Skip to content

shodan_idb: enrich CVE findings with severity and CVSS#3082

Merged
liquidsec merged 5 commits into
devfrom
shodan-cve-enrichment
Jun 16, 2026
Merged

shodan_idb: enrich CVE findings with severity and CVSS#3082
liquidsec merged 5 commits into
devfrom
shodan-cve-enrichment

Conversation

@liquidsec

Copy link
Copy Markdown
Collaborator

Summary

  • shodan_idb's possible-vulnerability FINDINGs were emitted with severity MEDIUM and a description that listed only CVE IDs and no host. This change fetches per-CVE severity and CVSS from Shodan's CVEDB (no API key) and renders them inline in the description, sorted highest-CVSS first.
  • The FINDING's overall severity is hard-coded to INFO since shodan_idb only matches Shodan banners and does not confirm exploitability — escalating to CRITICAL based on a banner-derived CVE list is misleading.
  • CVE detail lookups are cached per-scan (in-memory on the module instance) so repeat occurrences across hosts don't trigger duplicate requests.

Example FINDING (live scan against a host with 17 OpenSSH CVEs):

Severity: [INFO] Confidence: [LOW] Shodan reported possible vulnerabilities for 192.35.79.229: CVE-2023-38408 [CRITICAL, 9.8], CVE-2008-3844 [CRITICAL, 9.3], CVE-2024-6387 [HIGH, 8.1], CVE-2026-35385 [HIGH, 7.5], ...

Per-CVE severity and CVSS are looked up from Shodan's CVEDB and rendered
inline in the FINDING description (sorted highest-CVSS first). Lookups
are cached per-scan to avoid duplicate requests. Overall FINDING
severity is hard-coded to INFO since shodan_idb only matches banners and
does not confirm exploitability.
Comment thread bbot/test/test_step_2/module_tests/test_module_shodan_idb.py Fixed
Comment thread bbot/test/test_step_2/module_tests/test_module_shodan_idb.py Fixed
@github-actions

github-actions Bot commented May 7, 2026

Copy link
Copy Markdown
Contributor

🚀 Performance Benchmark Report

⚠️ No current benchmark data available

This might be because:

  • Benchmarks failed to run
  • No benchmark tests found
  • Dependencies missing

@codecov

codecov Bot commented May 7, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 91.66667% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 90%. Comparing base (1f3adf1) to head (7a4b430).
⚠️ Report is 35 commits behind head on dev.

Files with missing lines Patch % Lines
bbot/modules/shodan_idb.py 86% 7 Missing ⚠️
Additional details and impacted files
@@          Coverage Diff           @@
##             dev   #3082    +/-   ##
======================================
- Coverage     90%     90%    -0%     
======================================
  Files        451     453     +2     
  Lines      45577   45894   +317     
======================================
+ Hits       40766   41039   +273     
- Misses      4811    4855    +44     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

liquidsec and others added 2 commits May 11, 2026 11:46
…ring sanitization'

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@ausmaster ausmaster added this to the BBOT 3.0 - blazed_elijah milestone May 20, 2026
@liquidsec liquidsec mentioned this pull request Jun 15, 2026
28 tasks
Batch CVEDB lookups via request_batch_stream (2min -> 3s), port test
to blasthttp_mock, dedup vulns, fix 0.0 CVSS or-chain, add cross-host
cache test.
Comment thread bbot/test/test_step_2/module_tests/test_module_shodan_idb.py Dismissed
@ausmaster ausmaster self-requested a review June 16, 2026 22:47
@ausmaster

ausmaster commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

A very nice module now :D

@liquidsec liquidsec merged commit d19106e into dev Jun 16, 2026
15 checks passed
@liquidsec liquidsec deleted the shodan-cve-enrichment branch June 17, 2026 11:55
@liquidsec liquidsec mentioned this pull request Jul 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants