CVSS Calculator

Download CVSS 1.0

_______________________________

CVSS Calculator 1.0
Included 2 plugins
CVEDatabase Tracker0.2
CVSS Results Viewer 0.2
_______________________________

CVSS stands for Common vulnerability Scoring System. It helps to score 
vulnerabilities severity and determine urgency of response
and patch management.
For more advanced information about CVSS Scoring metrics, please refer 
to http://www.first.org/CVSS/.

As for myself, i've always had difficulties to score vulnerabilities 
since at this time there was any framework to rely on.
Upon discovering CVSS and understanding it, i adopted it as a reference 
for scoring vulnerabilities during my pentests and security audit sessions.

With the aim to make my work easier and faster, i've developed a little 
free software that helped me out to search and calculate
vulnerabilities. Today, the french security firm (HAPSIS) i'm working in, 
decided to make it free for download.
 
So, feel free to send me your suggestions or ideas for further development. 



(*) Changelog

CVSS Calculator 

1.0 - Linked with CVEDatabase Search
    - Keep a Database of previous scored vulnerabilities for further use. 
(Bad entries could be deleted)
    - bugs fixed

0.1 - Initial release
    - Based on CVSS metrics system



CVEDatabase Search Plugin
_________________________
[CVEDatabase Search is a free plugin used to maintain CVE vulnerability 
database up-to-date. 
You can use the update feature to download latest CVE file. 
The file is grabbed from this URL http://cve.mitre.org/cve/downloads/allitems.csv]

0.2 - Added update feature from CVE.mitre.org site
    - Display Entry and Candidate CVE entries
    - Double click to get more information on vulnerability.
    - Bugs fixed

0.1 - Initial release


CVSSResults Viewer Plugin
_________________________
[CVSS ResultsViewer is a free plugin used to manage previously scored 
vulnerabilities. You can
sort results by clicking on any row. This will help you to classify 
scores from high to low.
Critical vulnerabilities are those with the higher scores]

0.2 - Delete bad entry
    - Sorting vulnerabilities (click on row name)
    - Double click to get more information on Score
    - Bugs fixed

0.1 - Initiale release



List of Ideas for further development

+ Add URL web link to specified references 
(BID/CVE/OSVDB/OVAL/MS Microsoft/SunSolve/FRSirt/CERT/AIXAPAR....
+ More improved search option in CVEDatabase Search 
(search by Entry / Candidate / CVE / Vulnerability name)
+ Advanced management of Database CVSS scored Vulnerabilities
+ Create a database per audit/pentest session
+ Link vulnerability score with target (hostname/IP address/system...)
+ Create scoring public database for Base and temporal scores

________________________________

How-To

+ Unzip package latest Release into a directory and run CVSS-Calculator.exe.

Anyway, you should be familiar with CVE and CVSS scoring metrics. 
Please refer to cve.mitre.org and first.org/cvss for more information.

________________________________

Systems requirement

+ Runs on Windows Platforms (2000, XP, 2003)
+ Tested successfully on Linux boxes running WINE (Debian,Redhat,Ubuntu 
and BackTrack)

________________________________


Feel free to use it and distribute it as long as the README.TXT file 
is always enclosed.

________________________________

Suggestions, bug reporting to the author
nabil.ouchn@hapsis.fr
http://www.hapsis.fr