vuln-checker 0.4.0

CLI tool to fetch CVEs using NVD API

vuln-checker

✨ A CLI tool to search CVEs from the NVD API based on product/version (CPE lookup).

---

Features

• 🎯 Interactive mode to resolve multiple CPE matches
• 🔍 Filter CVEs by severity (LOW, MEDIUM, HIGH, CRITICAL)
• 💾 Export results in JSON, CSV, or HTML formats
• 🌐 Includes hyperlinks for CVE IDs in JSON, CSV, and HTML outputs
• 📋 Batch processing with CSV input or command-line product/version pairs
• ⚡ Requires NVD API key for enhanced access (rate limits apply)
• 🚀 Supports pagination for comprehensive CVE retrieval

---

Installation

Install via pip:

pip install vuln-checker

Or from GitHub:

git clone https://github.com/skm248/vuln-checker.git
cd vuln-checker
pip install .

Usage Prerequisites • Obtain an NVD API key from NVD API Key Request and set it as an environment variable NVD_API_KEY or replace the placeholder in the script. Command-Line Options

vuln-checker –help

Examples

1. Single Product via Command-Line:

vuln-checker --products "tomcat:9.0.46,mysql:8.0.35" --format html --output report.html

• Fetches CVEs for multiple products/versions provided as a comma-separated list. 2. Batch Processing with CSV: • Create a products.csv file with the following format: product,version tomcat,9.0.46 mysql,8.0.35 jquery,1.11.3 • Run:

vuln-checker --input-csv products.csv --format csv --output output.csv

• Processes all product/version pairs from the CSV. 3. Filter by Severity:

vuln-checker --products "tomcat:9.0.46" --severity HIGH --format json --output output.json

• Filters CVEs with HIGH severity only. 4. Specify Output File:

vuln-checker --input-csv products.csv --format html --output custom_report.html

• Saves the report to a custom file name. Arguments • --input-csv PATH: Path to a CSV file with product and version columns (mutually exclusive with --products). • --products LIST: Comma-separated list of product:version pairs (e.g., tomcat:9.0.46,mysql:8.0.35) (mutually exclusive with --input-csv). • --severity TEXT: Filter CVEs by severity (LOW, MEDIUM, HIGH, CRITICAL). • --format TEXT: Output format (json, csv, html; default: json). • --output PATH: Output file name (default: output.json, output.csv, or report.html based on format). Notes • Exactly one of --input-csv or --products must be provided. • Hyperlinks in CSV are formatted as Excel =HYPERLINK formulas, and in JSON as a dictionary with url and value fields. • The tool includes a 0.5-second delay between API requests to respect NVD rate limits.

---

5. License This project is licensed under the by Sai Krishna Meda.

Changes Made

1. Features Section:

   • Added support for hyperlinks in JSON, CSV, and HTML outputs.
   • Included batch processing with CSV or command-line input.
   • Noted the requirement for an NVD API key and pagination support.
   • Removed the caching feature mention since it’s not implemented in the current code.

2. Usage Section:

   • Updated to reflect the mutual exclusivity of --input-csv and --products.
   • Provided detailed examples for both CSV and command-line inputs.
   • Added a Prerequisites subsection to emphasize the NVD API key requirement.
   • Included a Notes subsection to explain hyperlink formatting and rate limit handling.
   • Updated argument descriptions to match the current functionality.

3. Command Examples:

   • Replaced --product and --version with --products (comma-separated pairs) to align with the updated main.py.
   • Added examples for CSV input, severity filtering, and custom output files.

Testing Instructions

1. Verify Readme: Ensure the updated README.md accurately reflects the tool’s capabilities by comparing it with main.py and template.html.
2. Test Commands: Run the example commands with your NVD API key set (e.g., export NVD_API_KEY=your_key or replace in code) and verify the outputs.
3. Check Hyperlinks: Confirm hyperlinks in JSON, CSV, and HTML as described.
4. Update Documentation: If additional features (e.g., caching) are added later, update the README accordingly.

Notes

• The README.md assumes the tool is packaged as vuln-checker on PyPI. If it’s not yet published, adjust the installation instructions or remove the PyPI badges.
• The NVD API key is suggested as an environment variable for security, but the current code uses a hardcoded placeholder. Consider updating main.py to read from os.environ.get("NVD_API_KEY") for production use.

This updated README.md should now accurately document the tool’s current features and usage. Let me know if you need further adjustments!