A cmdline tool for VulnCheck KEV.
It is a community resource that enables security teams to manage vulnerabilities and risk with additional context and evidence-based validation.
For more information, see https://vulncheck.com/kev
Install and activate the virtual environment:
$ git clone git@github.com:myseq/vcheck-cli.git
$ cd vcheck-cli
$ python3 -m venv .venvhttps://myseq.github.io/posts/python_with_try_finally/
$ source .venv/bin/activate
$
$ pip install -r requirements.txtThe VulnCheck platform uses a token system to allow access. You must obtain a VulnCheck API token in order to use the VulnCheck KEV service.
Just following the instruction at VulnCheck to Register for Access.
Then save the token at a safe place. And follow by setup your VulnCheck token for the tool:
$ export VC_TOKEN="<insert your VulnCheck token here"To show the simple help screen:
$ ./main.py -h
usage: main.py [-h] [-e <cve> [<cve> ...]] [-v]
A cmdline tool for VulnCheck KEV. (https://vulncheck.com/browse/kev)
options:
-h, --help show this help message and exit
-e <cve> [<cve> ...] Specifying CVEs
-v verbose output
VulnCheck KEV
It is a community resource that enables security teams to manage
vulnerabilities and risk with additional context and evidence-based
validation.
For more information, see https://vulncheck.com/kev
To search a CVE:
$ ./main.py -ve cve-2024-1709To exit the virtual environment:
$ deactivate- [ 2024.03.11 ] : Create the token.
- [ 2024.03.16 ] : Download zip file successfully.
- [ 2024.03.17 ] : Extract JSON and load into a list (vcdata). Search by CVE.
- MySeq blog post