GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → BBVA → patton-cli

BBVA / patton-cli

Licence: Apache-2.0 license
The knife of the Admin & Security auditor

Programming Languages

python
139335 projects - #7 most used programming language
Dockerfile
14818 projects
Makefile
30231 projects
shell
77523 projects

Labels

securitycvecpevulnerability-detectionsecurity-toolspatton

Projects that are alternatives of or similar to patton-cli

Cve Search
cve-search - a tool to perform local searches for known vulnerabilities
Stars: ✭ 1,765 (+4102.38%)
Mutual labels:  cve, cpe, vulnerability-detection
vulnerablecode
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
Stars: ✭ 269 (+540.48%)
Mutual labels:  cve, vulnerability-detection
PatrowlHearsData
Open-Source Vulnerability Intelligence Center - Unified source of vulnerability, exploit and threat Intelligence feeds
Stars: ✭ 66 (+57.14%)
Mutual labels:  cve, cpe
Bootstomp
BootStomp: a bootloader vulnerability finder
Stars: ✭ 303 (+621.43%)
Mutual labels:  cve, vulnerability-detection
Hellraiser
Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.
Stars: ✭ 413 (+883.33%)
Mutual labels:  cve, vulnerability-detection
vulnerability-db
Vulnerability database and package search for sources such as OSV, NVD, GitHub and npm.
Stars: ✭ 36 (-14.29%)
Mutual labels:  cve, vulnerability-detection
Vfeed
The Correlated CVE Vulnerability And Threat Intelligence Database API
Stars: ✭ 826 (+1866.67%)
Mutual labels:  cve, vulnerability-detection
Patrowlhears
PatrowlHears - Vulnerability Intelligence Center / Exploits
Stars: ✭ 89 (+111.9%)
Mutual labels:  cve, vulnerability-detection
GraphDeeSmartContract
Smart contract vulnerability detection using graph neural network (DR-GCN).
Stars: ✭ 84 (+100%)
Mutual labels:  vulnerability-detection
PyParser-CVE
Multi source CVE/exploit parser.
Stars: ✭ 25 (-40.48%)
Mutual labels:  cve
vulndb-data-mirror
A simple Java command-line utility to mirror the entire contents of VulnDB.
Stars: ✭ 36 (-14.29%)
Mutual labels:  cve
threat-broadcast
威胁情报播报(停止运营)
Stars: ✭ 147 (+250%)
Mutual labels:  cve
minecraft-log4j-honeypot
Minecraft Honeypot for Log4j exploit. CVE-2021-44228 Log4Shell LogJam
Stars: ✭ 89 (+111.9%)
Mutual labels:  cve
dep-scan
Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!
Stars: ✭ 346 (+723.81%)
Mutual labels:  cve
cwe-tool
A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.
Stars: ✭ 40 (-4.76%)
Mutual labels:  cve
inthewilddb
Hourly updated database of exploit and exploitation reports
Stars: ✭ 127 (+202.38%)
Mutual labels:  cve
kubescape
Kubescape is a K8s open-source tool providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer and image vulnerabilities scanning.
Stars: ✭ 7,340 (+17376.19%)
Mutual labels:  vulnerability-detection
rest-api
REST API backend for Reconmap
Stars: ✭ 48 (+14.29%)
Mutual labels:  cve
Bugs-feed
Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...
Stars: ✭ 90 (+114.29%)
Mutual labels:  cve
xssfinder
Toolset for detecting reflected xss in websites
Stars: ✭ 105 (+150%)
Mutual labels:  vulnerability-detection
View All Similar Projects ➔

DEPRECATED. patton-cli has been moved into a module of the new patton repository for better maintenance. THIS REPOSITORY WILL BE DELETED AS OF JULY 1

Patton-cli - The knife of the Admin & Security auditor

Current version 0.0.1
Project site https://github.com/bbva/patton-cli
Issues https://github.com/bbva/patton-cli/issues/
Python versions 3.6 or above

What's Patton cli?

Patton-cli (PC) born with the objective to be a knife for system admins and security auditors.

PC could be filled with many different sources and report in many formats, being great for scripting.

You can see a demo video running Patton-Server + Patton-CLI:

patton demo

Installation

NOTE

Patton-cli need a Patton-server. Be sure that the server is running!

Using pip

Install Patton is easy:

> python3.6 -m pip install patton-cli

Using Docker

There is an included [Dockerfile](./Dockerfile). It can install patton-cli from either the pypi release, the github head, or from the current working directory. It accepts a build-arg for chose. Run one of:

docker build -t patton-cli . --build-arg source=cwd
docker build -t patton-cli . --build-arg source=github
docker build -t patton-cli . --build-arg source=pypi

Getting started

Quick example

> patton django:1.9

+------------+-------------------------------------+---------------------+
| Name       | CPEs                                | CVEs                |
+------------+-------------------------------------+---------------------+
| django:1.9 | cpe:/a:djangoproject:django:1.9:rc2 | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7234 (5.8) |
|            | ----------------------------------- | ------------------- |
|            | cpe:/a:djangoproject:django:1.9:rc2 | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7234 (5.8) |
|            | ----------------------------------- | ------------------- |
|            | cpe:/a:djangoproject:django:1.9:rc2 | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7234 (5.8) |
|            | ----------------------------------- | ------------------- |
|            | cpe:/a:djangoproject:django:1.9:rc2 | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7234 (5.8) |
|            | ----------------------------------- | ------------------- |
|            | cpe:/a:djangoproject:django:1.9:rc1 | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            | ----------------------------------- | ------------------- |
|            | cpe:/a:djangoproject:django:1.9:rc1 | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            | ----------------------------------- | ------------------- |
|            | cpe:/a:djangoproject:django:1.9:rc1 | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            | ----------------------------------- | ------------------- |
|            | cpe:/a:djangoproject:django:1.9:rc1 | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            | ----------------------------------- | ------------------- |
|            | cpe:/a:djangoproject:django:1.9:b1  | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
|            | ----------------------------------- | ------------------- |
|            | cpe:/a:djangoproject:django:1.9:b1  | CVE-2017-7234 (5.8) |
|            |                                     | ------------------- |
|            |                                     | CVE-2017-7233 (5.8) |
+------------+-------------------------------------+---------------------+

Getting help

Patton-cli has self-explained doc:

> patton -h

usage: patton [-h] [-v] [--patton-host PATTON_HOST] [-F {table,json,csv}] [-q]
          [-i FROM_FILE] [-o OUTPUT_FILE]
          [-e {python,alpine,simple_parser,auto,nmap,dpkg}] [-s] [-D] [-B]
          [-t {auto,nmap}] [-f]
          [INPUT_LIST [INPUT_LIST ...]]

Patton cli

positional arguments:
  INPUT_LIST

optional arguments:
  -h, --help            show this help message and exit
  -v                    log level
  --patton-host PATTON_HOST
                        patton server host
  -F {table,json,csv}, --display-format {table,json,csv}
                        display format options
  -q, --quiet           do not display any information in stdout
  -i FROM_FILE, --from-file FROM_FILE
                        output file for results
  -o OUTPUT_FILE, --output-file OUTPUT_FILE
                        results file. formats: csv, json, raw
  -e {python,alpine,simple_parser,auto,nmap,dpkg}, --source-type {python,alpine,simple_parser,auto,nmap,dpkg}
                        use specific source parser
  -s, --skip-on-fail    doesn't abort execution on dependency check fail

Working modes:
  -D, --dependency      check libraries and versions (default)
  -B, --banner          check banners (currently experimental)

Specific option for banners:
  -t {auto,nmap}, --banner-type {auto,nmap}
                        http, ftp, ...-
  -f, --follow          read from stdin and do a continuously check

Examples:

  * Checking specific library and output as table:
    > patton django:1.2 flask:1.1.0

  * Checking Python installed dependencies and output as CSV:
    > pip freeze | patton -F csv
    or
    > patton -F csv -i requirements.txt

  * Checking ubuntu dependencies display as table and dump in json file:
    > dpkg -l | patton -e dpkg -F table -o results.json

Usage examples

Getting vulnerabilities from different sources

From Ubuntu

> dpkg -l | patton -e dpkg

From Brew

> brew list --versions | patton

From Alpine

> apk version -v | patton -e alpine

From python requirements

> pip freeze | patton -e python

or

> cat requirements.txt | patton -e python

or

> patton -i requirements.txt -e python

From Golang requirements

> cat Gopkg.lock | patton -e golang

Formatting the output

Patton-cli can display results in these formats:

  • Table
  • JSON
  • CSV
> cat requirements.txt | patton -e python -F csv
> cat requirements.txt | patton -e python -F json
> cat requirements.txt | patton -e python -F table

Exporting results

Patton-cli can export the results in format:

  • Raw (table)
  • JSON
  • CSV

The format of file is determined by the extension:

> cat requirements.txt | patton -e python -o report.json
> cat requirements.txt | patton -e python -o report.csv
> cat requirements.txt | patton -e python -o report.raw

Quiet mode

If you don't want that Patton-cli reports anything by the terminal, you can use -q option:

> cat requirements.txt | patton -e python -q -o report.csv

Some funny examples

Listing dependencies and check te vulns:

> dpkg -l | tee patton -e dpkg -q -o reports.csv

Finding critical vulnerabilities:

> dpkg -l | patton -e dpkg -F csv | grep "10\.0" > critial_vulns.txt

Contributing

Any collaboration is welcome!

There're many tasks to do.You can check the Issues and send us a Pull Request.

Also you can read the TODO file.

License

This project is distributed under Apache 2 license

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].