krehel / flawz Goto Github PK

---

flawz is a Terminal User Interface (TUI) for browsing the security vulnerabilities (also known as CVEs).

As default it uses the vulnerability database (NVD) from NIST and provides search and listing functionalities in the terminal with different theming options.

For example, to view details on the notorious xz vulnerability:

flawz --feeds 2024 --query xz

flawz can be installed from crates.io using cargo if Rust is installed.

cargo install flawz

The minimum supported Rust version (MSRV) is 1.74.1.

flawz can be installed from the official repositories using pacman:

pacman -S flawz

flawz is available for Alpine Edge. It can be installed via apk after enabling the testing repository.

apk add flawz

flawz is available from the official repositories. To install it, simply run:

pkgin install flawz

See the available binaries for different targets from the releases page.

1. Clone the repository.

git clone https://github.com/orhun/flawz && cd flawz/

2. Build.

CARGO_TARGET_DIR=target cargo build --release

Binary will be located at target/release/flawz.

flawz [OPTIONS]

Options:

  --url <URL>           A URL where NIST CVE 1.1 feeds can be found [env: URL=] [default:
                        https://nvd.nist.gov/feeds/json/cve/1.1/]
-f, --feeds [<FEEDS>...]  List of feeds that are going to be synced [env: FEEDS=] [default: 2002:2024 recent
                        modified]
-d, --db <DB>             Path to the SQLite database used to store the synced CVE data [env: DB=]
-u, --force-update        Always fetch feeds
-o, --offline             Do not fetch feeds
-q, --query <QUERY>       Start with a search query [env: QUERY=]
-t, --theme <THEME>       Set the theme [default: dracula] [possible values: dracula, nord, one-dark,
                        solarized-dark]
-h, --help                Print help (see more with '--help')
-V, --version             Print version

To start with a specific search query:

flawz --query "buffer overflow"

You can use the --feeds option to sync specific years of feeds:

flawz --feeds 2010:2015 recent

Additionally, you can use the following flags:

• --force-update: Always fetch feeds, even if they are already up to date.
• --offline: Run without fetching feeds (useful if you have already synced the data):

For example, you can use the following command to search for a specific vulnerability from 2014:

flawz -q "CVE-2014-0160" -f 2014 --force-update

Start flawz with --theme option to set a custom theme, e.g. --theme nord.

If you find flawz and/or other projects on my GitHub useful, consider supporting me on GitHub Sponsors! 💖

See our Contribution Guide and please follow the Code of Conduct in all your interactions with the project.

Licensed under either of Apache License Version 2.0 or The MIT License at your option.

🦀 ノ( º _ º ノ) - respect crables!

Copyright © 2024, Orhun Parmaksız