Skip to content
master
Switch branches/tags
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
src
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

cvechecker

The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning a list of installed software and matching results with the CVE database. This is not a bullet-proof method and you will have many false positives (ie: vulnerability is fixed with a revision-release, but the tool isn't able to detect the revision itself), yet it is still better than nothing, especially if you are running a distribution with little security coverage.

Quickstart

  1. Initalize the SQLite3 Database

    # cvechecker -i
  2. Load CVE and version matching rules

    # pullcves pull
  3. Generate List of Files to scan

    $ find / -type f -perm -o+x > scanlist.txt
    $ echo /proc/version >> scanlist.txt
  4. Gather List of Installed Software/Versions

    $ cvechecker -b scanlist.txt
  5. Output Matching CVE Entries

    $ cvechecker -r

More detailed installation information available via the installation docs. The homepage for this project.

About

Command-line utility to scan the system and report on potential vulnerabilities, based on public CVE data

Resources

License

Packages

No packages published