Skip to main content

Implement vulnerabilities scanning on top of package management system like apt, pip, composer...

Project description

Scabi

Implement vulnerabilities scanning on top of package management system like apt, pip, composer...

Install

You can install scabi either via pip (PyPI) or from source. To install using pip:

python3 -m pip install scabi

Or manually:

git clone https://github.com/remiflavien1/scabi
cd scabi
python3 setup.py install

CLI

Scabi

Usage:
  scabi <pms> <package> [--verbose --detail ] [--oss  --mitre] [-s FILE]
  scabi -h --help --version

Options:
  -v --verbose      Show full output.
  -d --detail       Show CVE details.
  -o --oss          Search vulnerabilities only through OSS.
  -m --mitre        Search vulnerabilities only through MITRE.
  -s --save FILE    Save output to file.
  -h --help         Show this screen.

Example of output for the python module django:

$ scabi -v pip django
The dependencies for <django> are :
... pytz
... sqlparse
... asgiref
... argon2-cffi
... bcrypt

>>>>>>>>>>>>>>> SEARCH IN OSS INDEX <<<<<<<<<<<<<<<
NO VULNERABILITIES FOUND

>>>>>>>>>>>>>>> SEARCH IN MITRE DATABASE <<<<<<<<<<<<<<<

-------------- Package: <bcrypt> --------------

CVE : CVE-2020-5229
CVE DETAIL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5229
DESCRIPTION Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. ...

CVE : CVE-2019-13421
CVE DETAIL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13421
DESCRIPTION Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.
...

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

scabi-1.0.1.tar.gz (5.0 kB view details)

Uploaded Source

Built Distribution

scabi-1.0.1-py3-none-any.whl (6.1 kB view details)

Uploaded Python 3

File details

Details for the file scabi-1.0.1.tar.gz.

File metadata

  • Download URL: scabi-1.0.1.tar.gz
  • Upload date:
  • Size: 5.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/46.1.3 requests-toolbelt/0.9.1 tqdm/4.45.0 CPython/3.6.9

File hashes

Hashes for scabi-1.0.1.tar.gz
Algorithm Hash digest
SHA256 75007a828d537a059ad3bea954e9402062376094aa0557486042b2c7623b1c16
MD5 f5aba024ff215bc767f5a7a6a571585d
BLAKE2b-256 e2e2414a093daccd269ade813c10d65b159e7660ea19527d38f6bdf6d5aa578c

See more details on using hashes here.

File details

Details for the file scabi-1.0.1-py3-none-any.whl.

File metadata

  • Download URL: scabi-1.0.1-py3-none-any.whl
  • Upload date:
  • Size: 6.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/46.1.3 requests-toolbelt/0.9.1 tqdm/4.45.0 CPython/3.6.9

File hashes

Hashes for scabi-1.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 b44575b8ff99fc18e8da0bb49aa15292e6324dc3f5ac0033f30bbf06b493030a
MD5 6a3a2cfde61748d9757b5f8d65bfa2f7
BLAKE2b-256 680c314b448522dbe9233aac743303bc3dfceb5ff841b8a07551019228af4545

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page