CVEFinder - 快速的CVE查询与产品级映射
嗨,HN,
我在进行漏洞赏金和漏洞研究时开发了CVEFinder。我不断遇到NVD风格的CPE匹配问题:搜索速度慢、产品映射不正确,以及难以回答像“哪些产品受到这个CVE影响?”这样简单的问题。
CVEFinder的重点是:
* 快速的CVE查找
* 更清晰的厂商/产品/版本映射
* 按现实世界产品过滤CVE
* 提供API接口以便于自动化和工具使用
目前仍处于早期阶段,功能尚不完整,我正在根据反馈积极迭代。我特别希望能听到安全工程师和研究人员的意见,尤其是关于:
* 您认为CVE数据中的空白
* 现有CVE数据库的痛点
* 什么能让这个工具在日常工作中真正有用
欢迎提出任何技术问题。
查看原文
Hi HN,<p>I built CVEFinder while doing bug bounty and vulnerability research. I kept running into issues with NVD-style CPE matching: slow searches, incorrect product mappings, and difficulty answering simple questions like “which products are affected by this CVE?”<p>CVEFinder focuses on:<p>* fast CVE lookup
* clearer vendor/product/version mapping
* filtering CVEs by real-world products
* API access for automation and tooling<p>It’s still early and incomplete, and I’m actively iterating based on feedback. I’d especially love input from security engineers and researchers on:<p>* gaps you see in CVE data
* pain points with existing CVE databases
* what would make this actually useful in daily work<p>Happy to answer any technical questions.