Greetings,
I built a small proof-of-concept and I've been suggested to share it
with the community.
The tool consists of a vulnerability scanner based on Libguestfs.
The tool lists all the installed applications within a disk image and
queries a CVE database via REST interface. The data gets aggregated in
order to provide a report of the vulnerable applications within the disk
image.
Here's a concrete example:
http://pastebin.com/w6DZkwCg
A possible use case could be the vulnerability assessment and management
of Cloud instances.
The tool is part of a library I've been building to help automating
security assessment and forensics analysis of disk images.
https://github.com/noxdafox/vminspect
I did not test it much yet. Therefore, it might raise several false
positives or miss important vulnerabilities but considering it's ~ 100
lines of Python code, I'd say is a good starting point.
The tool is relying on cve-search REST APIs to retrieve the
vulnerability list.
https://github.com/adulau/cve-search
_______________________________________________
Libguestfs mailing list
Libguestfs@redhat.com
https://www.redhat.com/mailman/listinfo/libguestfs
