在包管理系统上实现漏洞扫描,如apt、pip、composer。。。
scabi的Python项目详细描述
斯卡比
在apt、pip、composer等包管理系统上实现漏洞扫描。。。在
安装
您可以通过pip(PyPI)或从源代码安装scabi
。
要使用pip安装:
python3 -m pip install scabi
或手动:
^{pr2}$命令行接口
Scabi
Usage:
scabi <pms> <package> [--verbose --detail ] [--oss --mitre] [-s FILE]
scabi -h --help --version
Options:
-v --verbose Show full output.
-d --detail Show CVE details.
-o --oss Search vulnerabilities only through OSS.
-m --mitre Search vulnerabilities only through MITRE.
-s --save FILE Save output to file.
-h --help Show this screen.
python模块django
的输出示例:
$ scabi -v pip django
The dependencies for <django> are :
... pytz
... sqlparse
... asgiref
... argon2-cffi
... bcrypt
>>>>>>>>>>>>>>> SEARCH IN OSS INDEX <<<<<<<<<<<<<<<
NO VULNERABILITIES FOUND
>>>>>>>>>>>>>>> SEARCH IN MITRE DATABASE <<<<<<<<<<<<<<<
-------------- Package: <bcrypt> --------------
CVE : CVE-2020-5229
CVE DETAIL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5229
DESCRIPTION Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. ...
CVE : CVE-2019-13421
CVE DETAIL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13421
DESCRIPTION Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.
...
- 项目
标签: