Context Navigation

OSVDB 2.0 Goodness

Search Engines

2.0 runs a lucene based query engine, allowing for some pretty crazy stuff.

in the "text" field of the advanced search page, do:

complete:[50 TO *]

for all vulns 50% complete or higher

osvdb_id:[500 TO 600]

all vulns with osvdb_id between 500 and 600

then mix it up:

( ( osvdb_id:[2000 TO 5000] AND ( referencetypes:SECUNIA OR referencetypes:CVEID ) ) AND title:XSS AND get_location_remote:true ) AND complete:[80 TO *]

all in the text field, for all vulns between osvdb_id 2000 and 5000 with the listed reference types, having XSS in the title with a remote vector that are 80% complete or more

You can also use this in concert with the other search fields, but keep in mind they all append with AND, so if you need OR's to create a complex query, do so manually and with the text box. It is rather powerful.

Fuzzy Searches

The query language supports taking it a step further:

say you are looking for a specific word that may or may not be misspelled, you can execute a fuzzy search on it:

roaming~0.8

0 means really fuzzy, 1 means not fuzzy

Proximity searches

To search for words within a distance of each other, do:

"Microsoft XSS"~10

That'll look for Microsoft and XSS within 10 words of each other.

Boosting

You can boost terms as well. So say you are looking for Microsoft Windows XSS, and you want Microsoft Windows to be the primary driver of the search, you can boost it like this:

"Microsoft Windows"^4 XSS

To boost it by a factor of 4.

Operators

You can use AND, OR, and NOT in queries (note that you can't however begin a search with NOT (or any other operator)

you can specify keywords and their requirements like this:

+microsystems java

That requires the term microsystems, and leaves java optional (but an entry will receive a higher score if java is also present, obviously)

Wildcarding

You can wildcard to your hearts content on text fields:

micro?oft

microsoft*

question mark wildcards a single character.

Certain fields are numeric ranges only, however.

You can't ask the question:

complete:asdf

Nor can you ask

title:[0 TO 300]

Field Documentation

The fields are as such:

text fields:

getSNORT, getCVEID,getBID,getNESSUS,getFRSIRT,getISS,getSECUNIA,getCERT,getCERTVU,getRELOSVDBID,getSECURITYTRACKER,getOVAL,getCIAC
title,referencetypes,vendors,title,short_description,keywords

integer ranges:

complete, osvdb_id

date ranges:

created_on, updated_on, disclosure_date

boolean:

get_location_physical, get_location_remote, get_location_dialup, get_location_local, get_location_unknown, 
get_attack_type_auth_manage, get_attack_type_crypt, get_attack_type_dos, get_attack_type_hijack, 
get_attack_type_info_disclose, get_attack_type_infrastruct, get_attack_type_input_manip, get_attack_type_miss_config, 
get_attack_type_race, get_attack_type_other, get_attack_type_unknown, get_impact_confidential, get_impact_integrity, 
get_impact_available, get_impact_unknown, get_exploit_available, get_exploit_unavailable, get_exploit_rumored, 
get_exploit_unknown, get_vuln_verified, get_vuln_myth_fake, get_vuln_best_prac, get_vuln_concern, 
get_vuln_web_check, get_location_wireless, get_location_mobile, get_solution_no, get_solution_patch, 
get_solution_workaround, get_solution_change_default, get_solution_discontinued, get_solution_upgrade, 
get_vuln_wormified, get_vendor_disputed, get_vendor_verified, get_location_local_remote, 
get_vendor_coordinated_disclosure, get_vendor_uncoordinated_disclosure, get_solution_unknown, 
get_vuln_context, get_vuln_authentication_required, get_vuln_vuln_dependent, get_vuln_third_party_verified, 
get_solution_third_party, get_vuln_security_software

Download in other formats:

Plain Text