- Notifications
You must be signed in to change notification settings - Fork15
A Terminal UI for browsing security vulnerabilities (CVEs)
License
Apache-2.0, MIT licenses found
Licenses found
orhun/flawz
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
flawz is a Terminal User Interface (TUI) for browsing the security vulnerabilities (also known asCVEs).
As default it uses the vulnerability database (NVD) fromNIST and provides search and listing functionalities in the terminal with different theming options.
For example, to view details on the notoriousxz vulnerability:
flawz --feeds 2024 --query xz
Table of Contents
Packaging status
flawz can be installed fromcrates.io usingcargo ifRust is installed.
cargo install --locked flawz
The minimum supported Rust version (MSRV) is1.74.1.
Note
You need to have SQLite 3 development files installed. On Debian and its derivates you can do so with the following command:
sudo apt install libsqlite3-dev
flawz can be installed from theofficial repositories usingpacman:
pacman -S flawz
flawz is available forAlpine Edge. It can be installed viaapk after enabling thetesting repository.
apk add flawz
flawz is available for macOS viaHomebrew. It can be installed usingbrew
brew install flawz
flawz is available for Nix vianixpkgs-unstable channel. To make it available in the environment, simply run:
nix-channel --add https://nixos.org/channels/nixpkgs-unstablenix-channel --update nixpkgsnix-env -iA nixpkgs.flawz
OnNixOS:
nix-channel --add https://nixos.org/channels/nixos-unstablenix-channel --update nixosnix-env -iA nixos.flawz
Alternatively, if you're using the new experimental CLI, you can use the following:
nix run nixpkgs#flawz
flawz is available from theofficial repositories. To install it, simply run:
pkgin install flawz
See the available binaries for different targets from thereleases page.
- Clone the repository.
git clone https://github.com/orhun/flawz&&cd flawz/
- Build.
CARGO_TARGET_DIR=target cargo build --release
Binary will be located attarget/release/flawz.
flawz [OPTIONS]
Options:
--url<URL> A URL where NIST CVE 1.1 feeds can be found [env: URL=] [default: https://nvd.nist.gov/feeds/json/cve/1.1/]-f, --feeds [<FEEDS>...] List of feeds that are going to be synced [env: FEEDS=] [default: 2002:2024 recent modified]-d, --db<DB> Path to the SQLite database used to store the synced CVE data [env: DB=]-u, --force-update Always fetch feeds-o, --offline Do not fetch feeds-q, --query<QUERY> Start with a search query [env: QUERY=]-t, --theme<THEME> Set the theme [default: dracula] [possible values: dracula, nord, one-dark, solarized-dark, gruvbox-light, gruvbox-material-dark-hard, catppuccin]-h, --help Printhelp (see more with'--help')-V, --version Print version
| Key | Action | Description |
|---|---|---|
k /Up | Scroll Up | Scroll up the list |
j /Down | Scroll Down | Scroll down the list |
Enter | Select | View the selected CVE details |
/ | Search | Search for a CVE |
Space | Open | Open the first CVE reference in the browser |
q | Quit | Set computer on fire |
To start with a specific search query:
flawz --query"buffer overflow"You can use the--feeds option to sync specific years of feeds:
flawz --feeds 2010:2015 recent
Additionally, you can use the following flags:
--force-update: Always fetch feeds, even if they are already up to date.--offline: Run without fetching feeds (useful if you have already synced the data):
For example, you can use the following command to search for a specific vulnerability from 2014:
flawz -q"CVE-2014-0160" -f 2014 --force-updateStartflawz with--theme option to set a custom theme, e.g.--theme nord.
If you findflawz and/or other projectson my GitHub useful, consider supporting me onGitHub Sponsors! 💖
See ourContribution Guide and please follow theCode of Conduct in all your interactions with the project.
Licensed under either ofApache License Version 2.0 orThe MIT License at your option.
🦀 ノ( º _ º ノ) - respect crables!
Copyright © 2024,Orhun Parmaksız
About
A Terminal UI for browsing security vulnerabilities (CVEs)
