Short and simple PHP script that relays new CVE IDs seen on @cvenew to a list of email recepients.

When run, cve-monitor will:

• Fetch @cvenew stream using Twitter API
• For each new tweet it will
  • Extract CVE ID from the tweet
  • Retrieve the page from cve.mitre.org to get full description
  • Format and send out the email
• Remember the last tweet processed so to request only newer ones on the next run

All activity recorded in a log file and reported the stdout if running from a terminal.

• PHP 5.6 and up, CLI version.
• TwitterOAauth
• Consumer API keys from Twitter. This requires opening a dev account and creating an "app" there. Very easy to do.

Tested on Linux/Debian distro only. Patches for other platforms are welcome.

First, clone this and TwitterOAauth repos.

Next, open cve-monitor.php and adjust the config variables as follows:

• Change RECEPIENTS to the email that will receive CVE updates. You can specify multiple recepients like so:

    const RECEPIENTS = [ 'first@acmecorp.com', 'second@acmecorp.com', 'third@acmecorp.com' ];
  

• Change EMAIL_ALERT to the email address that will get pinged with any problems.

• Change EMAIL_FROM to what should be used for From: in these emails.

Next,

• INI_FILE stores just the ID of the last processed tweet. Change its location if needed.
• LOG_FILE by default sits in /var/log/ so make sure the script is run under an account that can write there.

Next,

• TWITTER_OAUTH_PHP should point at oauth.php from the TwitterOAuth repo.
• TWITTER_API_... should be set to "Consumer API keys" from "Keys and tokens" section of your Twitter app.

Finally,

• Stick it into your crontab with php /path/to/cvemon.php and set it to run every hour.
• Configure rotation for the log file if that's your thing.

That's it.

If you want just the emails, there's a hosted version of the script that I originally set up for our own needs, but later reworked a bit and opened up to everyone - https://iobureau.com/cve-monitor

BSD, 2-clause

Alex Pankratov, https://swapped.ch