certcc / trommel Goto Github PK

So, TROMMEL now cannot inspect known vulnerabilities in the extracted files?

A minimal documentation should be done to explain how things work even if the tool is easy to use.
The documentation must specify how to download and deploy the vFeed Database CE (in root directory of the tool)

Maybe add a requirements.txt with list of all required libs (magic).

Got an error first time.
Under MAC, i had to install libmagic and python-magic
brew install libmagic
pip install python-magic

It will be great to refactor the code and optimize it into different functions

• trommel as loader
• libs\vfeed
• libs\your_functions_to_search

got stuck.
where and what is nvd_db?
Traceback (most recent call last): File "trommel.py", line 161, in <module> main() File "trommel.py", line 146, in main indicators.kw(ff, trommel_output, trommel_vfeed_output, names, bin_search) File "/home/dosi/IoT/trommel-master/indicators.py", line 603, in kw text_search(mm, trommel_vfeed_output) File "/home/dosi/IoT/trommel-master/indicators.py", line 109, in text_search search_text = Search(search_term).text() File "/home/dosi/IoT/trommel-master/lib/core/search.py", line 131, in text ('%' + self.entry + '%',)) sqlite3.OperationalError: no such table: nvd_db

"Due to some people misuse of our data and reusing it for commercial purposes without neither our consent nor paying the fees, we are discontinuing the vFeed Community Edition."

bad news for community and all embedded to this repo projects.
luckily we have alternatives https://alternativeto.net/software/vfeed/

better to have all keywords such root_kw = "root" and ssh_bin = "ssh" into a config file or a dictionary. It will be easy to loop / extract / add without touching the code.

Your license file at https://github.com/CERTCC/trommel/blob/a6d6edc9ddef3d96f1269d526709097d8d2c1c96/LICENSE.md is rather confusing as it is rather impossible to figure what are the license terms that apply.
Furthermore, it contains a modified text of the GPL which may not be OK because the text of the GPL may not be modified since the original contains this:

 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.

This is FYI, as this tripped the license detection tool I maintain (scancode-toolkit)

Kyle,
I noticed the code is being updated 🥇 .. That's awesome !!!

can you add a changelog.md file, just to notify what changes you've done so far. I was unable to see what was added in indicator.py without digging into diffs :)

Anyway, great job !!!!!!