OSUM is a web-based application that assists users in identifying known software vulnerabilities. It leverages the Common Vulnerabilities and Exposures (CVE) database to provide a comprehensive list of known vulnerabilities for specified software.
- Accepts software names and provides relevant Common Platform Enumeration (CPE) values using the
nvdlib
library. - Sends requests to the services.nvd.nist.gov API for up-to-date data about CVEs and CPEs.
- Displays known vulnerabilities in a table, including the CVE ID, vulnerability type, and CVSS Rating.
- Allows vulnerabilities to be sorted by risk rating or release date.
- Provides vulnerability type suggestions directly from their descriptions (
dropdownOptions.js
can be updated to add more options and aliases). - The implemented "append" option allows multiple software to be displayed in the same table.
- Maintains a searchable history for easy reference (uses LocalStorage).
To start using the OSUM tool, clone the repository and install the necessary dependencies using the following commands:
git clone https://github.com/vycioha/OSUM.git
cd OSUM
pip install -r requirements.txt
Then, you can start the application by running the run.py
script:
>python run.py
___ ____ _ _ __ __ ___
/ _ \ / ___| | | | || \/ ||__ \
| | | |\___ \ | | | || |\/| | / /
| |_| | ___) || |_| || | | | |_|
\___/ |____/ \___/ |_| |_| (_)
* Serving Flask app 'run'
* Debug mode: off
* Running on http://127.0.0.1:5000
INFO: Press CTRL+C to quit
- Open your browser and navigate to
127.0.0.1:5000
(works best on Firefox and Chrome). - Input the name of the software into the provided field.
- Click the "Search" button.
- From the dropdown list of CPEs, select the one that matches your software.
- Specify the number of CVEs you wish to retrieve.
- Click the "Generate a table" button to view the list of known vulnerabilities.
- Explore the other options as you need.