--- name: cve-search description: Searches the NIST NVD database for CVE vulnerabilities using API 2.0. Returns CVE details, CVSS scores, affected software, and references. Use when user asks about "CVE", "vulnerability database", "NIST", "NVD", "security advisory", "CVE-2024", "CVE-2023", "脆弱性", "セキュリティアドバイザリ", or wants to find known vulnerabilities for specific software. --- # CVE Search 🔍💰 Search the National Vulnerability Database for known vulnerabilities. Every CVE you find in your target's stack is potential bounty money. ## Why CVE Hunting Matters ``` You: "They're running jQuery 3.4.1" NVD: "CVE-2020-11023 - XSS in jQuery < 3.5.0" You: "That's a free $500-$2,000 finding" ``` ## Quick Start ```bash # Search by keyword (e.g., software name) cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --keyword "jquery" # Search by specific CVE ID cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --cve "CVE-2021-44228" # Search by CWE (find all XSS CVEs) cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --cwe "CWE-79" # Search by severity cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --keyword "apache" --severity "CRITICAL" # Recent CVEs (last 30 days) cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --keyword "wordpress" --days 30 # JSON output cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --keyword "react" --json ``` ## API Parameters | Parameter | Description | Example | |-----------|-------------|---------| | `--keyword` | Search term (software, vendor) | `--keyword "react"` | | `--cve` | Specific CVE ID | `--cve "CVE-2023-12345"` | | `--cwe` | CWE ID filter | `--cwe "CWE-89"` | | `--severity` | CVSS v3 severity | `--severity "HIGH"` | | `--days` | Published in last N days | `--days 90` | | `--limit` | Max results (default 10) | `--limit 20` | ## Severity Levels | Severity | CVSS Score | Bounty Potential | |----------|------------|------------------| | CRITICAL | 9.0 - 10.0 | $5,000 - $50,000+ | | HIGH | 7.0 - 8.9 | $2,000 - $10,000 | | MEDIUM | 4.0 - 6.9 | $500 - $3,000 | | LOW | 0.1 - 3.9 | $100 - $500 | ## Response Format ```markdown ### CVE-2021-44228 (Log4Shell) 💰💰💰 **Severity**: CRITICAL (10.0) **Bounty Estimate**: $10,000 - $50,000+ **Summary**: Apache Log4j2 allows RCE via JNDI lookup in log messages... **Affected Versions**: - Apache Log4j 2.0-beta9 to 2.14.1 **CWE**: CWE-502 (Deserialization of Untrusted Data) **Attack Vector**: - Network exploitable - No authentication required - User interaction: None **References**: - https://nvd.nist.gov/vuln/detail/CVE-2021-44228 - https://logging.apache.org/log4j/2.x/security.html **Exploit Available**: Yes (public exploits exist) ``` ## Hunting Workflow 1. **Identify Stack**: What software/versions is the target using? 2. **Search NVD**: Look for CVEs affecting those versions 3. **Assess Impact**: Can you actually exploit it on the target? 4. **Document**: Include CVE reference in your report ## Rate Limiting - **Public API**: 5 requests per 30 seconds - **With API Key**: 50 requests per 30 seconds The script automatically handles rate limiting with delays. ## Pro Tips ### Stack Fingerprinting ```bash # Check JavaScript libraries curl -s target.com | grep -oE '(jquery|react|angular|vue)[^"]*\.js' # Check response headers curl -I target.com | grep -i 'x-powered-by\|server' # Then search for CVEs npx cve-search --keyword "nginx 1.18" ``` ### High-Value Targets ```bash # Log4j (still paying out) npx cve-search --cve "CVE-2021-44228" # Spring4Shell npx cve-search --cve "CVE-2022-22965" # Recent critical CVEs npx cve-search --severity "CRITICAL" --days 90 ``` ### CWE-based Hunting ```bash # Find all SQL injection CVEs npx cve-search --cwe "CWE-89" --keyword "wordpress" # Find all XSS CVEs for jQuery npx cve-search --cwe "CWE-79" --keyword "jquery" ``` ## Output Fields | Field | Description | |-------|-------------| | `id` | CVE identifier | | `description` | Vulnerability summary | | `severity` | CRITICAL/HIGH/MEDIUM/LOW | | `score` | CVSS v3 base score | | `cwes` | Related CWE identifiers | | `affected` | Affected software/versions | | `references` | Links to advisories/patches | | `published` | Publication date | | `exploitAvailable` | Whether public exploit exists | ## External Resources - [NVD Search](https://nvd.nist.gov/vuln/search) - [NVD API Documentation](https://nvd.nist.gov/developers/vulnerabilities) - [Exploit Database](https://www.exploit-db.com/) - [CVE Details](https://www.cvedetails.com/)