macOS, Windows, and Linux systems, plus contains links to other resources.
The mind-map is also available online in standalone form.
Remember, it's a SANS resource, so there's a fair amount of "cyber" in it, along with the usual SANS navel-gazing.
FIN
Thanks for reading this week! Catch you Sunday for the special Knowledge Drop! ☮