Giter Club home page Giter Club logo

shifu's Introduction

SHIFU - CVE Finder Toolkit

SHIFU-Screenshot

Introduction

SHIFU is a comprehensive and powerful toolkit designed to streamline the process of finding detailed information about Common Vulnerabilities and Exposures (CVEs). Developed with security professionals, system administrators, and developers in mind, SHIFU offers a wide range of features and capabilities to simplify CVE research and analysis.

Key Features

  1. Automated CVE Retrieval

SHIFU enables users to retrieve detailed information about CVEs directly from the Red Hat CVE database. By automating the retrieval process, SHIFU saves time and effort, allowing users to focus on analyzing and addressing security vulnerabilities.

  1. Manual and File Input Options

Users have the flexibility to input CVEs manually or provide a text file containing a list of CVEs. This dual input option caters to different user preferences and workflow requirements, enhancing usability and convenience.

  1. Colorized Output for Readability

SHIFU provides colorized output in the terminal, enhancing readability and making it easier for users to interpret and analyze CVE information at a glance. Color-coded text highlights key details and improves overall user experience.

  1. Detailed CVE Information

Upon retrieving CVE information, SHIFU presents a detailed overview of each CVE, including severity, public date, advisories, Bugzilla references, CVSS scores, CWE classifications, affected packages, and more. This comprehensive information empowers users to make informed decisions and take appropriate actions to mitigate security risks.

  1. Save Results for Future Reference

SHIFU allows users to save the detailed CVE information to a file for future reference and documentation. By providing a structured and organized record of CVE research, SHIFU supports auditing, compliance, and knowledge management efforts within organizations.

Technical Details

Installation Requirements

To use SHIFU, ensure that you have the following prerequisites installed:

  • Ruby
  • bundler (RubyGems package manager)

Installation Steps

  • Clone the SHIFU repository to your local machine: git clone https://github.com/symbolexe/shifu.git

  • Navigate to the SHIFU directory: cd shifu

  • Install dependencies using bundler: bundle install

  • use as a Python Package More info : https://pypi.org/project/shifucvefinder/

  • Example - 1

from shifucvefinder import search_by_cve_id

# Example usage
cve_id = "CVE-2024-3096"
search_by_cve_id(cve_id)
  • Example -2
from shifucvefinder import search_by_cve_id

def main():
    cve_ids = [
        "CVE-2024-3096",
        "CVE-2022-1234",
        "CVE-2023-5678"
    ]

    for cve_id in cve_ids:
        print(f"Searching for information about CVE ID: {cve_id}")
        search_by_cve_id(cve_id)
        print("=" * 50)

if __name__ == "__main__":
    main()

Usage Instructions

  1. Manual Input: Choose the option to enter CVE IDs manually. Provide the CVE IDs separated by commas (e.g., CVE-2024-3096,CVE-2022-1234) and follow the prompts.
  2. File Input: Choose the option to provide a file containing CVE IDs. Enter the name of the file when prompted, and SHIFU will process the CVEs one by one.
  3. Save Results: SHIFU will save the detailed CVE information to a file named result-cves.txt in the current directory.

Example Usage

$ ruby shifu.rb
┌────────────────────────────────────────────┐
                  SHIFU                     
           CVE Finder Toolkit               
└────────────────────────────────────────────┘
Do you want to enter CVE IDs manually or provide a file? (manual/file): manual
Enter CVE IDs separated by commas (e.g., CVE-2024-3096,CVE-2022-1234): CVE-2024-3096,CVE-2022-1234
CVE Information:
Cve: CVE-2024-3096
Severity: moderate
Public date: 2024-04-12T00:00:00Z
Advisories: []
Bugzilla: 2275061
Bugzilla description: php: password_verify can erroneously return true, opening ATO risk
Cvss score:
Cvss scoring vector:
Cwe: CWE-626
Affected packages: []
Package state:
Resource url: https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3096.json
Cvss3 scoring vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Cvss3 score: 4.8
CVE Information has been saved to result-cves.txt
Do you want to perform another search? (y/n): n
Thanks for using SHIFU!

License

This project is licensed under the MIT License - see the LICENSE file for details.

Support and Contributions

If you encounter any issues or have suggestions for improvements, please open an issue on GitHub. Contributions from the community are welcome and encouraged to make SHIFU even more robust and effective.

shifu's People

Contributors

symbolexe avatar

Stargazers

 avatar

Watchers

 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.