The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning a list of installed software and matching results with the CVE database. This is not a bullet-proof method and you will have many false positives (ie: vulnerability is fixed with a revision-release, but the tool isn't able to detect the revision itself), yet it is still better than nothing, especially if you are running a distribution with little security coverage.
-
Initalize the SQLite3 Database
~# cvechecker -i -
Load CVE and version matching rules
~$ pullcves pull -
Generate List of Files to scan
~$ find / -type f -perm -o+x > scanlist.txt~$ echo "/proc/version" >> scanlist.txt -
Gather List of Installed Software/Versions
~$ cvechecker -b scanlist.txt -
Output Matching CVE Entries
~$ cvechecker -r
More detailed installation information available via the installation docs.
The homepage for this project.