I was looking for a daily updates for recent CVEs on Discord, but I was not able to spot anything on the internet. Then, I decided to spent some time building my own dirty Discord Bot.
There are many ways to do that of course. You can parse json/xml RSS from NIST source (this is our case) or other CVEs databases, looking for recent or modified CVEs. You can scrape the latest rated CVEs from any vulnerabilities website out there or get news from Twitter for example by using tweepy (Twitter API keys required of course).
In this case I decided to get the most recent CVEs directly from NIST RSS feed .
Implementation
First of all, create a Webhook integration on your Discord Server and copy the URL to your code.
# Discord Webhooks to send data
webhooks = { 'myserver.cve-feed':'https://discord.com/api/webhooks/<webhook here>'}
Use it in the python POST request as target url, something like:
response = requests.post(**webhook_url**, json=data)
where the json data refers to Discord’s structure, that you can find here https://discord.com/developers/docs/resources/webhook. But let’s take a closer look:
# Discord Message data structure
data = {
"content": "",
"username": "CVE Today",
"embeds": [{
"author": {
"name": "CVE Nist API",
"url": "",
"icon_url": "https://www.first.org/cvss/identity/cvss_web.png"
},
"description": "Latest Critical vulnerabilities",
"title": "Daily update " + datetime.datetime.now().strftime('%d/%m/%Y %H:%M'),
"fields": [],
"color": 16711680, # red:16711680, #green 48954, #yellow 15258703
}]
}
Sending the above data to Discord server, it will appear as follow:
This is the “rude way” of implementing the data structure. If this hurt your feelings, you can use the discord.py module to build it in an elegant way, something like:
embeds = **discord.Embed**(title='My Title', description='descripion here', color='16711680`‘`)
Parsing your data, in this case NIST API response, you can add some extra fields to the data structure, to add details to your bot message:
data['embeds'][0]['fields'].append({
'name': '',
'inline': True,
'value': ''
})
or, in case of discord module:
embeds.**add_field**(name='', value='', inline=True)
This will allow you to get a subset of elements within the message as shown in the next image:
Sending the message:
Now you can make a POST request to your webhook and receive an update of latest N available CVEs. Maybe a cron could be useful to fetch updates every day.
# Send data to Discord Server(s) via Webhooks
def update_bot(data):
for server,webhook_url in webhooks.items():
try:
result = requests.post(webhook_url, json=data)
result.raise_for_status()
except requests.exceptions.HTTPError as err:
print(err)
That’s all! You can find the full sample here https://github.com/adubaldo/discord-cve-bot