The CVE Vulnerability Analyzer is an advanced Rust Command-Line Interface (CLI) tool designed for local analysis of the Common Vulnerabilities and Exposures (CVE) Mitre database. This tool empowers users to conduct thorough assessments of potential vulnerabilities within their systems, providing a comprehensive view of the security landscape.
Local Analysis: Perform in-depth analysis of CVE data directly on your machine, ensuring efficiency and security.
CVE Mitre Database: Access and leverage the extensive CVE Mitre database to stay informed about known vulnerabilities.
Rust Powered: Built with Rust, the CVE Vulnerability Analyzer offers robust performance and reliability.
Command-Line Interface: The CVE Vulnerability Analyzer is a command-line tool, allowing for quick and easy access to the CVE Mitre database.
Open a terminal and run the following commands:
sudo apt install build-essential
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env
rustup install stable
rustup default stable
rustup update
sudo apt install libssl-dev
sudo apt install pkg-config
sudo apt install libudev-dev
sudo apt install libsqlite3-dev
sudo apt install libdbus
sudo apt install docker.io
sudo systemctl start docker
sudo systemctl enable docker
sudo systemctl status docker
sudo usermod -aG docker $USER
su - $USER
id -nG
Dockerfile: src/config/Dockerfile
Bind ports: 5432:5432
Verify that these values are also matching in the /config/config.json file
Run
cargo install diesel_cli --no-default-features --features postgres
echo DATABASE_URL=postgres://docker:password@localhost/postgresdb >.env
- Note: these are the default credentials present in the Dockerfile. change them as needed
diesel setup
diesel migration run
- Note: If there are issues with the database, you can reset it via the changelogs by running
diesel migration redo
- Note: If there are issues with the database, you can reset it via the changelogs by running
cargo run
cargo run --release
Open a powershell terminal and run the following commands:
wsl --install
wsl --set-default-version 2
wsl --list --verbose
wsl --set-version Ubuntu-20.04 2
wsl -d Ubuntu-20.04
sudo apt update
sudo apt upgrade
Open a terminal and run the following commands:
sudo apt install build-essential
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env
rustup install stable
rustup default stable
rustup update
sudo apt install libssl-dev
sudo apt install pkg-config
sudo apt install libudev-dev
sudo apt install libsqlite3-dev
sudo apt install libdbus
sudo apt install docker.io
sudo systemctl start docker
sudo systemctl enable docker
sudo systemctl status docker
sudo usermod -aG docker $USER
su - $USER
id -nG
Dockerfile: src/config/Dockerfile
Bind ports: 8080:5432
Note: This port is different from the linux setup because of the nature of WSL.
Verify that these values are also matching in the /config/config.json file
cargo install diesel_cli --no-default-features --features postgres
echo DATABASE_URL=postgres://docker:password@localhost/postgresdb >.env
- Note: These are the default credentials present in the Dockerfile. Change them as needed
diesel setup
diesel migration run
- Note: If there are issues with the database, you can reset it via the changelogs by running
diesel migration redo
- Note: If there are issues with the database, you can reset it via the changelogs by running
cargo run
cargo run --release
Host: localhost
Port: If Linux: 5432
If Windows: 8080
Database: postgresdb
Username: docker
Password: password
Note: These are the default credentials present in the Dockerfile. Change them as needed
help
Displays the list of available commandssearch [-p parameter] [-y year]
Searches the database for a specific CVE-p
Adds a keyword based search. i.e -p java returns all CVE records containing the keyword Java-y
Adds a year based search. i.e -y 2023 returns all records from 2023
sync
Downloads the latest CVE records and adds them to the postgres database Note: This takes a whileexport
Exports the last search result into a CSV fileexamine Arg[0]
Examines the cve record provided, listing more details about the vulnerabilityexit
quits the program
Copyright [2023] [Kyle Carr]
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.