Home/ Questions/Q 7570083
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T15:19:49+00:00

I’m writing a program in Python that needs to use a site’s advanced search

  • 0

I’m writing a program in Python that needs to use a site’s advanced search options. Specifically, the search page is the NVC advanced search page . I know the names of the projects and versions I need to search for, so ideally the program would select the project names and versions numbers from the dropdown lists, then return the results page(s).

I’m totally unfamiliar with HTML and Javascript, and I’m fairly new to Python, so I don’t know if there’s a way to ‘click’ these dropdown menus via Python, then return the results. The fact that the Javascript makes an Ajax call further complicates the situation, since I can’t just load the page’s source and parse out the list of project names and version.

Can anyone with some Python/Javascript/Ajax experience send me in the right direction?

An example use of this program would be that I start out with the project “glibc’ and its version number ‘2.3.6’ The program would make sure that this combination is listed at all (which isn’t guaranteed), then return the results page (which has about 13 results).

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If a human user is using that search page, they click on one of the product links, which then load the list of products from another page, e.g.:

    http://web.nvd.nist.gov/view/vuln/cpe/cpe-chooser?index=0&component=Vendor

    This page is unfortunately not using JSON, so they have some custom javascript parsing for the response. The data from this response is then displayed as a drop-down for the user. When the user selects a product, the browser selects the correct value, so that when the form is submitted, it will be part of the query. e.g.:

    http://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_vendor=cpe%3A%2F%3Aa-a-s_application_access_server

    In this, cpe_vendor=cpe%3A%2F%3Aa-a-s_application_access_server is the important part. The part before the = sign is the field name, the part after is the selected value (which originally came from the ajax request). The funny %3A bits are URL-encoding.

    So you don’t actually need to interact with the page, since you know the names of the vendors and products for which you want to search; you just need to look up the field name (cpe_vendor for vendors) and the value for the specific products/vendors (cpe:/:a-a-s_application_access_server for my example above), then do a request to the normal search URL.

    • 0