The CVE Vulnerability Analyzer is an advanced Rust Command-Line Interface (CLI) tool designed for local analysis of the Common Vulnerabilities and Exposures (CVE) Mitre database. This tool empowers users to conduct thorough assessments of potential vulnerabilities within their systems, providing a comprehensive view of the security landscape.

• CVE Vulnerability Analyzer
• Table of Contents
• Features
• Installation
  • Linux
  • Windows
  • Database Viewing
• Usage
  • Commands
• License

Local Analysis: Perform in-depth analysis of CVE data directly on your machine, ensuring efficiency and security.
CVE Mitre Database: Access and leverage the extensive CVE Mitre database to stay informed about known vulnerabilities.
Rust Powered: Built with Rust, the CVE Vulnerability Analyzer offers robust performance and reliability.
Command-Line Interface: The CVE Vulnerability Analyzer is a command-line tool, allowing for quick and easy access to the CVE Mitre database.

Open a terminal and run the following commands:

• sudo apt install build-essential
• curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
• source $HOME/.cargo/env
• rustup install stable
• rustup default stable
• rustup update

• sudo apt install libssl-dev
• sudo apt install pkg-config
• sudo apt install libudev-dev
• sudo apt install libsqlite3-dev
• sudo apt install libdbus

• sudo apt install docker.io
• sudo systemctl start docker
• sudo systemctl enable docker
• sudo systemctl status docker
• sudo usermod -aG docker $USER
• su - $USER
• id -nG

Dockerfile: src/config/Dockerfile
Bind ports: 5432:5432
Verify that these values are also matching in the /config/config.json file
Run

• cargo install diesel_cli --no-default-features --features postgres
• echo DATABASE_URL=postgres://docker:password@localhost/postgresdb >.env
  • Note: these are the default credentials present in the Dockerfile. change them as needed
• diesel setup
• diesel migration run
  • Note: If there are issues with the database, you can reset it via the changelogs by running diesel migration redo

• cargo run
• cargo run --release

Open a powershell terminal and run the following commands:

• wsl --install
• wsl --set-default-version 2
• wsl --list --verbose
• wsl --set-version Ubuntu-20.04 2
• wsl -d Ubuntu-20.04
• sudo apt update
• sudo apt upgrade

Open a terminal and run the following commands:

• sudo apt install build-essential
• curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
• source $HOME/.cargo/env
• rustup install stable
• rustup default stable
• rustup update

• sudo apt install libssl-dev
• sudo apt install pkg-config
• sudo apt install libudev-dev
• sudo apt install libsqlite3-dev
• sudo apt install libdbus

• sudo apt install docker.io
• sudo systemctl start docker
• sudo systemctl enable docker
• sudo systemctl status docker
• sudo usermod -aG docker $USER
• su - $USER
• id -nG

Dockerfile: src/config/Dockerfile
Bind ports: 8080:5432
Note: This port is different from the linux setup because of the nature of WSL.
Verify that these values are also matching in the /config/config.json file

• cargo install diesel_cli --no-default-features --features postgres
• echo DATABASE_URL=postgres://docker:password@localhost/postgresdb >.env
  • Note: These are the default credentials present in the Dockerfile. Change them as needed
• diesel setup diesel migration run
  • Note: If there are issues with the database, you can reset it via the changelogs by running diesel migration redo

• cargo run
• cargo run --release

Host: localhost
Port: If Linux: 5432 If Windows: 8080
Database: postgresdb
Username: docker
Password: password
Note: These are the default credentials present in the Dockerfile. Change them as needed

• help Displays the list of available commands
• search [-p parameter] [-y year] Searches the database for a specific CVE
  • -p Adds a keyword based search. i.e -p java returns all CVE records containing the keyword Java
  • -y Adds a year based search. i.e -y 2023 returns all records from 2023
• sync Downloads the latest CVE records and adds them to the postgres database Note: This takes a while
• export Exports the last search result into a CSV file
• examine Arg[0] Examines the cve record provided, listing more details about the vulnerability
• exit quits the program

Copyright [2023] [Kyle Carr]

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.