Giters

ilcapone / net.security

Security R package with a set of utils to analyse the different industry standards, e.g. CVE, CWE, CPE, CAPEC etc

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Alt text

Project Status: WIP - Initial development is in progress, but there has not yet been a stable, usable release suitable for the public. Build Status Coverage Status

Package for Data Driven Security purposes.

Install

From R console just type:
devtools::install_github(repo = "r-net-tools/net.security")

If you want to test future features, just add branch as parameter:
devtools::install_github(repo = "r-net-tools/net.security", ref = "devel")

Usage

Load package using library("net.security") then you can access directly to security standards data frames. It also includes an API server mapping data driven security functions defined in ddsecurity.R

Security Standards

CVE

Reference: http://cve.mitre.org/about/faqs.html
Raw Data:

Update dataset: UpdateDataSets(path = "data", stnd = "v")
Data Frame: View(cves)
API: /cveinfo/<cve-code>

CWE

Reference: http://cwe.mitre.org/data/index.html#documentation
Raw Data: https://cwe.mitre.org/data
Update dataset: UpdateDataSets(path = "data", stnd = "w")
Data Frame: View(cwes)
API: /cweinfo/<cwe-code>

CAPEC

Reference: https://capec.mitre.org/data/index.html
Reference: https://capec.mitre.org/data/xsd/ap_schema_v2.7.1.xsd
Raw Data: https://capec.mitre.org/data/xml/capec_v2.8.xml
Update dataset: UpdateDataSets(path = "data", stnd = "a")
Data Frame: View(capec$views) or View(capec$categories) or View(capec$attacks)
API: /capec/view/<number>
API: /capec/category/<number>
API: /capec/attack/<number>

CPE

Reference: https://nvd.nist.gov/cpe.cfm
Reference: http://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf
Raw Data: http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz
Update dataset: UpdateDataSets(path = "data", stnd = "p")
Data Frame: View(cpes)
API: /cpe?name="<character>"

OVAL

Reference: https://oval.cisecurity.org/
Raw Data: https://oval.cisecurity.org/repository/download/5.11.1/all/oval.xml
Update dataset: UpdateDataSets(path = "data", stnd = "o")
Data Frame: View(oval)

API

Start Server

Ensure that Rscript is in your PATH. Open system command line, go to this package and run the api.R script.

net.security$ Rscript api.R
Starting server to listen on port 8000

Examples

CVE

http://127.0.0.1:8000/cveinfo/CVE-2010-2012

Alt text

CWE

http://127.0.0.1:8000/cweinfo/CWE-200

Alt text

CPE

http://localhost:8000/cpe?name="winamp 5.6"

Alt text

CAPEC View

http://127.0.0.1:8000/capec/view/1000

Alt text

CAPEC Category

http://127.0.0.1:8000/capec/category/100

Alt text

CAPEC Attack

http://127.0.0.1:8000/capec/attack/256

Alt text

About

Security R package with a set of utils to analyse the different industry standards, e.g. CVE, CWE, CPE, CAPEC etc

License:GNU Lesser General Public License v3.0

Languages

Language:R 100.0%