Vulnerability details app

Let's imagine you are working as an ethical hacker/penetration tester. You have finished testing the given application and software. You would like to look up some CVE-s for this product. You are observing that your number one site which you always use is down. You have always dreamed to do a better version of that site anyway long time ago.

The followings are the requirements.

  • The app should be able to get vulnerability details from the public API (https://cve.circl.lu/api/)
  • The app should be able to implement a search function where someone can search for:
    • CVE number
    • Free text search (e.g. wordpress, microsoft, SQLi, xss, java) which shows all the related vulnerabilities
  • The app should be able to show a nice "statistics" about the vulnerabilities per vendor per given year (e.g. microsoft 2017)
  • The app should be able to subscribe someone for a "keyword" with e-mail
    • For example if someone subscribe for "Wordpress" keyword then the app sends out an e-mail if there is a NEW vulnerability related to Wordpress

pentest vulnerability app

Criteria

  • Usability/ nice GUI / nice representation.
  • 1 point
  • Search function implemented.
  • 1 point
  • Nice free search implemented.
  • 1 point
  • "Show Statistics" function implemented.
  • 2 point
  • Working e-mail subscription function.
  • 3 point
  • Anything new or fancy which is not described above, but shows something interesting from a security tester point of view.
  • 1 point
  • EXTRA: Cool social engineering attempts against us.
  • 1 point

Submission

With your questions and submission, find the responsible person for this challenge (Ványi Rajmond).