Awesome
<div align="center"> <a href="https://github.com/orhun/flawz"> <img src="assets/flawz-logo.png" width="600"> </a><a href="https://github.com/orhun/flawz/releases"><img src="https://img.shields.io/github/v/release/orhun/flawz?style=flat&labelColor=171717&color=47304d&logo=GitHub&logoColor=white" alt="GitHub Release"></a> <a href="https://crates.io/crates/flawz/"><img src="https://img.shields.io/crates/v/flawz?style=flat&labelColor=171717&color=47304d&logo=Rust&logoColor=white" alt="Crate Release"></a> <a href="https://github.com/orhun/flawz/actions?query=workflow%3A%22Continuous+Integration%22"><img src="https://img.shields.io/github/actions/workflow/status/orhun/flawz/ci.yml?branch=main&style=flat&labelColor=171717&color=47304d&logo=GitHub%20Actions&logoColor=white" alt="Continuous Integration"></a> <a href="https://github.com/orhun/flawz/actions?query=workflow%3A%22Release%22"><img src="https://img.shields.io/github/actions/workflow/status/orhun/flawz/release.yml?style=flat&labelColor=171717&color=47304d&logo=GitHub%20Actions&logoColor=white&label=release" alt="Continuous Deployment"></a> <a href="https://docs.rs/flawz/"><img src="https://img.shields.io/docsrs/flawz?style=flat&labelColor=171717&color=47304d&logo=Rust&logoColor=white" alt="Documentation"></a>
flawz is a Terminal User Interface (TUI) for browsing the security vulnerabilities (also known as CVEs).
</div>As default it uses the vulnerability database (NVD) from NIST and provides search and listing functionalities in the terminal with different theming options.
For example, to view details on the notorious xz vulnerability:
flawz --feeds 2024 --query xz
<details>
<summary>Table of Contents</summary>
<!-- vim-markdown-toc GFM -->
<!-- vim-markdown-toc -->
</details>
Installation
<details> <summary>Packaging status</summary> </details>Cargo
flawz can be installed from crates.io using cargo
if Rust is installed.
cargo install --locked flawz
The minimum supported Rust version (MSRV) is 1.74.1
.
[!NOTE] You need to have SQLite 3 development files installed. On Debian and its derivates you can do so with the following command:
sudo apt install libsqlite3-dev
Arch Linux
flawz can be installed from the official repositories using pacman
:
pacman -S flawz
Alpine Linux
flawz is available for Alpine Edge. It can be installed via apk
after enabling the testing repository.
apk add flawz
Homebrew
flawz is available for macOS via Homebrew. It can be installed using brew
brew install flawz
Nixpkgs
flawz is available for Nix via nixpkgs-unstable channel. To make it available in the environment, simply run:
nix-channel --add https://nixos.org/channels/nixpkgs-unstable
nix-channel --update nixpkgs
nix-env -iA nixpkgs.flawz
On NixOS:
nix-channel --add https://nixos.org/channels/nixos-unstable
nix-channel --update nixos
nix-env -iA nixos.flawz
Alternatively, if you're using the new experimental CLI, you can use the following:
nix run nixpkgs#flawz
NetBSD
flawz is available from the official repositories. To install it, simply run:
pkgin install flawz
Binary releases
See the available binaries for different targets from the releases page.
Build from source
- Clone the repository.
git clone https://github.com/orhun/flawz && cd flawz/
- Build.
CARGO_TARGET_DIR=target cargo build --release
Binary will be located at target/release/flawz
.
Usage
flawz [OPTIONS]
Options:
--url <URL> A URL where NIST CVE 1.1 feeds can be found [env: URL=] [default:
https://nvd.nist.gov/feeds/json/cve/1.1/]
-f, --feeds [<FEEDS>...] List of feeds that are going to be synced [env: FEEDS=] [default: 2002:2024 recent
modified]
-d, --db <DB> Path to the SQLite database used to store the synced CVE data [env: DB=]
-u, --force-update Always fetch feeds
-o, --offline Do not fetch feeds
-q, --query <QUERY> Start with a search query [env: QUERY=]
-t, --theme <THEME> Set the theme [default: dracula] [possible values: dracula, nord, one-dark, solarized-dark, gruvbox-light, gruvbox-material-dark-hard]
-h, --help Print help (see more with '--help')
-V, --version Print version
Key bindings
Key | Action | Description |
---|---|---|
k / Up | Scroll Up | Scroll up the list |
j / Down | Scroll Down | Scroll down the list |
Enter | Select | View the selected CVE details |
/ | Search | Search for a CVE |
Space | Open | Open the first CVE reference in the browser |
q | Quit | Set computer on fire |
Examples
To start with a specific search query:
flawz --query "buffer overflow"
You can use the --feeds
option to sync specific years of feeds:
flawz --feeds 2010:2015 recent
Additionally, you can use the following flags:
--force-update
: Always fetch feeds, even if they are already up to date.--offline
: Run without fetching feeds (useful if you have already synced the data):
For example, you can use the following command to search for a specific vulnerability from 2014:
flawz -q "CVE-2014-0160" -f 2014 --force-update
Themes
Start flawz
with --theme
option to set a custom theme, e.g. --theme nord
.
Dracula (default)
Nord
One Dark
Solarized Dark
Gruvbox Light
Gruvbox Material Dark Hard
Support
If you find flawz and/or other projects on my GitHub useful, consider supporting me on GitHub Sponsors! 💖
Contributing
See our Contribution Guide and please follow the Code of Conduct in all your interactions with the project.
License
Licensed under either of Apache License Version 2.0 or The MIT License at your option.
🦀 ノ( º _ º ノ) - respect crables!
Copyright
Copyright © 2024, Orhun Parmaksız