FediVuln 0.2.0

A client to gather vulnerability-related information from the Fediverse.

FediVuln

A client to gather vulnerability-related information from the Fediverse.

Usage

Installation

pipx is an easy way to install and run Python applications in isolated environments. It's easy to install.

$ pipx install FediVuln
$ export FEDIVULN_CONFIG=~/.FediVuln/conf.py

The configuration for FediVuln should be defined in a Python file (e.g., ~/.FediVuln/conf.py). You must then set an environment variable (FEDIVULN_CONFIG) with the full path to this file.

You can have a look at this example of configuration.

Register your application

$ FediVuln-Register

This script uses OAuth in order to retrieve the access token. This is achieved in several steps.

• Register the application with Mastodon instance, a including all necessary scopes
• Instantiate Mastodon client with client credentials
• Log in - Generate authorization URL with the exact same scopes
• Once the user authorizes, prompt for the authorization code
• Use the authorization code to retrieve the access token, with the same scopes

You only have to execute it once.

Streaming

$ FediVuln-Stream --user --sighting

Using the --sighting argument, detected vulnerability IDs will be recorded in Vulnerability Lookup as sightings.

Publishing

WIP.

$ python publish.py

License

FediVuln is licensed under GNU General Public License version 3

Copyright (c) 2024 Computer Incident Response Center Luxembourg (CIRCL)
Copyright (C) 2024 Cédric Bonhomme - https://github.com/cedricbonhomme