I'm trying to extract all the CVEs and associated their CVSS scores from Shodan's API (JSON response). The response is typically in the format where the number after data depends on the number of services detected, example data:
- data :[
- 0 22/tcp/OpenSSH :{ … },
- 1 80/tcp/Apache httpd :{
- vulns :{
- "CVE-2013-6501" :{
- cvss :4.6,
- references :[ … ],
- summary :"The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c.",
Current search:
| curl method=get uri=https://api.shodan.io/shodan/host/"IP"?key=APIKEY
| spath input=curl_message path="data{0}.vulns" output=test_array
| mvexpand test_array
| spath input=test_array
| table CVE*.cvss
When using curl from WebTools, spath doesn't appear to be extracting all the fields (e.g. only 4 of the 15 CVEs are displayed in the table), likely because of the 5000 character limit for spath. Is there another method that would be able to keep data like the CVE, cvss and summary linked while splitting the data? Delim via comma seems like it wouldn't be possible since the summaries also include commas.
