https://github.com/kulkansecurity/mindthegap
A Python-based tool specifically designed for users to identify the "patch gap" in their Ubuntu release - the delay between the disclosure of a vulnerability and the patch release. By querying Ubuntu's CVE system, it provides a clearer picture of the current security standing of different Ubuntu versions.
https://github.com/kulkansecurity/mindthegap
cve patchgap security ubuntu
Last synced: about 2 months ago
JSON representation
A Python-based tool specifically designed for users to identify the "patch gap" in their Ubuntu release - the delay between the disclosure of a vulnerability and the patch release. By querying Ubuntu's CVE system, it provides a clearer picture of the current security standing of different Ubuntu versions.
- Host: GitHub
- URL: https://github.com/kulkansecurity/mindthegap
- Owner: kulkansecurity
- License: agpl-3.0
- Created: 2024-03-12T16:22:56.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2024-03-12T17:23:49.000Z (about 1 year ago)
- Last Synced: 2025-01-21T13:38:48.900Z (3 months ago)
- Topics: cve, patchgap, security, ubuntu
- Language: Python
- Homepage: https://blog.kulkan.com/
- Size: 477 KB
- Stars: 3
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Mind The Gap
Mind The Gap is a Python-based tool specifically designed for users to identify the "patch gap" in their Ubuntu release - the delay between the disclosure of a vulnerability and the patch release. By querying Ubuntu's CVE system, it provides a clearer picture of the current security standing of different Ubuntu versions.
More on Ubuntu's patch gap and an introduction to Mind The Gap is available at:
- https://blog.kulkan.com/measuring-the-ubuntu-patch-gap-with-mind-the-gap-ccac07e1391b
## Introduction
In the dynamic world of software vulnerabilities, staying ahead of attackers is crucial. Mind The Gap was developed out of a personal experience with a vulnerability that was re-discovered although it had already been patched. This tool aims to highlight the patch gap in Ubuntu systems, providing users with actionable data to mitigate risks.
## Key Features:
- **CVE Reporting**: Prints out active Common Vulnerabilities and Exposures (CVEs) for a given Ubuntu version along with the number of days elapsed since their publication.
- **Patch Gap Statistics**: Provides basic statistics on the Patch Gap, helping users understand the security posture of their systems.
- **Customizable Filters**: Supports command-line tweaks to focus on specific priorities (e.g., critical, high) or statuses (e.g., needs-triage, needed, pending).
## Prerequisites:
- Python 3.x
- \`requests\` Python package
## Installation:
1. Clone this repository or download \`mindthegap.py\`.
2. Install the necessary Python packages:
```
pip install requests
```
## Usage:
Here is how to use Mind The Gap:
1. To check active CVEs for the current Ubuntu version:
```
./mindthegap.py
```
2. To specify an Ubuntu version:
```
./mindthegap.py -version [version_codename]
```
3. To focus on specific priorities or statuses:
```
./mindthegap.py -priority critical -status released
```
4. For a silent mode that prints only stats:
```
./mindthegap.py -silent
```
5. To include CVE descriptions in the output:
```
./mindthegap.py -description
```
A few sample screen captures:
## Disclaimer:
- Mind The Gap was developed for educational and security assessment purposes. Do not use this tool for illegal activities.
## Acknowledgments:
- The Ubuntu security team for maintaining the CVE database and a transparent process:
https://ubuntu.com/security/cves - https://code.launchpad.net/ubuntu-cve-tracker