cvechecker

The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning a list of installed software and matching results with the CVE database. This is not a bullet-proof method and you will have many false positives (ie: vulnerability is fixed with a revision-release, but the tool isn't able to detect the revision itself), yet it is still better than nothing, especially if you are running a distribution with little security coverage.

Quickstart

Initalize the SQLite3 Database
```
# cvechecker -i
```
Load CVE and version matching rules
```
# pullcves pull
```

Generate List of Files to scan

$ find / -type f -perm -o+x > scanlist.txt
$ echo /proc/version >> scanlist.txt

Gather List of Installed Software/Versions
```
$ cvechecker -b scanlist.txt
```
Output Matching CVE Entries
```
$ cvechecker -r
```

More detailed installation information available via the installation docs. The homepage for this project.

About

Command-line utility to scan the system and report on potential vulnerabilities, based on public CVE data

GNU General Public License v3.0

Languages

Language:C 82.9%Language:Shell 6.7%Language:XSLT 4.7%Language:Perl 2.2%Language:Makefile 1.2%Language:M4 1.1%Language:CSS 0.9%Language:Vim Script 0.1%Language:Awk 0.1%