Skip to content
This repository has been archived by the owner on Nov 7, 2024. It is now read-only.

LairdCP/cve-checker

BranchesTags
 
 

Repository files navigation

NIST CVE library search engine. Provide your project's list of software packages, libraries, and any module used to create your product. This tool will use your list to search tousands of NIST CVE entries to find any known issues. Knowledge is half the battle, so use this to automate the search for software items that could have outstanding issues needed a patch.

How does it wor? It is a simple python script used to parse your provided list of software modules (packages, libraries and so on) against a database of known software vulnerabilities. The vulnerabilities are the NIST provided CVE issues. The script download.xml gathers an updated database from NIST and stores it locally. Then run the cli.py script with your software to parse through the entire database. The output is an XML file showing the matching CVE's.

Fair warning it uses some specific python libraries so your are BEST served by creating a local directory with a virtual python envionrment to protect your machine. Trust me.

To get this working you will need to download a copy of the NVD here: https://nvd.nist.gov/download.cfm#CVE_FEED and put the xml files in the dbs folder.

run package-cve-lookup -h for more information on using the command line interface.

About

CVE Vulnerability scanner

devicevulnerabilitychecker.com

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

9 stars

Watchers

9 watching

Forks

4 forks
Report repository

Releases

180 tags

Packages

No packages published

Languages

  • Python 61.8%
  • HTML 35.9%
  • Shell 2.3%