How To Find Vulnerability on a Computer- CVEchecker

There are different tools are available to find a vulnerability on an operating system and network, nessus and OpenVAS are among them. We have discussed different sort of tutorials for nessus to find a vulnerability as you have seen that the vulnerability number start with CVE-xxxxx so the question is what is CVE? And the other thing is that if we need to find the vulnerability on our own computer so that whether we need to scan our own computer via nessus or there are some other method?

What is CVE ?

The Common Vulnerabilities and Exposures or CVE system provides a reference-method for publicly-known information-security vulnerabilities and exposures. MITRE Corporation maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security.[1] CVE is used by the Security Content Automation Protocol.

What is CVEchecker ?

The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning the installed software and matching the results with the CVE database. Indeed, this is not a bullet-proof method and you will most likely have many false positives (vulnerability is fixed with a revision-release, but the tool isn’t able to detect the revision itself), yet it is still better than nothing, especially if you are running a distribution with little security coverage.

CVEchecker Tutorial

[email protected]:~# apt-get install libconfig8-dev libsqlite3-dev libxslt1-dev

[email protected]:~# tar -zxvf cvechecker-3.1.tar.gz
[email protected]:~# cd cvechecker-3.1/
[email protected]:~/cvechecker-3.1# ./configure –enable-sqlite3
[email protected]:~/cvechecker-3.1# make
[email protected]:~/cvechecker-3.1# make install

[email protected]:~/cvechecker-3.1# pullcves pull
Downloading nvdcve-2.0-2002.xml… ok
Converting nvdcve-2.0-2002.xml to CSV… ok
Loading in nvdcve-2.0-2002.csv in cvechecker.
I am missing the index cveidx2. This is to be expected if this is the first run of cvechecker since an upgrade.
I will now create cveidx2 for you, no further actions are needed.
Some updates have occurred which might affect the database initialization.
Please restart the command.

Generate the list

[email protected]:~/cvechecker-3.1# find / -type f -perm -o+x > scanlist.txt
[email protected]:~/cvechecker-3.1# echo “/proc/version” >> scanlist.txt

Get the information of available software’s

[email protected]:~/cvechecker-3.1# cvechecker -b scanlist.txt
Searching for known software titles…
– Found match for /lib/libpthread-2.12.1.so: cpe:/a:gnu:glibc:2.12.1:::
– Found match for /sbin/resize2fs: cpe:/a:ext2_filesystems_utilities:e2fsprogs:1.41.12:::
– Found match for /sbin/mkfs.ext4: cpe:/a:ext2_filesystems_utilities:e2fsprogs:1.41.12:::
– Found match for /sbin/iptables-save: cpe:/a:netfilter_core_team:iptables:1.4.4:::
– Found match for /sbin/iptables-save: cpe:/a:netfilter_core_team:iptables:1.4
Matching process

[email protected]esec:~/cvechecker-3.1# cvechecker -r
Export

[email protected]:~/cvechecker-3.1# cvechecker -r -C

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...

How to Identify Company’s Hacked Email Addresses Using Maltego & HaveIbeenPawned

This article is part of the Maltego OSINT tutorial, where you will learn to identify the already hacked account, and it’s password using the...

5 Key Vulnerabilities in Global Payroll

The cyber threat against payroll is growing in sophistication and frequency, according to the latest FBI cybercrime report. Many of these attacks exploit fixable...