Git Vuln Finder finds potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commit which could contain a fix regarding a software vulnerability. The search is based on a set of regular expressions against the commit messages only. If CVE IDs are present, those are added automatically in the output.
Requirements
jq (sudo apt install jq)
Also Read – Dsync : IDAPython Plugin That Synchronizes Disassembler & Decompiler Views
Installation
Use it as a library
git-vuln-finder can be install with poetry. If you don’t have poetry installed, you can do the following curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python
.
$ poetry install git-vuln-finder
$ poetry shell
Use it as a command line tool
$ pipx install git-vuln-finder
$ git-vuln-finder –help
You can also use pip.
pipx
installs scripts (system wide available) provided by Python packages
into separate virtualenvs to shield them from your system and each other.
Usage
Patterns
git-vuln-finder comes with 3 default patterns which can be selected to find the potential vulnerabilities described in the commit messages such as:
vulnpatterns
is a generic vulnerability pattern especially targeting web application and generic security commit message. Based on an academic paper.cryptopatterns
is a vulnerability pattern for cryptographic errors mentioned in commit messages.cpatterns
is a set of standard vulnerability patterns see for C/C++-like languages.Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…
Knowing how to check directory sizes in Linux is essential for managing disk space and…
Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…
Linux offers powerful command-line tools for system administrators to view and manage user accounts. Knowing…