How To Find Vulnerability on a Computer- CVEchecker
There are different tools are available to find a vulnerability on an operating system and network, nessus and OpenVAS are among them. We have discussed different sort of tutorials for nessus to find a vulnerability as you have seen that the vulnerability number start with CVE-xxxxx so the question is what is CVE? And the other thing is that if we need to find the vulnerability on our own computer so that whether we need to scan our own computer via nessus or there are some other method?
What is CVE ?
The Common Vulnerabilities and Exposures or CVE system provides a reference-method for publicly-known information-security vulnerabilities and exposures. MITRE Corporation maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security. CVE is used by the Security Content Automation Protocol.
What is CVEchecker ?
The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning the installed software and matching the results with the CVE database. Indeed, this is not a bullet-proof method and you will most likely have many false positives (vulnerability is fixed with a revision-release, but the tool isn't able to detect the revision itself), yet it is still better than nothing, especially if you are running a distribution with little security coverage.
root@coresec:~# apt-get install libconfig8-dev libsqlite3-dev libxslt1-dev
root@coresec:~# tar -zxvf cvechecker-3.1.tar.gzroot@coresec:~# cd cvechecker-3.1/root@coresec:~/cvechecker-3.1# ./configure --enable-sqlite3root@coresec:~/cvechecker-3.1# makeroot@coresec:~/cvechecker-3.1# make install
root@coresec:~/cvechecker-3.1# pullcves pullDownloading nvdcve-2.0-2002.xml... okConverting nvdcve-2.0-2002.xml to CSV... okLoading in nvdcve-2.0-2002.csv in cvechecker.I am missing the index cveidx2. This is to be expected if this is the first run of cvechecker since an upgrade.I will now create cveidx2 for you, no further actions are needed.Some updates have occurred which might affect the database initialization.Please restart the command.
Generate the list
root@coresec:~/cvechecker-3.1# find / -type f -perm -o+x > scanlist.txtroot@coresec:~/cvechecker-3.1# echo "/proc/version" >> scanlist.txt
Get the information of available software's
root@coresec:~/cvechecker-3.1# cvechecker -b scanlist.txtSearching for known software titles...- Found match for /lib/libpthread-2.12.1.so: cpe:/a:gnu:glibc:2.12.1:::- Found match for /sbin/resize2fs: cpe:/a:ext2_filesystems_utilities:e2fsprogs:1.41.12:::- Found match for /sbin/mkfs.ext4: cpe:/a:ext2_filesystems_utilities:e2fsprogs:1.41.12:::- Found match for /sbin/iptables-save: cpe:/a:netfilter_core_team:iptables:1.4.4:::- Found match for /sbin/iptables-save: cpe:/a:netfilter_core_team:iptables:1.4
root@coresec:~/cvechecker-3.1# cvechecker -r
root@coresec:~/cvechecker-3.1# cvechecker -r -C
How To Find Vulnerability on a Computer- CVEchecker Reviewed by Ethical Hacking on 6:35 AM Rating: