A tool that checks installed packages and versions against the National Vulnerability Database (NVD) and outputs the resulting vulnerabilities as a csv file.
Install the dependencies using the requirements.txt file, run:
pip install -r requirements.txt
Clone the git repository using:
git clone https://github.com/r-wisniewski/Vulnerability-Check.git <target directory>
To check your machine for vulnerabilities, simply run:
>> python main.py
Progress: 1%|▋ | 12/1859 [00:02<04:54, 6.27it/s]
Upon completing the scan successfully, a .csv file will be present in the /..../Vulnerability-Check directory named .csv. The CSV will be populated with vulnerable packages along with some information. An example of what you may expect to see as an output is shown below:
| Package | Version | CVE ID | Severity | Score | Description | CWE ID | National Vulnerability Database Link |
|---|---|---|---|---|---|---|---|
| Java | 5.0.16.2 | CVE-2014-3068 | Medium | 6.4 | IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack. | CWE-255 | https://nvd.nist.gov/vuln/detail/CVE-2014-3068 |