Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/orhun/flawz
A Terminal UI for browsing security vulnerabilities (CVEs)
https://github.com/orhun/flawz
cve cve-search ratatui ratatui-rs rust security security-vulnerability terminal-ui terminal-user-interface tui vulnerability vulnerability-search
Last synced: 1 day ago
JSON representation
A Terminal UI for browsing security vulnerabilities (CVEs)
- Host: GitHub
- URL: https://github.com/orhun/flawz
- Owner: orhun
- License: apache-2.0
- Created: 2024-05-15T17:09:59.000Z (7 months ago)
- Default Branch: main
- Last Pushed: 2024-12-09T07:11:13.000Z (12 days ago)
- Last Synced: 2024-12-13T09:00:27.831Z (8 days ago)
- Topics: cve, cve-search, ratatui, ratatui-rs, rust, security, security-vulnerability, terminal-ui, terminal-user-interface, tui, vulnerability, vulnerability-search
- Language: Rust
- Homepage:
- Size: 6.91 MB
- Stars: 422
- Watchers: 3
- Forks: 13
- Open Issues: 11
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE-APACHE
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md
Awesome Lists containing this project
- awesome-ratatui - flawz - A TUI for browsing security vulnerabilities (CVEs). (π» Apps / π Productivity and Utilities)
README
---
**flawz** is a Terminal User Interface (TUI) for browsing the security vulnerabilities (also known as [CVEs](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)).
As default it uses the vulnerability database ([NVD](https://nvd.nist.gov)) from [NIST](https://www.nist.gov) and provides search and listing functionalities in the terminal with different theming options.
For example, to view details on the notorious [xz vulnerability](https://nvd.nist.gov/vuln/detail/CVE-2024-3094):
```sh
flawz --feeds 2024 --query xz
```
Table of Contents
- [Installation](#installation)
- [Cargo](#cargo)
- [Arch Linux](#arch-linux)
- [Alpine Linux](#alpine-linux)
- [Homebrew](#homebrew)
- [NetBSD](#netbsd)
- [Binary releases](#binary-releases)
- [Build from source](#build-from-source)
- [Usage](#usage)
- [Key bindings](#key-bindings)
- [Examples](#examples)
- [Themes](#themes)
- [Dracula (default)](#dracula-default)
- [Nord](#nord)
- [One Dark](#one-dark)
- [Solarized Dark](#solarized-dark)
- [Gruvbox Light](#gruvbox-light)
- [Gruvbox Material Dark Hard](#gruvbox-material-dark-hard)
- [Support](#support)
- [Contributing](#contributing)
- [License](#license)
- [Copyright](#copyright)
## Installation
Packaging status
[](https://repology.org/project/flawz/versions)
### Cargo
**flawz** can be installed from [crates.io](https://crates.io/crates/flawz) using [`cargo`](https://doc.rust-lang.org/cargo/) if [Rust](https://www.rust-lang.org/tools/install) is installed.
```sh
cargo install --locked flawz
```
The minimum supported Rust version (MSRV) is `1.74.1`.
> [!NOTE]
> You need to have SQLite 3 development files installed. On Debian and its derivates you can do so with the following command:
>
> ```sh
> sudo apt install libsqlite3-dev
> ```
### Arch Linux
**flawz** can be installed from the [official repositories](https://archlinux.org/packages/extra/x86_64/flawz/) using [`pacman`](https://wiki.archlinux.org/title/Pacman):
```sh
pacman -S flawz
```
### Alpine Linux
**flawz** is available for [Alpine Edge](https://pkgs.alpinelinux.org/packages?name=flawz&branch=edge). It can be installed via [`apk`](https://wiki.alpinelinux.org/wiki/Alpine_Package_Keeper) after enabling the [testing repository](https://wiki.alpinelinux.org/wiki/Repositories).
```sh
apk add flawz
```
### Homebrew
**flawz** is available for macOS via [Homebrew](https://github.com/Homebrew/homebrew-core/blob/master/Formula/f/flawz.rb). It can be installed using [`brew`](https://brew.sh/)
```sh
brew install flawz
```
### Nixpkgs
**flawz** is available for Nix via [nixpkgs-unstable](https://github.com/NixOS/nixpkgs/blob/nixpkgs-unstable/pkgs/by-name/fl/flawz/package.nix) channel. To make it available in the environment, simply run:
```sh
nix-channel --add https://nixos.org/channels/nixpkgs-unstable
nix-channel --update nixpkgs
nix-env -iA nixpkgs.flawz
```
On [NixOS](https://nixos.org/nixos/):
```sh
nix-channel --add https://nixos.org/channels/nixos-unstable
nix-channel --update nixos
nix-env -iA nixos.flawz
```
Alternatively, if you're using the new experimental CLI, you can use the following:
```sh
nix run nixpkgs#flawz
```
### NetBSD
**flawz** is available from the [official repositories](https://pkgsrc.se/security/flawz). To install it, simply run:
```sh
pkgin install flawz
```
### Binary releases
See the available binaries for different targets from the [releases page](https://github.com/orhun/flawz/releases).
### Build from source
1. Clone the repository.
```sh
git clone https://github.com/orhun/flawz && cd flawz/
```
2. Build.
```sh
CARGO_TARGET_DIR=target cargo build --release
```
Binary will be located at `target/release/flawz`.
## Usage
```sh
flawz [OPTIONS]
```
**Options**:
```sh
--url A URL where NIST CVE 1.1 feeds can be found [env: URL=] [default:
https://nvd.nist.gov/feeds/json/cve/1.1/]
-f, --feeds [...] List of feeds that are going to be synced [env: FEEDS=] [default: 2002:2024 recent
modified]
-d, --db Path to the SQLite database used to store the synced CVE data [env: DB=]
-u, --force-update Always fetch feeds
-o, --offline Do not fetch feeds
-q, --query Start with a search query [env: QUERY=]
-t, --theme Set the theme [default: dracula] [possible values: dracula, nord, one-dark, solarized-dark, gruvbox-light, gruvbox-material-dark-hard]
-h, --help Print help (see more with '--help')
-V, --version Print version
```
## Key bindings
| Key | Action | Description |
| ------------ | ----------- | ------------------------------------------- |
| `k` / `Up` | Scroll Up | Scroll up the list |
| `j` / `Down` | Scroll Down | Scroll down the list |
| `Enter` | Select | View the selected CVE details |
| `/` | Search | Search for a CVE |
| `Space` | Open | Open the first CVE reference in the browser |
| `q` | Quit | Set computer on fire |
## Examples
To start with a specific search query:
```sh
flawz --query "buffer overflow"
```
You can use the `--feeds` option to sync specific years of feeds:
```sh
flawz --feeds 2010:2015 recent
```
Additionally, you can use the following flags:
- `--force-update`: Always fetch feeds, even if they are already up to date.
- `--offline`: Run without fetching feeds (useful if you have already synced the data):
For example, you can use the following command to search for a specific vulnerability from 2014:
```sh
flawz -q "CVE-2014-0160" -f 2014 --force-update
```
## Themes
Start `flawz` with `--theme` option to set a custom theme, e.g. `--theme nord`.
### Dracula (default)
### Nord
### One Dark
### Solarized Dark
### Gruvbox Light
### Gruvbox Material Dark Hard
## Support
[](https://github.com/sponsors/orhun)
If you find **flawz** and/or other projects [on my GitHub](https://github.com/orhun) useful, consider supporting me on [GitHub Sponsors](https://github.com/sponsors/orhun)! π
## Contributing
See our [Contribution Guide](./CONTRIBUTING.md) and please follow the [Code of Conduct](./CODE_OF_CONDUCT.md) in all your interactions with the project.
## License
[](./LICENSE-MIT)
[](./LICENSE-APACHE)
Licensed under either of [Apache License Version 2.0](./LICENSE-APACHE) or [The MIT License](./LICENSE-MIT) at your option.
π¦ γ( ΒΊ \_ ΒΊ γ) - respect crables!
## Copyright
Copyright Β© 2024, [Orhun ParmaksΔ±z](mailto:[email protected])