[![GitHub Actions status](https://github.com/evdenis/cvehound/workflows/test/badge.svg)](https://github.com/evdenis/cvehound/actions?query=workflow%3Atest)
[![Supported Versions of Python](https://img.shields.io/pypi/pyversions/cvehound.svg)](https://pypi.org/project/cvehound)
[![PyPI package version](https://img.shields.io/pypi/v/cvehound.svg)](https://pypi.org/project/cvehound)
# CVEhound
CVEhound is a tool for checking linux sources for known CVEs.
The tool is based on [coccinelle](https://coccinelle.gitlabpages.inria.fr/website/)
rules and grep patterns. The tool checks sources for vulnerable
code patterns of known CVEs and missing fixes for them.
- **What:** The tool tries to find "unfixed" code of known CVEs;
- **How:** The tool uses [coccinelle/grep](cvehound/cve) rules with patterns that helps to detect known CVE bugs or their fixes. Thus, sources are checked either for a presence of "unfixed" code pieces (e.g. [CVE-2020-12912](cvehound/cve/CVE-2020-12912.cocci)), or for an absence of a fix (e.g. [CVE-2020-26088](cvehound/cve/CVE-2020-26088.cocci));
- **Why:** If you have a git log then it's easier to check what CVEs are fixed based on a git history. However, many vendors (samsung, huawei, various iot, routers manufacturers) publish kernel sources as archives without a development log. In most cases their kernels are based on LTS kernels, but versions are far from upstream. Linux version string from Makefile will only give you an information about what CVEs were fixed by kernel developers upto this version. It will not help you to understand what fixes were backported by a vendor itself. In this case it's possible to apply the tool and check "missing" CVE fixes.
## Prerequisites
- Python 3 (>=3.5)
- pip (Python package manager)
- grep with pcre support (-P flag)
- coccinelle (>= 1.0.4)
Install prerequisites:
``` shell
# Ubuntu, coccinelle uses libpython2.7 internally
# Seems like some ppas mark libpython dependency as optional
$ sudo apt install python3-pip coccinelle libpython2.7
# Fedora
$ sudo dnf install python3-pip coccinelle
```
## Installation
To install the latest stable version just run the following command:
``` shell
$ python3 -m pip install --user cvehound
```
For development purposes you may install cvehound in "editable" mode
directly from the repository (clone it on your computer beforehand):
``` shell
$ pip install -e .
```
## How to use
The simplest way to start using CVEhound is to run the following command:
``` shell
$ cvehound --kernel ~/linux
Found: CVE-2020-27830
Found: CVE-2020-27152
Found: CVE-2020-29371
Found: CVE-2020-26088
```
where *dir* should point to linux kernel sources. CVEhound will check the
sources for all cve patterns that you can find in [cve dir](/cvehound/cve/).
To check the sources for particular CVEs one can use:
``` shell
$ cvehound --kernel ./linux --config --cve CVE-2020-27194 CVE-2020-29371
Checking: CVE-2020-27194
Found: CVE-2020-27194
MSG: bpf: Fix scalar32_min_max_or bounds tracking
CWE: Improper Restriction of Operations within the Bounds of a Memory Buffer
FIX DATE: 2020-10-08 09:02:53
https://www.linuxkernelcves.com/cves/CVE-2020-27194
Affected Files:
- linux/kernel/bpf/verifier.c: CONFIG_BPF & CONFIG_BPF_SYSCALL
linux/.config: affected
Config: ./linux/.config affected
Checking: CVE-2020-29371
Found: CVE-2020-29371
MSG: romfs: fix uninitialized memory leak in romfs_dev_read()
CWE: Use of Uninitialized Resource
FIX DATE: 2020-08-21 16:52:53
https://www.linuxkernelcves.com/cves/CVE-2020-29371
Affected Files:
- linux/fs/romfs/storage.c: CONFIG_ROMFS_FS
linux/.config: not affected
Config: ./linux/.config not affected
```
Other args:
- `--report` - will produce json file with found CVEs
Most of metainformation in generated report is taken from linuxkernelcves.com
- `--config` or `--config <file>` - will infer the kernel configuration required to
build the affected code (based on Kbuild/Makefiles, ifdefs are not checked) and
check kernel .config file if there is one
- `--files`, `--cwe` - will limit the scope of checked cves to the kernel files of
interest or specific CWE classes
- `--exploit` - check only for CVEs that are known to be exploitable (according to
the FSTEC BDU database)
## LICENSE
Python code is licensed under GPLv3. All rules in cvehound/cve folder are licensed under GPLv2.
## Acknowledgements
I would like to thank the following projects and people behind them:
- [coccinelle](https://coccinelle.gitlabpages.inria.fr/website/) for the program matching engine
- [linuxkernelcves.com](https://linuxkernelcves.com/) for information about Linux CVEs
- [undertaker](https://vamos.informatik.uni-erlangen.de/trac/undertaker) for mapping kernel configs to .c files
- [sympy](https://www.sympy.org/) for the symbolic logic solver
没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
收起资源包目录
PyPI 官网下载 | cvehound-1.0.7.tar.gz (276个子文件)
setup.cfg 38B
CVE-2020-12352.cocci 4KB
CVE-2018-1108.cocci 2KB
CVE-2020-36158.cocci 2KB
CVE-2017-1000112.cocci 2KB
CVE-2021-23134.cocci 2KB
CVE-2020-27825.cocci 1KB
CVE-2021-38209.cocci 1KB
CVE-2021-3347.cocci 1KB
CVE-2020-25643.cocci 1KB
CVE-2021-34693.cocci 1KB
CVE-2017-7558.cocci 1KB
CVE-2021-28039.cocci 1KB
CVE-2020-0423.cocci 1KB
CVE-2020-0465.cocci 1KB
CVE-2017-16912.cocci 1KB
CVE-2019-16921.cocci 1017B
CVE-2020-24490.cocci 1005B
CVE-2017-12188.cocci 1003B
CVE-2019-13648.cocci 979B
CVE-2020-27830.cocci 970B
CVE-2016-5195.cocci 962B
CVE-2018-20855.cocci 955B
CVE-2021-0605.cocci 944B
CVE-2020-9391.cocci 942B
CVE-2016-6162.cocci 937B
CVE-2017-18595.cocci 932B
CVE-2021-29657.cocci 927B
CVE-2019-15918.cocci 924B
CVE-2020-25670.cocci 924B
CVE-2021-3483.cocci 922B
CVE-2014-8480.cocci 920B
CVE-2017-1000405.cocci 890B
CVE-2015-8961.cocci 890B
CVE-2021-3656.cocci 888B
CVE-2020-25671.cocci 887B
CVE-2016-6828.cocci 880B
CVE-2017-2636.cocci 879B
CVE-2019-14284.cocci 865B
CVE-2019-16746.cocci 857B
CVE-2019-20096.cocci 846B
CVE-2021-38208.cocci 832B
CVE-2021-28691.cocci 831B
CVE-2020-11884.cocci 829B
CVE-2019-15031.cocci 804B
CVE-2016-9793.cocci 792B
CVE-2019-15221.cocci 789B
CVE-2021-3411.cocci 782B
CVE-2017-11089.cocci 772B
CVE-2019-15030.cocci 769B
CVE-2020-14385.cocci 765B
CVE-2020-29372.cocci 738B
CVE-2021-3609.cocci 734B
CVE-2017-12153.cocci 730B
CVE-2021-29155.cocci 729B
CVE-2019-2214.cocci 729B
CVE-2020-16119.cocci 727B
CVE-2015-1593.cocci 717B
CVE-2021-3743.cocci 707B
CVE-2020-25669.cocci 699B
CVE-2016-2117.cocci 671B
CVE-2020-35499.cocci 669B
CVE-2020-8694.cocci 667B
CVE-2021-28952.cocci 666B
CVE-2020-29661.cocci 664B
CVE-2020-14331.cocci 658B
CVE-2018-11412.cocci 655B
CVE-2016-3713.cocci 651B
CVE-2014-1737.cocci 650B
CVE-2021-3739.cocci 648B
CVE-2020-25285.cocci 646B
CVE-2014-5077.cocci 646B
CVE-2021-0342.cocci 644B
CVE-2021-29647.cocci 637B
CVE-2019-14283.cocci 634B
CVE-2019-15504.cocci 633B
CVE-2020-10769.cocci 633B
CVE-2019-19332.cocci 631B
CVE-2017-2618.cocci 630B
CVE-2019-9500.cocci 629B
CVE-2019-9857.cocci 628B
CVE-2020-27068.cocci 626B
CVE-2020-28941.cocci 621B
CVE-2017-5576.cocci 621B
CVE-2019-15916.cocci 619B
CVE-2021-38205.cocci 618B
CVE-2020-10757.cocci 618B
CVE-2020-0041.cocci 612B
CVE-2017-15128.cocci 610B
CVE-2020-27815.cocci 603B
CVE-2021-20261.cocci 595B
CVE-2019-13272.cocci 590B
CVE-2020-25704.cocci 587B
CVE-2020-12659.cocci 587B
CVE-2015-1339.cocci 586B
CVE-2020-0009.cocci 582B
CVE-2020-27194.cocci 582B
CVE-2020-25639.cocci 581B
CVE-2017-16533.cocci 579B
CVE-2021-20268.cocci 577B
共 276 条
- 1
- 2
- 3
资源评论
挣扎的蓝藻
- 粉丝: 13w+
- 资源: 15万+
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 乐播投屏 5.9.02版.apk
- 数据库管理工具:dbeaver-ce-23.2.1-x86-64-setup.exe
- 高分项目,基于Unity3D开发实现的贪吃蛇游戏,内含完整源码+资源+视频教程
- 数据库管理工具:dbeaver-ce-23.1.3-macos-x86-64.dmg
- 数据库管理工具:dbeaver-ce-23.1.3-macos-aarch64.dmg
- 22数12袁溢科227401069.pptx
- 数据库管理工具:dbeaver-ce-23.1.2-macos-x86-64.dmg
- Fortran开发详解(文档)
- 数据库管理工具:dbeaver-ce-23.0.4-x86-64-setup.exe
- Rust与C/C++有何不同?
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功