NVIP is an open source Java platform that provides an efficient management of the software vulnerability data.
- NVIP is a publicly available resource providing rich, near real-time CVE intelligence.
- Provides near real time detection of disclosed vulnerabilities using automated mining techniques to check CVE Numbering Authority (CNA) web sites and many other online sources.
- It crawls a given list of vulnerability sources (links) and creates a dynamic database of Common Vulnerabilities and Exposures (CVE).
- Provides AI/ML-based CVE Characterization via NIST’s Vulnerability Description Ontology (VDO) framework.
- Automated CVSS scoring based on the Common Vulnerability Scoring System Version 3.1 specification.
- Automated SSVC Scoring
- Automatically reconciles CVEs description using Apache Open NLP to find the best description.
- Uses LSTM/Word2Vec to extract affected Common Platform Enumeration (CPE) product names from free-form CVE descriptions.
- Automated collection of patches and fixes for software vulnerabilities.
- Automated collection of proof of concept exploitation codes and maping them to CVEs.
For more details about each component please refer to the Readme files under each directory.
The back end platform that does all CVE mining, characterization, product name extraction, and CVSS scoring etc.
The proof-of-concept user interface that lists crawled and characterized CVEs.
The repository that includes the training data sets and required resources for CVE characterization, product name extraction and CVSS scoring.
To start using nvip:
-
Install MySQL (version 8) as well as MYSQL workbench and Command Line Client.
-
Create the nvip database by executing the SQL script provided at "nvip_data/mysql-database" in the MySQL Workbench. The script can be executed in a query editor in the MySQL Workbench (File/New Query Tab).
-
Once the database is created, run the jar file named "nvip-1.0.jar", by opening the command prompt and executing the command "java -Xms8G -Xmx16G -jar nvip-1.0.jar". The system will scrape CVE sources (URLs) included in the 'nvipsourceurl' table and update CVEs in the MySQL database.
-
To start viewing scraped CVEs, install the nvip_ui project. For details about how to setup the nvip_ui project, please follow the instructions in "nvip_ui/Readme.md".
Note: To have the most up-to-date CVE sources in the nvipsourceurl table in mysql, you may want to run the CVE source update tool by: "java -Xms1G -Xmx4G -cp "nvip-1.0.jar;nvip_lib/*" edu.rit.se.nvip.cvesource.UpdateNvipSourceUrlList"
- Mehdi Tarrit Mirakhorli, Project Lead and Principal Investigator
- Ahmet Okutan, Senior Research Developer
- Chris Enoch, Senior Project Manager
- Peter Mell, Collaborator
- Igor Khokhlov, Researcher
- Joanna Cecilia Da Silva Santos, Researcher
- Danielle Gonzalez, Researcher
- Celeste Gambardella, Researcher
- Olivia Gallucci, Vulnerability Researcher
- Steven Simmons, Developer
- Ryan Bryla, Developer
- Andrew Pickard, Developer
- Brandon Cooper, Developer
- Braden Little, Developer
- Adam Pang, Developer
- Anthony Ioppolo, Developer
- Andromeda Sawtelle, Developer
- Corey Urbanke, Developer
- James McGrath, Developer
- Matt Moon, Developer