https://github.com/plazmaz/cvestack
Scan products in your stack for known vulnerabilities
https://github.com/plazmaz/cvestack
cve cve-scanning infosec nvd python security security-tools vulnerability
Last synced: 10 days ago
JSON representation
Scan products in your stack for known vulnerabilities
- Host: GitHub
- URL: https://github.com/plazmaz/cvestack
- Owner: Plazmaz
- License: mit
- Created: 2018-04-17T03:55:19.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2023-05-22T22:28:51.000Z (almost 2 years ago)
- Last Synced: 2025-04-02T06:43:08.426Z (about 1 month ago)
- Topics: cve, cve-scanning, infosec, nvd, python, security, security-tools, vulnerability
- Language: Python
- Size: 32.2 KB
- Stars: 11
- Watchers: 2
- Forks: 8
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
## CVEStack
_An example message_
Scans feeds for various elements within the stack, then posts to various sources. Currently syslog, RSS, and slack are supported.. Supports a pip-style format. For instance, this file:
```
linux
wordpress
````
Will post to output(s) for any new (or recently updated) CVEs matching `linux` or `wordpress`.
You can use `__` to determine left or right padding on a per-pattern basis. For instance, `__py` would match ' testpy', but not 'testpy '. Similarly, `py__` would match 'testpy ', but not ' testpy'.
You can also specify required combinations of keywords. For instance,
`linux & kernel`
will require that an entry contains both `linux` and `kernel`.
You can also set required keywords to be negative. For instance, this line will match entries for 'sql', but not if they also contain 'server':
`sql & -server`
If you prefer blacklisting to whitelisting, you can enable that in the config by switching `dependencies_are_ignored` to true. This
will ignore all feed entries matching an item in your dependencies file.
The example config pulls from nvd and seclists. It posts to a syslog at /dev/log by default.