# FediVuln
A client to gather vulnerability-related information from the Fediverse.
The gathered data is subsequently transmitted to the
[Vulnerability-Lookup](https://github.com/cve-search/vulnerability-lookup) API.
## Installation
[pipx](https://github.com/pypa/pipx) is an easy way to install and run Python applications in isolated environments.
It's easy to [install](https://github.com/pypa/pipx?tab=readme-ov-file#on-linux).
```bash
$ pipx install FediVuln
$ export FEDIVULN_CONFIG=~/.FediVuln/conf.py
```
The configuration for FediVuln should be defined in a Python file (e.g., ``~/.FediVuln/conf.py``).
You must then set an environment variable (``FEDIVULN_CONFIG``) with the full path to this file.
You can have a look at [this example](https://github.com/CIRCL/FediVuln/blob/main/fedivuln/conf_sample.py) of configuration.
## Usage
### Register your application
```bash
$ FediVuln-Register
```
This script uses OAuth in order to retrieve the access token. This is achieved in several steps.
- Register the application with Mastodon instance, a including all necessary scopes
- Instantiate Mastodon client with client credentials
- Log in - Generate authorization URL with the exact same scopes
- Once the user authorizes, prompt for the authorization code
- Use the authorization code to retrieve the access token, with the same scopes
You only have to execute it once.
### Streaming
```bash
usage: FediVuln-Stream [-h] [--user] [--public] [--push-sighting] [--push-status]
Allows access to the streaming API.
options:
-h, --help show this help message and exit
--user Streams events that are relevant to the authorized user, i.e. home timeline and notifications.
--public Streams public events.
--push-sighting Push the sightings to Vulnerability Lookup.
--push-status Push the status to Vulnerability Lookup.
```
#### Examples
Streams events that are relevant to the authorized user, i.e. home timeline and notifications:
```bash
$ FediVuln-Stream --user --push-sighting
```
If you want to get the stream of public events (local server + connected servers):
```bash
$ FediVuln-Stream --public --push-sighting
```
Using the ``--push-sighting`` argument, detected vulnerability IDs will be recorded in
[Vulnerability Lookup](https://github.com/cve-search/vulnerability-lookup) as
[sightings](https://vulnerability-lookup.readthedocs.io/en/latest/sightings.html).
### Search
```bash
usage: FediVuln-Search [-h] --query QUERY
Allows you to search for users, tags and, when enabled, full text, by default within your own posts and those you have interacted with.
options:
-h, --help show this help message and exit
--query QUERY Query of the search.
```
### Publishing
WIP.
```bash
$ python publish.py
```
## License
[FediVuln](https://github.com/CIRCL/FediVuln) is licensed under
[GNU General Public License version 3](https://www.gnu.org/licenses/gpl-3.0.html)
~~~
Copyright (c) 2024 Computer Incident Response Center Luxembourg (CIRCL)
Copyright (C) 2024 Cédric Bonhomme - https://github.com/cedricbonhomme
~~~
Raw data
{
"_id": null,
"home_page": "https://github.com/CIRCL/FediVuln",
"name": "FediVuln",
"maintainer": null,
"docs_url": null,
"requires_python": "<4.0,>=3.10",
"maintainer_email": null,
"keywords": "Vulnerability-Lookup, Vulnerability, CVE, Fediverse, Mastodon",
"author": "C\u00e9dric Bonhomme",
"author_email": "cedric@cedricbonhomme.org",
"download_url": "https://files.pythonhosted.org/packages/8b/28/0bd01bfa751ed3dcad354a36d08d26c5a795e272106b347c77bd9f94cc79/fedivuln-0.4.0.tar.gz",
"platform": null,
"description": "# FediVuln\n\nA client to gather vulnerability-related information from the Fediverse.\nThe gathered data is subsequently transmitted to the\n[Vulnerability-Lookup](https://github.com/cve-search/vulnerability-lookup) API.\n\n\n## Installation\n\n[pipx](https://github.com/pypa/pipx) is an easy way to install and run Python applications in isolated environments.\nIt's easy to [install](https://github.com/pypa/pipx?tab=readme-ov-file#on-linux).\n\n```bash\n$ pipx install FediVuln\n$ export FEDIVULN_CONFIG=~/.FediVuln/conf.py\n```\n\nThe configuration for FediVuln should be defined in a Python file (e.g., ``~/.FediVuln/conf.py``).\nYou must then set an environment variable (``FEDIVULN_CONFIG``) with the full path to this file.\n\nYou can have a look at [this example](https://github.com/CIRCL/FediVuln/blob/main/fedivuln/conf_sample.py) of configuration.\n\n\n## Usage\n\n### Register your application\n\n```bash\n$ FediVuln-Register\n```\n\nThis script uses OAuth in order to retrieve the access token. This is achieved in several steps.\n\n- Register the application with Mastodon instance, a including all necessary scopes\n- Instantiate Mastodon client with client credentials\n- Log in - Generate authorization URL with the exact same scopes\n- Once the user authorizes, prompt for the authorization code\n- Use the authorization code to retrieve the access token, with the same scopes\n\nYou only have to execute it once.\n\n\n### Streaming\n\n\n```bash\nusage: FediVuln-Stream [-h] [--user] [--public] [--push-sighting] [--push-status]\n\nAllows access to the streaming API.\n\noptions:\n -h, --help show this help message and exit\n --user Streams events that are relevant to the authorized user, i.e. home timeline and notifications.\n --public Streams public events.\n --push-sighting Push the sightings to Vulnerability Lookup.\n --push-status Push the status to Vulnerability Lookup.\n```\n\n#### Examples\n\nStreams events that are relevant to the authorized user, i.e. home timeline and notifications:\n\n```bash\n$ FediVuln-Stream --user --push-sighting\n```\n\nIf you want to get the stream of public events (local server + connected servers):\n\n```bash\n$ FediVuln-Stream --public --push-sighting\n```\n\nUsing the ``--push-sighting`` argument, detected vulnerability IDs will be recorded in\n[Vulnerability Lookup](https://github.com/cve-search/vulnerability-lookup) as\n[sightings](https://vulnerability-lookup.readthedocs.io/en/latest/sightings.html).\n\n\n### Search\n\n```bash\nusage: FediVuln-Search [-h] --query QUERY\n\nAllows you to search for users, tags and, when enabled, full text, by default within your own posts and those you have interacted with.\n\noptions:\n -h, --help show this help message and exit\n --query QUERY Query of the search.\n```\n\n\n### Publishing\n\nWIP.\n\n```bash\n$ python publish.py\n```\n\n\n## License\n\n[FediVuln](https://github.com/CIRCL/FediVuln) is licensed under\n[GNU General Public License version 3](https://www.gnu.org/licenses/gpl-3.0.html)\n\n~~~\nCopyright (c) 2024 Computer Incident Response Center Luxembourg (CIRCL)\nCopyright (C) 2024 C\u00e9dric Bonhomme - https://github.com/cedricbonhomme\n~~~\n",
"bugtrack_url": null,
"license": "GPL-3.0-or-later",
"summary": "A client to gather vulnerability-related information from the Fediverse.",
"version": "0.4.0",
"project_urls": {
"Homepage": "https://github.com/CIRCL/FediVuln",
"Repository": "https://github.com/CIRCL/FediVuln"
},
"split_keywords": [
"vulnerability-lookup",
" vulnerability",
" cve",
" fediverse",
" mastodon"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "cdfab046e0ba633be0fecd9fede94d4e99ac0374f2e08024ad38468500d5a0da",
"md5": "e07a68465c1afda8f7ced1f9f0cb115d",
"sha256": "3333d603d792c0d8d487ce17b45fa09870d27f8fd61f901f11460463d90a5981"
},
"downloads": -1,
"filename": "fedivuln-0.4.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "e07a68465c1afda8f7ced1f9f0cb115d",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4.0,>=3.10",
"size": 34080,
"upload_time": "2024-11-19T10:22:21",
"upload_time_iso_8601": "2024-11-19T10:22:21.272705Z",
"url": "https://files.pythonhosted.org/packages/cd/fa/b046e0ba633be0fecd9fede94d4e99ac0374f2e08024ad38468500d5a0da/fedivuln-0.4.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "8b280bd01bfa751ed3dcad354a36d08d26c5a795e272106b347c77bd9f94cc79",
"md5": "22b1da7289876422a7828a94143fd5a1",
"sha256": "598159a07f707f07d338f36f5bb36affe9186eec81be0ac4dfa8d52e19649f7c"
},
"downloads": -1,
"filename": "fedivuln-0.4.0.tar.gz",
"has_sig": false,
"md5_digest": "22b1da7289876422a7828a94143fd5a1",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4.0,>=3.10",
"size": 18239,
"upload_time": "2024-11-19T10:22:23",
"upload_time_iso_8601": "2024-11-19T10:22:23.116580Z",
"url": "https://files.pythonhosted.org/packages/8b/28/0bd01bfa751ed3dcad354a36d08d26c5a795e272106b347c77bd9f94cc79/fedivuln-0.4.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-11-19 10:22:23",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "CIRCL",
"github_project": "FediVuln",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "fedivuln"
}
JSON
