Skip to content

Instantly share code, notes, and snippets.

@hrbrmstr
Created October 30, 2022 11:09
Show Gist options
  • Save hrbrmstr/e778a111b35e6a4c0b5763aec31c6c6e to your computer and use it in GitHub Desktop.
Save hrbrmstr/e778a111b35e6a4c0b5763aec31c6c6e to your computer and use it in GitHub Desktop.
Turn CISA's KEV JSON into a bare-bones RSS feed
#!/usr/bin/Rscript
kev <- jsonlite::fromJSON("https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json")
vulns <- kev$vulnerabilities
vulns <- vulns[nrow(vulns):1,]
rss_body <- '
<rss version="2.0">
<channel>
<title><![CDATA[CISA Known Exploited Vulnerabilities Catalog]]></title>
<link>https://www.cisa.gov/known-exploited-vulnerabilities-catalog</link>
<description><![CDATA[For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild: the Known Exploited Vulnerability (KEV) catalog. CISA strongly recommends all organizations review and monitor the KEV catalog and prioritize remediation of the listed vulnerabilities to reduce the likelihood of compromise by known threat actors.]]></description>
%s
</channel>
</rss>
'
rss_item <- '
<item>
<title><![CDATA[%s]]></title>
<link>%s</link>
<guid>%s</guid>
<description><![CDATA[%s]]></description>
</item>
)'
urlencode <- function(.x) sapply(.x, URLencode, USE.NAMES = FALSE)
link_and_guid <- urlencode(file.path("https://nvd.nist.gov/vuln/detail", vulns$cveID))
sprintf(
rss_body,
paste0(
sprintf(
rss_item,
sprintf("%s: [%s] %s", vulns$dateAdded, vulns$cveID, vulns$vulnerabilityName),
link_and_guid,
link_and_guid,
vulns$shortDescription
),
collapse = "\n"
)
) -> out
cat(out, file="/var/sites/rud.is/cisa-kev.rss")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment