Command-line utility to scan the system and report on potential vulnerabilities, based on public CVE data
C Shell XSLT Perl Makefile M4 Other
Switch branches/tags
Nothing to show
Clone or download
sjvermeu Merge pull request #28 from DerDakon/ignore-invalid
skip lines with invalid cpe types in pullcves
Latest commit 0f1ae26 May 4, 2017

README.md

cvechecker

The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning a list of installed software and matching results with the CVE database. This is not a bullet-proof method and you will have many false positives (ie: vulnerability is fixed with a revision-release, but the tool isn't able to detect the revision itself), yet it is still better than nothing, especially if you are running a distribution with little security coverage.

Quickstart


  1. Initalize the SQLite3 Database
    ~# cvechecker -i

  2. Load CVE and version matching rules
    ~$ pullcves pull

  3. Generate List of Files to scan
    ~$ find / -type f -perm -o+x > scanlist.txt ~$ echo "/proc/version" >> scanlist.txt

  4. Gather List of Installed Software/Versions
    ~$ cvechecker -b scanlist.txt

  5. Output Matching CVE Entries
    ~$ cvechecker -r

More detailed installation information available via the installation docs.
The homepage for this project.