A script to convert Vulnerability Rating Taxonomy (VRT) categories to human-readable Common Weakness Enumeration (CWE) names.
This script reads an input CSV containing one column of VRT category identifiers (ex: cross_site_scripting_xss.stored.url_based), fetches the latest VRT→CWE mapping and any deprecated-node updates from Bugcrowd’s VRT repository on GitHub, and downloads the latest CWE catalog from MITRE to resolve CWE IDs to names. The output CSV includes all original columns plus a new CWE column with a string of the first mapped CWE name (or blank if none).
This script will take weaknesses in exported bug bounty data and prepare it in a format ready to be imported.
- Automatically fetches the latest VRT→CWE mapping and deprecated-node mapping from Bugcrowd’s VRT repository on GitHub
- Downloads the latest CWE catalog from MITRE's website to map CWE IDs to names
- Handles hierarchical VRT categories and falls back to parent or default mappings
- Appends a
CWEcolumn with the first CWE name per vulnerability
- Python 3.7+
- requests
Install dependencies:
pip install -r requirements.txtpython vrt2cwe.py <input_csv> <output_csv> <vrt_column>Arguments:
<input_csv>: Path to the input CSV file containing VRT categories.<output_csv>: Path where the converted CSV with CWE names will be saved.<vrt_column>: Name of the column in the input CSV holding the VRT category identifiers.
Example:
python vrt2cwe.py test_input_file.csv out.csv weakness_nameThe script writes <output_csv> with all original fields plus a new CWE column containing the first mapped CWE name (or blank if no mapping).
This project is licensed under the MIT License. See the LICENSE file for details.