Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/orhun/flawz

A Terminal UI for browsing security vulnerabilities (CVEs)
https://github.com/orhun/flawz

cve cve-search ratatui ratatui-rs rust security security-vulnerability terminal-ui terminal-user-interface tui vulnerability vulnerability-search

Last synced: about 2 months ago
JSON representation

A Terminal UI for browsing security vulnerabilities (CVEs)

Awesome Lists containing this project

README 

        





  




GitHub Release

Crate Release

Continuous Integration

Continuous Deployment

Documentation



---



**flawz** is a Terminal User Interface (TUI) for browsing the security vulnerabilities (also known as [CVEs](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)).






As default it uses the vulnerability database ([NVD](https://nvd.nist.gov)) from [NIST](https://www.nist.gov) and provides search and listing functionalities in the terminal with different theming options.



For example, to view details on the notorious [xz vulnerability](https://nvd.nist.gov/vuln/detail/CVE-2024-3094):



```sh

flawz --feeds 2024 --query xz

```



![demo](assets/demo.gif)



  Table of Contents



- [Installation](#installation)

  - [Cargo](#cargo)

  - [Arch Linux](#arch-linux)

  - [Alpine Linux](#alpine-linux)

  - [Homebrew](#homebrew)

  - [NetBSD](#netbsd)

  - [Binary releases](#binary-releases)

  - [Build from source](#build-from-source)

- [Usage](#usage)

- [Key bindings](#key-bindings)

- [Examples](#examples)

- [Themes](#themes)

  - [Dracula (default)](#dracula-default)

  - [Nord](#nord)

  - [One Dark](#one-dark)

  - [Solarized Dark](#solarized-dark)

  - [Gruvbox Light](#gruvbox-light)

- [Support](#support)

- [Contributing](#contributing)

- [License](#license)

- [Copyright](#copyright)



## Installation



  Packaging status



[![Packaging status](https://repology.org/badge/vertical-allrepos/flawz.svg)](https://repology.org/project/flawz/versions)



### Cargo



**flawz** can be installed from [crates.io](https://crates.io/crates/flawz) using [`cargo`](https://doc.rust-lang.org/cargo/) if [Rust](https://www.rust-lang.org/tools/install) is installed.



```sh

cargo install flawz

```



The minimum supported Rust version (MSRV) is `1.74.1`.



### Arch Linux



**flawz** can be installed from the [official repositories](https://archlinux.org/packages/extra/x86_64/flawz/) using [`pacman`](https://wiki.archlinux.org/title/Pacman):



```sh

pacman -S flawz

```



### Alpine Linux



**flawz** is available for [Alpine Edge](https://pkgs.alpinelinux.org/packages?name=flawz&branch=edge). It can be installed via [`apk`](https://wiki.alpinelinux.org/wiki/Alpine_Package_Keeper) after enabling the [testing repository](https://wiki.alpinelinux.org/wiki/Repositories).



```sh

apk add flawz

```



### Homebrew



**flawz** is available for macOS via [Homebrew](https://github.com/Homebrew/homebrew-core/blob/master/Formula/f/flawz.rb). It can be installed using [`brew`](https://brew.sh/)



```sh

brew install flawz

```



### Nixpkgs



**flawz** is available for Nix via [nixpkgs-unstable](https://github.com/NixOS/nixpkgs/blob/nixpkgs-unstable/pkgs/by-name/fl/flawz/package.nix) channel. To make it available in the environment, simply run:



```sh

nix-channel --add https://nixos.org/channels/nixpkgs-unstable

nix-channel --update nixpkgs

nix-env -iA nixpkgs.flawz

```



On [NixOS](https://nixos.org/nixos/):



```sh

nix-channel --add https://nixos.org/channels/nixos-unstable

nix-channel --update nixos

nix-env -iA nixos.flawz

```



Alternatively, if you're using the new experimental CLI, you can use the following:



```sh

nix run nixpkgs#flawz

```



### NetBSD



**flawz** is available from the [official repositories](https://pkgsrc.se/security/flawz). To install it, simply run:



```sh

pkgin install flawz

```



### Binary releases



See the available binaries for different targets from the [releases page](https://github.com/orhun/flawz/releases).



### Build from source



1. Clone the repository.



```sh

git clone https://github.com/orhun/flawz && cd flawz/

```



2. Build.



```sh

CARGO_TARGET_DIR=target cargo build --release

```



Binary will be located at `target/release/flawz`.



## Usage



```sh

flawz [OPTIONS]

```



**Options**:



```sh

  --url            A URL where NIST CVE 1.1 feeds can be found [env: URL=] [default:

                        https://nvd.nist.gov/feeds/json/cve/1.1/]

-f, --feeds [...]  List of feeds that are going to be synced [env: FEEDS=] [default: 2002:2024 recent

                        modified]

-d, --db              Path to the SQLite database used to store the synced CVE data [env: DB=]

-u, --force-update        Always fetch feeds

-o, --offline             Do not fetch feeds

-q, --query        Start with a search query [env: QUERY=]

-t, --theme        Set the theme [default: dracula] [possible values: dracula, nord, one-dark, solarized-dark, gruvbox-light]

-h, --help                Print help (see more with '--help')

-V, --version             Print version

```



## Key bindings



| Key          | Action      | Description                                 |

| ------------ | ----------- | ------------------------------------------- |

| `k` / `Up`   | Scroll Up   | Scroll up the list                          |

| `j` / `Down` | Scroll Down | Scroll down the list                        |

| `Enter`      | Select      | View the selected CVE details               |

| `/`          | Search      | Search for a CVE                            |

| `Space`      | Open        | Open the first CVE reference in the browser |

| `q`          | Quit        | Set computer on fire                        |



## Examples



To start with a specific search query:



```sh

flawz --query "buffer overflow"

```



You can use the `--feeds` option to sync specific years of feeds:



```sh

flawz --feeds 2010:2015 recent

```



Additionally, you can use the following flags:



- `--force-update`: Always fetch feeds, even if they are already up to date.

- `--offline`: Run without fetching feeds (useful if you have already synced the data):



For example, you can use the following command to search for a specific vulnerability from 2014:



```sh

flawz -q "CVE-2014-0160" -f 2014 --force-update

```



## Themes



Start `flawz` with `--theme` option to set a custom theme, e.g. `--theme nord`.



### Dracula (default)



![dracula](assets/theme-dracula.jpg)



### Nord



![nord](assets/theme-nord.jpg)



### One Dark



![one dark](assets/theme-one-dark.jpg)



### Solarized Dark



![solarized dark](assets/theme-solarized-dark.jpg)



### Gruvbox Light



![gruvbox light](assets/theme-gruvbox-light.jpg)



## Support



[![Support me on GitHub Sponsors](https://img.shields.io/github/sponsors/orhun?style=flat&logo=GitHub&labelColor=1D272B&color=819188&logoColor=white)](https://github.com/sponsors/orhun)



If you find **flawz** and/or other projects [on my GitHub](https://github.com/orhun) useful, consider supporting me on [GitHub Sponsors](https://github.com/sponsors/orhun)! πŸ’–



## Contributing



See our [Contribution Guide](./CONTRIBUTING.md) and please follow the [Code of Conduct](./CODE_OF_CONDUCT.md) in all your interactions with the project.



## License



[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg?style=flat&logo=GitHub&labelColor=1D272B&color=819188&logoColor=white)](./LICENSE-MIT)

[![License: Apache 2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg?style=flat&logo=GitHub&labelColor=1D272B&color=819188&logoColor=white)](./LICENSE-APACHE)



Licensed under either of [Apache License Version 2.0](./LICENSE-APACHE) or [The MIT License](./LICENSE-MIT) at your option.



πŸ¦€ γƒŽ( ΒΊ \_ ΒΊ γƒŽ) - respect crables!



## Copyright



Copyright Β© 2024, [Orhun ParmaksΔ±z](mailto:[email protected])