I wanted to share a new Windows PowerShell & PowerShell Core module I have released to the PowerShell Gallery called PSCVSS.
PSCVSS is a Script Module that can be used to calculate a CVSS (Common Vulnerability Scoring System) 3 Score by providing a
PSCVSS calculates a CVSS score all locally and does NOT communicate with any APIs. This module works on Windows PowerShell as well as PowerShell Core.
PSCVSS returns the Base, Temporal, Environmental and CVSS Score based on a provided Vector String.
If you’re not familiar, CVSS is a standard used by almost all Vulnerability Management and CVE repository to provide a repeatable way to determine the risk of a specific vulnerability. From my searching this capability was not previously available in a PowerShell Module, so I wrote it to take a Vulnerability/CVE Vector and calculate the overall score/risk of the provided string.
You can retrieve a Vector string from the NVD (National Vulnerability Database). For example, this vulnerability was released on April 1st: https://nvd.nist.gov/vuln/detail/CVE-2017-16774
The Vector String for this vulnerability is provided:
PSCVSS you can calculate the score locally without communicating with third-party APIs:
First you can download PSCVSS from the PowerShellGallery:
Install-Module -Name PSCVSS
Additionally, you can clone the repository:
git clone firstname.lastname@example.org:swimlane/PSCVSS.git
You first need to import the module into your current PowerShell session:
Import-Module -Name PSCVSS -Force
Now that PSCVSS is installed on your machine, you can run the
Get-CVSSScore Function. At this time, you can provide a
VectorString that you have written yourself or retrieved from a third-party service:
Get-CVSSScore -VectorString 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'
You can also pipe your
VectorString to this function:
'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N' | Get-CVSSScore
Thanks for taking the time to look at PSCVSS. In the future I plan on expanding this functionality so that you can provide a set of key value pairs and in return it will give you different options based on opposite values.
You can find
- GitHub: https://github.com/swimlane/PSCVSS
- PowerShellGallery: https://www.powershellgallery.com/packages/PSCVSS/18.104.22.168