What’s inside Vulners.com database and when were security objects updated last time

2017-08-28T20:31:33
ID AVLEONOV:505CE5743AB9DA3BFC1E8727D4E5FE39
Type avleonov
Reporter Alexander Leonov
Modified 2017-08-28T20:31:33

Description

As I already wrote earlier, the main advantage of Vulners.com, in my opinion, is openness. An open system allows you to look under the hood, make sure that everything works fine and ask developers uncomfortable questions why there were no updates for a long time for some types of security objects.

You can do this by using the <https://vulners.com/api/v3/search/stats/> request, that I already mentioned in "Downloading entire Vulners.com database in 5 minutes"

First of all, let's look at the security objects. This will give us an understanding of Vulners.com basis.

Vulners objects

Object | Amount | Procent, %
---|---|---
Packet Storm | 34441 | 4
openbugbounty.org | 112131 | 15
OpenVAS | 54901 | 7
seebug.org | 55596 | 7
NVD CVE | 94218 | 13
0day.today | 25572 | 3
Exploit-DB | 38373 | 5
Hackapp | 23860 | 3
OSVDB | 39560 | 5
Tenable Nessus | 88731 | 12
XSSed | 31160 | 4
Other | 125788 | 17

As you can see, the biggest parts are the National Vulnerability Database and plugin bases of Tenable Nessus and OpenVAS vulnerability scanners. Also, a large role is played by openbugbounty.org.

Vulners supports many relatively small exploit databases. But if we construct a diagram for the object types (families), we will clearly see that the distribution is approximately by 1/4: NVD CVE + unix + other software vulnerabilities, scanner detection plugins, exploits, bugbounty programs. Remaining 9% are different sorts of media resources.

Vulners object types

Object Type (family) | Amount | Procent, %
---|---|---
info | 34711 | 4
scanner | 144360 | 19
bugbounty | 147613 | 20
unix | 30763 | 4
blog | 31788 | 4
exploit | 163271 | 22
NVD | 94218 | 13
software | 77607 | 10

Finally, let's see when were these objects updated last time.

Vulners object updates

Date | Amount | Object
---|---|---
2017-02-18 | 1 | InfoWatch APPERCUT
2017-04-28 | 1 | OSVDB
2017-06-20 | 1 | Positive Technologies
2017-06-30 | 1 | Cisco
2017-07-20 | 1 | Malware exploit database
2017-07-22 | 1 | openbugbounty.org
2017-08-25 | 1 | Lenovo
2017-08-28 | 93 | Schneier on Security, Amazon Linux AMI, Silent Robot Systems, Apache Httpd, Huawei, WPScan Database, Information Security Automation, Nginx, Imperva Blog, Packet Storm, Zero Science Lab, Securelist, Hacker One, Drupal, Zero Day Initiative, Core Security, White Hats - Nepal, rdot.org, OpenVAS, Into the symmetry, Rapid7 Community, ownCloud, seebug.org, Krebs on Security, Binamuse, Palo Alto Networks, Microsoft Malware Protection, SUSE Linux, DSquare Exploit Pack, Wired Threat Level, NVD CVE, Symantec, Vulnerability Lab, Immunity Canvas, Talos Blog, VMware, TYPO3, 0day.today, KoreLogic Security, W3AF, Node.js, Debian Linux, Oracle Linux, Samba, NMAP, Trend Micro Simply Security, Filippo.io, Talos Intelligence, Mozilla, Anand Prakash's blog, Atlassian, Gentoo Linux, Hackapp, Web Security Log, Opera, Wallarm Lab, The Hacker News, Ivan 'd0znpp' Novikov, Xen Project, PenTestIT, Akamai Blog, Tenable Nessus, Exploit-DB, High-Tech Bridge, Carbon Black Blog, Metasploit, Richard Bejtlich's blog, XSSed, FireEye, Malwarebytes, Qualys Blog, OpenWrt, Slackware Linux, myhack58.com, ThreatPost, Ubuntu Linux, HackRead, OpenSSL, RedHat Linux, FreeBSD, ERPScan, Kaspersky Lab, Cent OS, ICS, Joomla!, F5 Networks, Arch Linux, PostgreSQL, CERT, Microsoft Vulnerability Research, SAINTexploit™, IBM AIX, Japan Vulnerability Notes

As you can see, most of the objects were successfully updated today. The delay of 3 days for Lenovo also does not look critical.

As for the other objects, such a long delay indicates that the parser was probably broken. So it was in case of openbugbounty, Cisco, Malware exploit database (www.pwnmalw.re site is down), Positive Technologies (however, Vulners has all currently available PT bulletins).

OSVDB project was officially closed, so there could not be any other objects of this type. And the Vulners.com joint project with InfoWatch APPERCUT also ended.

Yes, this is the life, parsers can easily break. But are there any other vulnerability databases will tell you this? Rather, you will simply stop seeing some new objects, as if they simply do not exist. Here everything is clear and you can always ask Vulners Team members how things stand with the support of this or that security object type.