Skip to content

sjvermeu/cvechecker

Repository files navigation

cvechecker

The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning a list of installed software and matching results with the CVE database. This is not a bullet-proof method and you will have many false positives (ie: vulnerability is fixed with a revision-release, but the tool isn't able to detect the revision itself), yet it is still better than nothing, especially if you are running a distribution with little security coverage.

Quickstart

  1. Initalize the SQLite3 Database

    # cvechecker -i
  2. Load CVE and version matching rules

    # pullcves pull
  3. Generate List of Files to scan

    $ find / -type f -perm -o+x > scanlist.txt
    $ echo /proc/version >> scanlist.txt
  4. Gather List of Installed Software/Versions

    $ cvechecker -b scanlist.txt
  5. Output Matching CVE Entries

    $ cvechecker -r

More detailed installation information available via the installation docs. The homepage for this project.

About

Command-line utility to scan the system and report on potential vulnerabilities, based on public CVE data

Resources

License

GPL-3.0, Unknown licenses found

Licenses found

GPL-3.0
LICENSE
Unknown
COPYING

Stars

Watchers

Forks

Packages

No packages published