This project consists of a series of Python scripts designed to fetch and analyze vulnerability data from the API of the Turkish National Cyber Incident Response Center (USOM). The scripts are built to retrieve data, group vulnerabilities based on keywords found in their titles, and report on the most common threats.
The project evolved through three main stages:
usom_1.py: The initial script. It fetches all available vulnerability data from the API and identifies the top three most common keywords found within the parenthesis of vulnerability titles. It does not have any filtering capabilities.usom_2.py: An enhanced version that introduces command-line arguments to filter vulnerabilities. Users can provide a list of keywords to focus the analysis on specific products or vendors.usom_3.py: The most advanced version. It adds time-based filtering, allowing users to analyze data from a specific number of recent days (--last N days). It also improves the keyword filter, treating the absence of a keyword as a request to analyze all vulnerabilities for the specified period.
- Fetches all vulnerability data from the USOM API with pagination support.
- Groups vulnerabilities based on the first word found in parenthesis in their titles.
- Flexible filtering via command-line arguments:
- Filter by keywords (
--keywords). - Analyze data from the last N days (
--last).
- Filter by keywords (
- Includes a rate-limiting mechanism (
time.sleep()) to comply with the API's request limits (40 requests/minute).
-
Clone the repository to your local machine:
git clone [https://github.com/emregulerr/usom-vulnerability-analyzer.git](https://github.com/emregulerr/usom-vulnerability-analyzer.git)
-
Navigate into the project directory:
cd usom-vulnerability-analyzer -
Install the required dependencies:
pip install requests
The scripts are located in the src/ directory. Ensure you are in the project's root directory (usom-vulnerability-analyzer) when running the commands.
1. Analyze the top 3 vulnerabilities from the last 30 days:
(Using usom_3.py is recommended for most use cases)
python src/usom_3.py --last 302. Find the most common "Google" and "Microsoft" vulnerabilities from the last 90 days:
python src/usom_3.py --last 90 --keywords "Google,Microsoft"3. Analyze all-time data for specific keywords (using usom_2.py):
Note: This might take a long time as it fetches all data from the API.
python src/usom_2.py --keywords "Adobe,Cisco,Apple"This project can be further enhanced in several areas:
- Advanced Error Handling: Implement more robust error handling to manage different HTTP status codes or API response issues gracefully.
- Data Validation: Add a layer to validate the structure of the API response to handle unexpected format changes.
- Caching Mechanism: To reduce redundant API calls and speed up execution, a local caching mechanism could be implemented.
- Data Visualization: Use libraries like
matplotliborseabornto create charts and graphs, providing more intuitive insights into vulnerability trends. - Modularization: Refactor the code into smaller, reusable functions or modules to improve maintainability and readability.
Contributions are welcome! If you have ideas for improvements or want to add new features, please feel free to open an issue to discuss your ideas or submit a pull request.
This project is licensed under the MIT License. See the LICENSE file for details.