VulnersX Tool

Introduction

VulnersX is a powerful vulnerability search tool designed to assist security professionals, developers, and system administrators in identifying and managing vulnerabilities in software packages. This documentation provides a comprehensive overview of the tool’s features, usage, installation, and customization options.

Features

1. Vulnerability Search

• VulnersX leverages the Red Hat Security Data API to search for vulnerabilities based on specified package names and dates.
• Users can input the package name and the date to search for vulnerabilities after that date.

2. Database Storage

• The tool connects to an SQLite database and creates a table to store vulnerability data.
• Vulnerability details, including CVE IDs and summaries, are saved in the database for future reference.

3. Text File Storage

• In addition to database storage, VulnersX saves vulnerability details in a text file named «cves.txt».
• The text file follows a specific format, with each line containing the counter, CVE ID, and summary of a vulnerability.

4. Progress Bar

• While fetching and saving vulnerabilities, VulnersX displays a progress bar in the terminal.
• The progress bar visually indicates the progress of the search process, providing users with real-time feedback.

5. Error Handling

• VulnersX handles errors gracefully, displaying informative messages in case of connection issues or when no vulnerabilities are found for the specified package.

6. Command-line Interface (CLI)

• Users can interact with VulnersX via the command line interface.
• Command-line arguments allow users to provide the package name and date for vulnerability searches.

7. Docker Compatibility

• VulnersX is compatible with Docker, enabling easy containerization and deployment across different environments.
• Dockerfile provided for building Docker images, simplifying the deployment process.

Installation

Prerequisites

• Python 3.x installed on the system.
• Docker installed (optional, for Docker deployment).

Steps

1. Clone the VulnersX repository from GitHub:

git clone https://github.com/Symbolexe/VulnersX

2. Navigate to the cloned directory:

cd VulnersX

3. Install the required Python packages:

pip install -r requirements.txt

4. Run the tool using Python:

python3 VulnersX.py <package_name> <after_date>

5. Alternatively, build a Docker image using the provided Dockerfile:

docker build -t vulnersx

6. Run the Docker container:

docker run -p 80:80 vulnersx

Usage

Command-line Arguments

• – package: Specifies the name of the package to search vulnerabilities for.
• – date: Specifies the date to search vulnerabilities after (format: YYYY-MM-DD).

Example

python VulnersX.py  – package openssl  – date 2023–01–01

Customization

Database Configuration

Users can modify the database connection settings in the `__init__` method of the `VulnersX` class.

Text File Format

The format of the text file output can be customized by modifying the `save_to_text_file` method in the `VulnersX` class.

Conclusion

VulnersX is a versatile and efficient tool for vulnerability management, offering robust features, flexible customization options, and seamless integration with Docker. By providing comprehensive vulnerability search capabilities and reliable data storage mechanisms, VulnersX empowers users to proactively identify and address security risks in their software ecosystems.

For more information and updates, please visit the VulnersX GitHub repository.

About the Author

This documentation was prepared by Yasin Saffari, a passionate cybersecurity enthusiast and software developer with expertise in vulnerability management and threat intelligence. Connect with me on LinkedIn for more insights and discussions on cybersecurity topics.