Sources

Sources

Sources are the components that detect the vulnerabilities and report them to the Vulnerability Database.

Currently the Vulnerability Database only receives vulnerability reports from Vulcan, so all current sources are related to Vulcan checks. It’s important to note also that for Vulcan, each check execution represents a source.

For example, for Vulcan we could have this source:

{"id":"0913823b-f45b-4f4d-8264-89a2e4ec509a","name":"vulcan","component":"vulcan-wpscan","instance":"b144d927-8bda-469e-9757-ed18604b8bf4","options":"{}","time":"2019-11-08T08:09:29Z","target_id":"a5f4e561-6b93-4730-be9b-128a1207056a"}

Where:

  • id is the UUID assigned to this source in the Vulnerability DB.
  • name is the name of the source family that reported the vulnerability, in this case Vulcan scanner. In the future, another option could be red-team, for the vulnerabilities reported by our colleagues from the security team.
  • component specifies the check type. E.g.: vulcan-wp-scan.
  • instance specifies the UUID assigned by Vulcan to the unique execution of the check at one point in time.
  • options specifies the options set for the execution of that check.
  • target_id is the ID of the target against which the check was executed.

Querying the API for Sources

The Vulnerability Database API provides different methods to query information about the sources currently present in the system.

List Sources

List sources endpoint allows to query all the sources currently present in the Vulnerability Database.

curl -H "Content-Type: application/json" \
"https://vulnerabilitydb.example.com/sources"

Get Source

The Get Source endpoint allows to query information related with a particular source, specifying its ID.

curl -H "Content-Type: application/json" \
"https://vulnerabilitydb.example.com/sources/0769d177-f836-40e1-8754-6b41f00651f5"

List Findings by Source

Sometimes we might want to know which findings have been reported by a specific source. The List Findings by Source endpoint allows us to do just that, specifying the source ID for which we want to list its findings. Because we are querying for findings, we can set status querystring param to filter only the ones that are currently OPEN or FIXED.

curl -H "Content-Type: application/json" \
"https://vulnerabilitydb.example.com/sources/0913823b-f45b-4f4d-8264-89a2e4ec509a/findings?status=OPEN"

Source MTTR

MTTR stands for Mean Time To Remediate, and is the average time that elapses since the vulnerability is found until it is fixed. This endpoint allows to query that average time specifically for the findings that have been reported by one particular source.

It’s important to note that, for this case, the MTTR is not calculated only for the findings reported by the single source instance for the specified ID, but for its whole family (name + component + options)

For example, we can query the MTTR for all the findings reported by the vulcan-wpscan check configured with no options:

curl -H "Content-Type: application/json" \
"https://vulnerabilitydb.example.com/sources/0913823b-f45b-4f4d-8264-89a2e4ec509a/mttr"