How To Find Vulnerability on a Computer- CVEchecker

There are different tools are available to find a vulnerability on an operating system and network, nessus and OpenVAS are among them. We have discussed different sort of tutorials for nessus to find a vulnerability as you have seen that the vulnerability number start with CVE-xxxxx so the question is what is CVE? And the other thing is that if we need to find the vulnerability on our own computer so that whether we need to scan our own computer via nessus or there are some other method?

What is CVE ?

The Common Vulnerabilities and Exposures or CVE system provides a reference-method for publicly-known information-security vulnerabilities and exposures. MITRE Corporation maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security.[1] CVE is used by the Security Content Automation Protocol.

What is CVEchecker ?

The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning the installed software and matching the results with the CVE database. Indeed, this is not a bullet-proof method and you will most likely have many false positives (vulnerability is fixed with a revision-release, but the tool isn’t able to detect the revision itself), yet it is still better than nothing, especially if you are running a distribution with little security coverage.

CVEchecker Tutorial

[email protected]:~# apt-get install libconfig8-dev libsqlite3-dev libxslt1-dev

[email protected]:~# tar -zxvf cvechecker-3.1.tar.gz
[email protected]:~# cd cvechecker-3.1/
[email protected]:~/cvechecker-3.1# ./configure –enable-sqlite3
[email protected]:~/cvechecker-3.1# make
[email protected]:~/cvechecker-3.1# make install

[email protected]:~/cvechecker-3.1# pullcves pull
Downloading nvdcve-2.0-2002.xml… ok
Converting nvdcve-2.0-2002.xml to CSV… ok
Loading in nvdcve-2.0-2002.csv in cvechecker.
I am missing the index cveidx2. This is to be expected if this is the first run of cvechecker since an upgrade.
I will now create cveidx2 for you, no further actions are needed.
Some updates have occurred which might affect the database initialization.
Please restart the command.

Generate the list

[email protected]:~/cvechecker-3.1# find / -type f -perm -o+x > scanlist.txt
[email protected]:~/cvechecker-3.1# echo “/proc/version” >> scanlist.txt

Get the information of available software’s

[email protected]:~/cvechecker-3.1# cvechecker -b scanlist.txt
Searching for known software titles…
– Found match for /lib/libpthread-2.12.1.so: cpe:/a:gnu:glibc:2.12.1:::
– Found match for /sbin/resize2fs: cpe:/a:ext2_filesystems_utilities:e2fsprogs:1.41.12:::
– Found match for /sbin/mkfs.ext4: cpe:/a:ext2_filesystems_utilities:e2fsprogs:1.41.12:::
– Found match for /sbin/iptables-save: cpe:/a:netfilter_core_team:iptables:1.4.4:::
– Found match for /sbin/iptables-save: cpe:/a:netfilter_core_team:iptables:1.4
Matching process

[email protected]:~/cvechecker-3.1# cvechecker -r
Export

[email protected]:~/cvechecker-3.1# cvechecker -r -C

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...