├── epss_checker ├── __init__.py └── epss_checker.py ├── .gitignore ├── setup.py ├── LICENSE ├── README.md └── CONTRIBUTING.md /epss_checker/__init__.py: -------------------------------------------------------------------------------- 1 | from epss_checker import epss_checker -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | build/lib/epss_checker/__init__.py 3 | build/lib/epss_checker/epss_checker.py 4 | dist/epss-checker-0.1.0.tar.gz 5 | *.gz 6 | epss_checker.egg-info/top_level.txt 7 | epss_checker.egg-info/SOURCES.txt 8 | epss_checker.egg-info/requires.txt 9 | epss_checker.egg-info/PKG-INFO 10 | epss_checker.egg-info/entry_points.txt 11 | epss_checker.egg-info/dependency_links.txt 12 | dist/epss_checker-0.2.0-py3-none-any.whl 13 | dist/epss_checker-0.1.0-py3-none-any.whl 14 | *.whl 15 | -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | from setuptools import setup, find_packages 2 | 3 | setup( 4 | name='epss-checker', 5 | version='1.0', 6 | packages=find_packages(), 7 | install_requires=[ 8 | 'requests', 9 | ], 10 | entry_points={ 11 | 'console_scripts': [ 12 | 'epss-checker=epss_checker.epss_checker:main', 13 | ], 14 | }, 15 | author='Omar Santos', 16 | author_email='santosomar@gmail.com', 17 | description='A client to query the FIRST EPSS API for CVE EPSS scores', 18 | long_description=open('README.md').read(), 19 | long_description_content_type='text/markdown', 20 | url='https://github.com/santosomar/epss-client', 21 | classifiers=[ 22 | 'Programming Language :: Python :: 3', 23 | 'License :: OSI Approved :: MIT License', 24 | 'Operating System :: OS Independent', 25 | ], 26 | ) 27 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 Omar Santos 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # EPSS Checker 2 | 3 | A Python client to query the FIRST EPSS API for CVE EPSS scores. This tool allows users to easily fetch EPSS scores for different CVEs right from the command line. 4 | 5 | ## Installation 6 | 7 | Before installing the EPSS Checker, make sure you have Python 3.6+ installed on your system. You can install the EPSS Checker using pip: 8 | 9 | ```sh 10 | pip install epss-checker 11 | ``` 12 | 13 | ## Usage 14 | 15 | You can use the EPSS Client from the command line as follows: 16 | 17 | ```sh 18 | epss-checker CVE-XXXX-XXXX 19 | ``` 20 | 21 | Replace `CVE-XXXX-XXXX` with the actual CVE identifier you want to query. The tool will fetch the EPSS score for the given CVE identifier and display it in the console. The following is the help message of the tool: 22 | 23 | ```sh 24 | ┌──(omar㉿websploit)-[~] 25 | └─$ epss-checker -h 26 | usage: epss-checker [-h] [-s] cve_id 27 | 28 | EPSS-Checker 29 | Author: @santosomar 30 | A tool to fetch EPSS scores for CVEs from the FIRST EPSS API. 31 | 32 | positional arguments: 33 | cve_id The CVE identifier to query (format: CVE-XXXX-XXXX) 34 | 35 | options: 36 | -h, --help show this help message and exit 37 | -s, --silent Only display the EPSS score, without any additional text 38 | ``` 39 | 40 | 41 | ## Contributing 42 | To contribute to this project, please read the [CONTRIBUTING](CONTRIBUTING.md) file. 43 | 44 | 45 | 46 | ## License 47 | 48 | This project is licensed under the MIT License. See the [LICENSE](LICENSE.md) file for details. 49 | -------------------------------------------------------------------------------- /epss_checker/epss_checker.py: -------------------------------------------------------------------------------- 1 | ''' 2 | EPSS Checker: A client to retrieve the EPSS score for a CVE ID from the FIRST EPSS API. 3 | Author: Omar Santos @santosomar 4 | Version: 1.0 5 | ''' 6 | 7 | # Import the required libraries 8 | import requests 9 | import argparse 10 | 11 | def get_epss_score(cve_id): 12 | ''' 13 | This function retrieves the EPSS score for a CVE ID from the FIRST EPSS API. 14 | Parameters: 15 | cve_id (str): The CVE ID to retrieve the EPSS score for. 16 | ''' 17 | url = f"https://api.first.org/data/v1/epss?cve={cve_id}" 18 | response = requests.get(url) 19 | 20 | if response.status_code == 200: 21 | data = response.json() 22 | if 'data' in data and data['data']: 23 | epss_info = data['data'][0] 24 | if 'epss' in epss_info: 25 | return epss_info['epss'] 26 | else: 27 | return "EPSS score not found in the data dictionary" 28 | else: 29 | return "EPSS score not found in the response" 30 | else: 31 | return f"Failed to retrieve data. HTTP Status code: {response.status_code}" 32 | 33 | def main(): 34 | parser = argparse.ArgumentParser(description=""" 35 | EPSS-Checker 36 | Author: @santosomar 37 | A tool to fetch EPSS scores for CVEs from the FIRST EPSS API.""", formatter_class=argparse.RawTextHelpFormatter) 38 | parser.add_argument('cve_id', help='The CVE identifier to query (format: CVE-XXXX-XXXX)') 39 | parser.add_argument('-s', '--silent', action='store_true', help='Only display the EPSS score, without any additional text') 40 | 41 | args = parser.parse_args() 42 | 43 | epss_score = get_epss_score(args.cve_id) 44 | 45 | if args.silent: 46 | print(epss_score) 47 | else: 48 | print(f"The EPSS score for {args.cve_id} is: {epss_score}") 49 | 50 | if __name__ == "__main__": 51 | main() 52 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing to EPSS Client 2 | 3 | First off, thank you for considering contributing to the EPSS Client. It's people like you that make EPSS Client such a great tool. 4 | 5 | Here are some ways you can contribute: 6 | 7 | ## Reporting Bugs 8 | 9 | - **Ensure the bug was not already reported** by searching on GitHub under [Issues](https://github.com/santosomar/epss-client/issues). 10 | - If you're unable to find an open issue addressing the problem, [open a new one](https://github.com/santosomar/epss-client/issues/new). Be sure to include a **title and clear description**, as much relevant information as possible, and a **code sample** or an **executable test case** demonstrating the expected behavior that is not occurring. 11 | 12 | ## Suggesting Enhancements 13 | 14 | - **Determine [which repository the enhancement should be suggested in](https://github.com/santosomar/epss-checker/issues)**. 15 | - **Perform a [cursory search](https://github.com/santosomar/epss-checker/issues)** to see if the enhancement has already been suggested. If it has, add a comment to the existing issue instead of opening a new one. 16 | - When you open a new enhancement suggestion, include as many details as possible. Fill in the template, including the steps that you imagine you would take if the feature you're requesting existed. 17 | 18 | ## Code Contribution 19 | 20 | 1. **Fork** the repository on GitHub. 21 | 2. **Clone** the forked repo to your local machine. 22 | 3. **Set up a branch** for the feature or fix you are working on. 23 | 4. **Make your changes** and test them thoroughly. 24 | 5. **Commit** your changes in your branch. 25 | 6. **Push** your changes to your fork on GitHub. 26 | 7. Create a **Pull Request** from your fork back to the original repository. 27 | 8. Please **include a detailed description** of the changes in the Pull Request. 28 | 29 | ## Coding Conventions 30 | 31 | - Code should adhere to the PEP 8 style guide for Python code. 32 | - Include inline documentation where necessary. 33 | - Write tests for new features or bug fixes. 34 | 35 | ## Pull Request Process 36 | 37 | 1. Ensure any install or build dependencies are removed before the end of the layer when doing a build. 38 | 2. Update the README.md with details of changes to the interface, this includes new environment variables, exposed ports, useful file locations, and container parameters. 39 | 3. Increase the version numbers in any examples files and the README.md to the new version that this Pull Request would represent. 40 | 4. You may merge the Pull Request in once you have the sign-off of two other developers, or if you do not have permission to do that, you may request the second reviewer to merge it for you. 41 | 42 | ## Code of Conduct 43 | 44 | Please note that this project is released with a [Contributor Code of Conduct](https://www.contributor-covenant.org/version/2/0/code_of_conduct/). By participating in this project you agree to abide by its terms. 45 | 46 | Thank you for contributing! 47 | --------------------------------------------------------------------------------