Awesome

cvechecker

The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning a list of installed software and matching results with the CVE database. This is not a bullet-proof method and you will have many false positives (ie: vulnerability is fixed with a revision-release, but the tool isn't able to detect the revision itself), yet it is still better than nothing, especially if you are running a distribution with little security coverage.

Quickstart

1. Initalize the SQLite3 Database

   # cvechecker -i
   

2. Load CVE and version matching rules

   # pullcves pull
   

3. Generate List of Files to scan

   $ find / -type f -perm -o+x > scanlist.txt
   $ echo /proc/version >> scanlist.txt
   

4. Gather List of Installed Software/Versions

   $ cvechecker -b scanlist.txt
   

5. Output Matching CVE Entries

   $ cvechecker -r
   

More detailed installation information available via the installation docs. The homepage for this project.