shodan_idb: enrich CVE findings with severity and CVSS

[liquidsec]

Summary

• shodan_idb's possible-vulnerability FINDINGs were emitted with severity MEDIUM and a description that listed only CVE IDs and no host. This change fetches per-CVE severity and CVSS from Shodan's CVEDB (no API key) and renders them inline in the description, sorted highest-CVSS first.
• The FINDING's overall severity is hard-coded to INFO since shodan_idb only matches Shodan banners and does not confirm exploitability — escalating to CRITICAL based on a banner-derived CVE list is misleading.
• CVE detail lookups are cached per-scan (in-memory on the module instance) so repeat occurrences across hosts don't trigger duplicate requests.

Example FINDING (live scan against a host with 17 OpenSSH CVEs):

Severity: [INFO] Confidence: [LOW] Shodan reported possible vulnerabilities for 192.35.79.229: CVE-2023-38408 [CRITICAL, 9.8], CVE-2008-3844 [CRITICAL, 9.3], CVE-2024-6387 [HIGH, 8.1], CVE-2026-35385 [HIGH, 7.5], ...

[github-actions]

📊 Performance Benchmark Report

Comparing dev (baseline) vs shodan-cve-enrichment (current)

📈 Detailed Results (All Benchmarks)

📋 Complete results for all benchmarks - includes both significant and insignificant changes

🧪 Test Name	📏 Base	📏 Current	📈 Change	🎯 Status
Bloom Filter Dns Mutation Tracking Performance	4.26ms	4.22ms	-1.0% ⚪	✅
Bloom Filter Large Scale Dns Brute Force	17.80ms	17.60ms	-1.1% ⚪	✅
Large Closest Match Lookup	351.74ms	352.02ms	+0.1% ⚪	✅
Realistic Closest Match Workload	187.87ms	188.63ms	+0.4% ⚪	✅
Event Memory Medium Scan	1784 B/event	1783 B/event	-0.1% ⚪	✅
Event Memory Large Scan	1768 B/event	1768 B/event	+0.0% ⚪	✅
Event Validation Full Scan Startup Small Batch	426.34ms	421.81ms	-1.1% ⚪	✅
Event Validation Full Scan Startup Large Batch	574.35ms	590.58ms	+2.8% ⚪	✅
Make Event Autodetection Small	30.60ms	30.93ms	+1.1% ⚪	✅
Make Event Autodetection Large	315.72ms	313.06ms	-0.8% ⚪	✅
Make Event Explicit Types	13.73ms	13.92ms	+1.4% ⚪	✅
Excavate Single Thread Small	4.043s	4.045s	+0.0% ⚪	✅
Excavate Single Thread Large	9.844s	9.701s	-1.5% ⚪	✅
Excavate Parallel Tasks Small	4.195s	4.272s	+1.8% ⚪	✅
Excavate Parallel Tasks Large	7.325s	7.423s	+1.3% ⚪	✅
Is Ip Performance	3.17ms	3.19ms	+0.6% ⚪	✅
Make Ip Type Performance	11.61ms	11.48ms	-1.0% ⚪	✅
Mixed Ip Operations	4.56ms	4.52ms	-0.9% ⚪	✅
Memory Use Web Crawl	52.0 MB	46.4 MB	-10.8% 🟢🟢	🚀
Memory Use Subdomain Enum	19.4 MB	19.4 MB	+0.0% ⚪	✅
Scan Throughput 100	8.059s	7.750s	-3.8% ⚪	✅
Scan Throughput 1000	39.087s	37.593s	-3.8% ⚪	✅
Typical Queue Shuffle	64.27µs	66.58µs	+3.6% ⚪	✅
Priority Queue Shuffle	739.20µs	734.23µs	-0.7% ⚪	✅

🎯 Performance Summary

+ 1 improvement 🚀
  23 unchanged ✅

🔍 Significant Changes (>10%)

• Memory Use Web Crawl: 10.8% 🚀 less memory

---

🐍 Python Version 3.11.15

[codecov]

Codecov Report

❌ Patch coverage is 89.55224% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 91%. Comparing base (620bb82) to head (b2fb240).

Files with missing lines	Patch %	Lines
bbot/modules/shodan_idb.py	86%	7 Missing ⚠️

Additional details and impacted files

@@          Coverage Diff          @@
##             dev   #3082   +/-   ##
=====================================
- Coverage     91%     91%   -0%     
=====================================
  Files        439     439           
  Lines      37533   37598   +65     
=====================================
+ Hits       33940   33993   +53     
- Misses      3593    3605   +12     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.