Overview As a Cloud Security Engineer, I often found it challenging to manually scan Linux servers for CVEs in installed packages. Keeping track of vulnerabilities across various packages and distributions was time-consuming and error-prone. To address this issue, I created CVE-SCANNER, a simple Python tool that automates the process of scanning installed packages for CVEs on Debian and RedHat Linux systems. CVE-SCANNER fetches real-time CVE data from the National Vulnerability Database (NVD) maintained by NIST, ensuring that you have the latest information on vulnerabilities affecting your system.
Features Easy-to-Use: CVE-SCANNER is designed to be user-friendly. You can run it via the command line interface (CLI) with simple commands. Package Specific Scan: Scan for CVEs in a specific package by providing its name, e.g., CVE-SCANNER.py -s "apache". Output Formats: Generate reports in JSON or HTML format by using the --json or --html flags. Full System Scan: Perform a scan for all installed packages without specifying a specific package name, e.g., CVE-SCANNER.py --json or CVE-SCANNER.py --html. The output will show the following:
- The package name which the CVE was found for.
- The current package version installed,
- The CVE-ID, according to NIST's NVD.
- A short description related to the CVE.
- A severity level (from LOW to CRITICAL).
- Root privileges to install the desired pip packages
- Python 3
- Pip
- Python libraries: BeautifulSoup and requests You can install the required Python libraries by running the following command:
pip install -r requirements.txt
Here are some examples of how to use CVE-SCANNER:
python3 cve-scanner-debian.py --help
usage: cve-scanner-debian.py [-h] [--html] [--json] [-s SEARCH]
Scan all installed packages for CVEs and export results in HTML or JSON format.
optional arguments:
-h, --help show this help message and exit
--html Export results in HTML format.
--json Export results in JSON format.
-s SEARCH, --search SEARCH
Search for CVEs related to a specific package.
python3 CVE-SCANNER.py -s "apache" --json
CVE-SCANNER.py -s "apache" --html
Perform a full system scan and generate a JSON report:
python3 CVE-SCANNER.py --json
Perform a full system scan and generate an HTML report:
python3 CVE-SCANNER.py --html
CVE-SCANNER is provided for educational and informational purposes only. It is not a substitute for professional security assessments and should not be used as the sole tool for making security decisions. The accuracy and completeness of CVE data can vary, and false negatives or positives may occur. Always exercise caution and perform comprehensive security assessments when evaluating the security of your systems. Use CVE-SCANNER responsibly and at your own risk.
This project is licensed under the MIT License - see the LICENSE file for details.