A client to gather vulnerability-related information from the Fediverse.
Project description
FediVuln
A client to gather vulnerability-related information from the Fediverse. The gathered data is subsequently transmitted to the Vulnerability-Lookup API.
Installation
pipx is an easy way to install and run Python applications in isolated environments. It's easy to install.
$ pipx install FediVuln
$ export FEDIVULN_CONFIG=~/.FediVuln/conf.py
The configuration for FediVuln should be defined in a Python file (e.g., ~/.FediVuln/conf.py).
You must then set an environment variable (FEDIVULN_CONFIG) with the full path to this file.
You can have a look at this example of configuration.
Usage
Register your application
$ FediVuln-Register
This script uses OAuth in order to retrieve the access token. This is achieved in several steps.
- Register the application with Mastodon instance, a including all necessary scopes
- Instantiate Mastodon client with client credentials
- Log in - Generate authorization URL with the exact same scopes
- Once the user authorizes, prompt for the authorization code
- Use the authorization code to retrieve the access token, with the same scopes
You only have to execute it once.
Streaming
usage: FediVuln-Stream [-h] [--user] [--public] [--push-sighting] [--push-status]
Allows access to the streaming API.
options:
-h, --help show this help message and exit
--user Streams events that are relevant to the authorized user, i.e. home timeline and notifications.
--public Streams public events.
--push-sighting Push the sightings to Vulnerability Lookup.
--push-status Push the status to Vulnerability Lookup.
Examples
Streams events that are relevant to the authorized user, i.e. home timeline and notifications:
$ FediVuln-Stream --user --push-sighting
If you want to get the stream of public events (local server + connected servers):
$ FediVuln-Stream --public --push-sighting
Using the --push-sighting argument, detected vulnerability IDs will be recorded in
Vulnerability Lookup as
sightings.
Search
usage: FediVuln-Search [-h] --query QUERY
Allows you to search for users, tags and, when enabled, full text, by default within your own posts and those you have interacted with.
options:
-h, --help show this help message and exit
--query QUERY Query of the search.
Publishing
WIP.
$ python publish.py
License
FediVuln is licensed under GNU General Public License version 3
Copyright (c) 2024 Computer Incident Response Center Luxembourg (CIRCL)
Copyright (C) 2024 Cédric Bonhomme - https://github.com/cedricbonhomme
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file fedivuln-0.4.0.tar.gz.
File metadata
- Download URL: fedivuln-0.4.0.tar.gz
- Upload date:
- Size: 18.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.4 CPython/3.11.4 Linux/6.1.0-27-amd64
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 598159a07f707f07d338f36f5bb36affe9186eec81be0ac4dfa8d52e19649f7c |
|
| MD5 | 22b1da7289876422a7828a94143fd5a1 |
|
| BLAKE2b-256 | 8b280bd01bfa751ed3dcad354a36d08d26c5a795e272106b347c77bd9f94cc79 |
File details
Details for the file fedivuln-0.4.0-py3-none-any.whl.
File metadata
- Download URL: fedivuln-0.4.0-py3-none-any.whl
- Upload date:
- Size: 34.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.4 CPython/3.11.4 Linux/6.1.0-27-amd64
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 3333d603d792c0d8d487ce17b45fa09870d27f8fd61f901f11460463d90a5981 |
|
| MD5 | e07a68465c1afda8f7ced1f9f0cb115d |
|
| BLAKE2b-256 | cdfab046e0ba633be0fecd9fede94d4e99ac0374f2e08024ad38468500d5a0da |
