Data Crawling for Malware Analysis for Holistic Prevention of Future Exploits

Ransomware has been an ever-living threat since the time of its inception to the present day as computers and data hold more significance and are pivotal as to how individuals and businesses operate in society. Its persistence results in huge amounts of funds extorted from its victims and an ever-growing market for the creation of newer incessant versions and variations. Such type of malware is responsible for the losses of millions of dollars per annum. To combat this, the Common Vulnerabilities and Exposures (CVE) list had been launched for public usage to identify, define and catalog publicly disclosed vulnerabilities. These vulnerabilities provide data which can be used to derive upon a fix but could also be used to exploit systems that have not yet been patched. While CVE has grown and continues to grow as a useful tool for IT professionals to pool their efforts and undertake these vulnerabilities to reinforce our cyberspace and computer systems, it is not ideal for an individual or organization to sift through the CVE records one-by-one due to its huge amount of current data of vulnerabilities available in CVE. Instead, this process can be further expedited using web crawling and data representation and presentation. This can be done with Python due to its ability to create complex analytical programs without the need to learn complex programming syntaxes and data types as compared to traditional programming languages. In this paper, we dive deep into the use of Python programming utilized as a web crawling tool to extract CVE records and display selected data of vulnerabilities based on parameters when requested by a user. Further functionalities can provide in-depth graphical display of fetched information, to derive upon a prediction, based on analyses for holistic prevention of future exploits.