Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/circl/fedivuln
A client to gather vulnerability-related information from the Fediverse.
https://github.com/circl/fedivuln
cve fediverse mastodon vulnerability
Last synced: about 2 months ago
JSON representation
A client to gather vulnerability-related information from the Fediverse.
- Host: GitHub
- URL: https://github.com/circl/fedivuln
- Owner: CIRCL
- License: gpl-3.0
- Created: 2024-10-28T08:31:02.000Z (about 2 months ago)
- Default Branch: main
- Last Pushed: 2024-11-05T08:21:50.000Z (about 2 months ago)
- Last Synced: 2024-11-05T08:37:32.999Z (about 2 months ago)
- Topics: cve, fediverse, mastodon, vulnerability
- Language: Python
- Homepage: https://social.circl.lu/@vulnerability_collector
- Size: 71.3 KB
- Stars: 3
- Watchers: 8
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: COPYING
Awesome Lists containing this project
README
# FediVuln
A client to gather vulnerability-related information from the Fediverse.
## Usage
### Installation
[pipx](https://github.com/pypa/pipx) is an easy way to install and run Python applications in isolated environments.
It's easy to [install](https://github.com/pypa/pipx?tab=readme-ov-file#on-linux).```bash
$ pipx install FediVuln
$ export FEDIVULN_CONFIG=~/.FediVuln/conf.py
```The configuration for FediVuln should be defined in a Python file (e.g., ``~/.FediVuln/conf.py``).
You must then set an environment variable (``FEDIVULN_CONFIG``) with the full path to this file.You can have a look at [this example](https://github.com/CIRCL/FediVuln/blob/main/fedivuln/conf_sample.py) of configuration.
### Register your application
```bash
$ FediVuln-Register
```This script uses OAuth in order to retrieve the access token. This is achieved in several steps.
- Register the application with Mastodon instance, a including all necessary scopes
- Instantiate Mastodon client with client credentials
- Log in - Generate authorization URL with the exact same scopes
- Once the user authorizes, prompt for the authorization code
- Use the authorization code to retrieve the access token, with the same scopesYou only have to execute it once.
### Streaming
```bash
$ FediVuln-Stream --user --sighting
```Using the ``--sighting`` argument, detected vulnerability IDs will be recorded in
[Vulnerability Lookup](https://github.com/cve-search/vulnerability-lookup) as
[sightings](https://vulnerability-lookup.readthedocs.io/en/latest/sightings.html).### Publishing
WIP.
```bash
$ python publish.py
```## License
[FediVuln](https://github.com/CIRCL/FediVuln) is licensed under
[GNU General Public License version 3](https://www.gnu.org/licenses/gpl-3.0.html)~~~
Copyright (c) 2024 Computer Incident Response Center Luxembourg (CIRCL)
Copyright (C) 2024 Cédric Bonhomme - https://github.com/cedricbonhomme
~~~