Skip to content

Releases: cve-search/cpe-guesser

CPE Guesser v1.2 released - a tool or web service guess the CPE name based on one or more keywords.

23 Nov 16:21
@adulau adulau
v1.2
This tag was signed with the committer’s verified signature.
adulau Alexandre Dulaunoy
GPG key ID: 09E2CD4944E6CBCD
Learn about vigilant mode.
c5c74a4
This commit was signed with the committer’s verified signature.
adulau Alexandre Dulaunoy
GPG key ID: 09E2CD4944E6CBCD
Learn about vigilant mode.
Compare
Choose a tag to compare
CPE Guesser v1.2 released - a tool or web service guess the CPE name based on one or more keywords. Latest
Latest

Release Notes - CPE Guesser v1.2 (2024-11-23)

CPE Guesser is a command-line tool or web service designed to guess the CPE name based on one or more keywords. The resulting CPE can then be used with tools like cve-search or vulnerability-lookup to perform actual searches using CPE names.

We are glad to announce the release of CPE Guesser v1.2! This version introduces new features, significant updates, and various improvements to enhance usability and performance.

🚀 New Features

  • New API Endpoint:
    Added the /unique endpoint to return the best CPE matches, simplifying the process of finding the most relevant entries.
    Contributed by Alexandre Dulaunoy.

✨ Changes

  • Documentation Enhancements:

    • Added a contribution guide.
    • Updated the documentation to include details about the new /unique API endpoint.
      Contributed by Alexandre Dulaunoy.

  • Command-Line Improvements:
    Added the --unique option in the lookup command to retrieve the best-matching CPE.
    Contributed by Alexandre Dulaunoy.

  • Database Update:
    Transitioned from Redis to Valkey for better performance and reliability.
    Contributed by Alexandre Dulaunoy.

🛠️ Other Improvements

  • Documentation Updates:
    Enhanced and unified paths in installation instructions, linted markdown, and added syntax highlighting.
    Contributed by Esa Jokinen and Alexandre Dulaunoy.

  • GitHub Workflow Enhancements:

    • Added workflows for ShellCheck and Black formatting.
    • Updated to actions/checkout@v4, which uses Node.js 20.
    • Applied Black 24.3.0 formatting for Python code.
      Contributed by Esa Jokinen.

  • General Maintenance:

    • Merged pull requests to improve documentation and workflows.
    • Updated copyright years.
      Contributed by Alexandre Dulaunoy and Esa Jokinen.

A big thank you to all the contributors who made this release possible. Your efforts ensure the continued growth and improvement of CPE Guesser.

Assets 2
Loading

cpe-guesser version 1.1 released

09 Aug 13:36
@adulau adulau
v1.1
This tag was signed with the committer’s verified signature.
adulau Alexandre Dulaunoy
GPG key ID: 09E2CD4944E6CBCD
Learn about vigilant mode.
a228c7b
This commit was signed with the committer’s verified signature.
adulau Alexandre Dulaunoy
GPG key ID: 09E2CD4944E6CBCD
Learn about vigilant mode.
Compare
Choose a tag to compare
cpe-guesser version 1.1 released

v1.1 (2023-08-09)

Changes

  • [code] black. [Alexandre Dulaunoy]

Other

  • Merge pull request #10 from cosad3s/main. [Alexandre Dulaunoy]

    Add Docker & Docker-compose + external configuration

  • No error code if import.py exits with warning. [Sébastien Copin]

    It can block app restarting, especially with container usage

  • Add missing configuration in lib cpeguesser.py. [Sébastien Copin]

  • Update readme. [Sébastien Copin]

  • Add Docker & docker-compose. [Sébastien Copin]

  • Add external configuration. [Sébastien Copin]

  • Merge pull request #8 from FafnerKeyZee/patch-1. [Alexandre Dulaunoy]

    Fixing cpeweb service in case of failure

  • Fixing cpeweb service in case of failure. [Fafner [KeyZee]]

  • Merge pull request #7 from FafnerKeyZee/main. [Alexandre Dulaunoy]

    Adding systemd and logrotate

  • Adding systemd & logrotate. [Olivier Ferrand]

  • Adding systemd & logrotate. [Olivier Ferrand]

Assets 2
Loading

CPE guesser v1.0 released - guess CPE from one or more keyword(s)

19 Oct 16:36
@adulau adulau
v1.0
This tag was signed with the committer’s verified signature.
adulau Alexandre Dulaunoy
GPG key ID: 09E2CD4944E6CBCD
Learn about vigilant mode.
80f0542
This commit was signed with the committer’s verified signature.
adulau Alexandre Dulaunoy
GPG key ID: 09E2CD4944E6CBCD
Learn about vigilant mode.
Compare
Choose a tag to compare
CPE guesser v1.0 released - guess CPE from one or more keyword(s)

CPE guesser

CPE guesser is a command-line and web service to guess the CPE name based on one or more keyword(s). Then the result can be used against cve-search to do actual searches by CPE names. The algorithm made by @adulau is described there.

Public online version

cpe-guesser.cve-search.org is public online version of CPE guesser which can be used via a simple API (if you don't want to install this software). The endpoint is /search and the JSON is composed of a query list with the list of keyword(s) to search for.

curl -s -X POST https://cpe-guesser.cve-search.org/search -d "{\"query\": [\"outlook\", \"connector\"]}" | jq .
[
  [
    18117,
    "cpe:2.3:a:microsoft:outlook_connector"
  ],
  [
    60947,
    "cpe:2.3:a:oracle:oracle_communications_unified_communications_suite_connector_for_microsoft_outlook"
  ],
  [
    68306,
    "cpe:2.3:a:oracle:corporate_time_outlook_connector"
  ]
]

What's Changed

  • CPE guessing logic & database access as a class. by @oh2fih in #2
  • Implement the import process fully in Python by @oh2fih in #4
  • Optimization: replace format() with f-strings by @oh2fih in #5
  • chg: [lookup] use positional arguments for WORD(s) by @oh2fih in #6

New Contributors

  • @oh2fih made their first contribution in #2

Full Changelog: https://github.com/cve-search/cpe-guesser/commits/v1.0

Contributors

adulau and oh2fih
Assets 2
Loading