get-capec 1.5.0

Tools for CVE managing, exploring and collect some data about their weaknesses and classifications
get-capec-1.5.0 is not a library.

Tyr - get-capec

Installation

cargo install get-capec

Purpose

This command line utility explore the list of CAPEC according to the cwe id.

Usage

To explore a CAPEC :

get-capec id CAPEC-15

To search some CAPEC according to criterias :

get-capec search 'description = HTTP or Java'

[ Id: CAPEC-31 ]
▶︎ Name: Accessing/Intercepting/Modifying HTTP Cookies (Abstraction: Detailed. Status: Draft.)
  ⌦ Description
    ⇢ This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. There are several different forms of this attack. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the adversary to impersonate the remote user/session. The third form is when the cookie's content is modified by the adversary before it is sent back to the server...
...
[ Id: CAPEC-32 ]
▶︎ Name: XSS Through HTTP Query Strings (Abstraction: Detailed. Status: Draft.)
  ⌦ Description
    ⇢ An adversary embeds malicious script code in the parameters of an HTTP query string and convinces a victim to submit the HTTP request that contains the query string to a vulnerable web application...
...

To explore all options run get-capec help

Authors and acknowledgment

Help will be appreciated. All tools will be developed with rust technology.

License

This project is under MIT license.

Project status

This project is under development and all contributions are welcome.

These tools are provided without any guaranties.