From CVE to Kill Chain: Visualize Your Threat Landscape with the Open Source CVE2CAPEC Tool
CVE2CAPEC
CVE2CAPEC is a free and open source MITRE ATT&CK Navigator generator. Give it a list of CVEs, and it computes automatically all CWEs, CAPECs and MITRE ATT&CK Techniques to draw the appropriate MITRE ATT&CK matrix.
This project allows you to manage get all new CVE with their CWE, CAPEC, MITRE ATT&CK and MITRE D3FEND Techniques. All CVE data are stored in database folder.
CVE2CAPEC does not need to be run by yourself. In fact, github actions update the database every day at 00:05 UTC so you can get the new CVE with all their data in results/new_cves.jsonl.
However, if you want to run this project by your own :
Installation
[pastacode lang=”markup” manual=”git%20clone%20https%3A%2F%2Fgithub.com%2FGaleax%2FCVE2CAPEC.git%0Acd%20CVE2CAPEC%0Apip%20install%20-r%20requirements.txt” message=”” highlight=”” provider=”manual”/]
Update databases
[pastacode lang=”markup” manual=”python%20update_capec_db.py%0Apython%20update_cwe_db.py%0Apython%20update_technique_db.py%0Apython%20update_defend_db.py” message=”” highlight=”” provider=”manual”/]
1. Get new CVEs
python retrieve_cve.py
python cve2cwe.py
python cwe2capec.py
python capec2technique.py
python technique2defend.py
Source: https://github.com/Galeax/
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
