FediVuln


NameFediVuln JSON
Version 0.4.0 PyPI version JSON
download
home_pagehttps://github.com/CIRCL/FediVuln
SummaryA client to gather vulnerability-related information from the Fediverse.
upload_time2024-11-19 10:22:23
maintainerNone
docs_urlNone
authorCédric Bonhomme
requires_python<4.0,>=3.10
licenseGPL-3.0-or-later
keywords vulnerability-lookup vulnerability cve fediverse mastodon
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            # FediVuln

A client to gather vulnerability-related information from the Fediverse.
The gathered data is subsequently transmitted to the
[Vulnerability-Lookup](https://github.com/cve-search/vulnerability-lookup) API.


## Installation

[pipx](https://github.com/pypa/pipx) is an easy way to install and run Python applications in isolated environments.
It's easy to [install](https://github.com/pypa/pipx?tab=readme-ov-file#on-linux).

```bash
$ pipx install FediVuln
$ export FEDIVULN_CONFIG=~/.FediVuln/conf.py
```

The configuration for FediVuln should be defined in a Python file (e.g., ``~/.FediVuln/conf.py``).
You must then set an environment variable (``FEDIVULN_CONFIG``) with the full path to this file.

You can have a look at [this example](https://github.com/CIRCL/FediVuln/blob/main/fedivuln/conf_sample.py) of configuration.


## Usage

### Register your application

```bash
$ FediVuln-Register
```

This script uses OAuth in order to retrieve the access token. This is achieved in several steps.

- Register the application with Mastodon instance, a including all necessary scopes
- Instantiate Mastodon client with client credentials
- Log in - Generate authorization URL with the exact same scopes
- Once the user authorizes, prompt for the authorization code
- Use the authorization code to retrieve the access token, with the same scopes

You only have to execute it once.


### Streaming


```bash
usage: FediVuln-Stream [-h] [--user] [--public] [--push-sighting] [--push-status]

Allows access to the streaming API.

options:
  -h, --help       show this help message and exit
  --user           Streams events that are relevant to the authorized user, i.e. home timeline and notifications.
  --public         Streams public events.
  --push-sighting  Push the sightings to Vulnerability Lookup.
  --push-status    Push the status to Vulnerability Lookup.
```

#### Examples

Streams events that are relevant to the authorized user, i.e. home timeline and notifications:

```bash
$ FediVuln-Stream --user --push-sighting
```

If you want to get the stream of public events (local server + connected servers):

```bash
$ FediVuln-Stream --public --push-sighting
```

Using the ``--push-sighting`` argument, detected vulnerability IDs will be recorded in
[Vulnerability Lookup](https://github.com/cve-search/vulnerability-lookup) as
[sightings](https://vulnerability-lookup.readthedocs.io/en/latest/sightings.html).


### Search

```bash
usage: FediVuln-Search [-h] --query QUERY

Allows you to search for users, tags and, when enabled, full text, by default within your own posts and those you have interacted with.

options:
  -h, --help     show this help message and exit
  --query QUERY  Query of the search.
```


### Publishing

WIP.

```bash
$ python publish.py
```


## License

[FediVuln](https://github.com/CIRCL/FediVuln) is licensed under
[GNU General Public License version 3](https://www.gnu.org/licenses/gpl-3.0.html)

~~~
Copyright (c) 2024 Computer Incident Response Center Luxembourg (CIRCL)
Copyright (C) 2024 Cédric Bonhomme - https://github.com/cedricbonhomme
~~~

            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/CIRCL/FediVuln",
    "name": "FediVuln",
    "maintainer": null,
    "docs_url": null,
    "requires_python": "<4.0,>=3.10",
    "maintainer_email": null,
    "keywords": "Vulnerability-Lookup, Vulnerability, CVE, Fediverse, Mastodon",
    "author": "C\u00e9dric Bonhomme",
    "author_email": "cedric@cedricbonhomme.org",
    "download_url": "https://files.pythonhosted.org/packages/8b/28/0bd01bfa751ed3dcad354a36d08d26c5a795e272106b347c77bd9f94cc79/fedivuln-0.4.0.tar.gz",
    "platform": null,
    "description": "# FediVuln\n\nA client to gather vulnerability-related information from the Fediverse.\nThe gathered data is subsequently transmitted to the\n[Vulnerability-Lookup](https://github.com/cve-search/vulnerability-lookup) API.\n\n\n## Installation\n\n[pipx](https://github.com/pypa/pipx) is an easy way to install and run Python applications in isolated environments.\nIt's easy to [install](https://github.com/pypa/pipx?tab=readme-ov-file#on-linux).\n\n```bash\n$ pipx install FediVuln\n$ export FEDIVULN_CONFIG=~/.FediVuln/conf.py\n```\n\nThe configuration for FediVuln should be defined in a Python file (e.g., ``~/.FediVuln/conf.py``).\nYou must then set an environment variable (``FEDIVULN_CONFIG``) with the full path to this file.\n\nYou can have a look at [this example](https://github.com/CIRCL/FediVuln/blob/main/fedivuln/conf_sample.py) of configuration.\n\n\n## Usage\n\n### Register your application\n\n```bash\n$ FediVuln-Register\n```\n\nThis script uses OAuth in order to retrieve the access token. This is achieved in several steps.\n\n- Register the application with Mastodon instance, a including all necessary scopes\n- Instantiate Mastodon client with client credentials\n- Log in - Generate authorization URL with the exact same scopes\n- Once the user authorizes, prompt for the authorization code\n- Use the authorization code to retrieve the access token, with the same scopes\n\nYou only have to execute it once.\n\n\n### Streaming\n\n\n```bash\nusage: FediVuln-Stream [-h] [--user] [--public] [--push-sighting] [--push-status]\n\nAllows access to the streaming API.\n\noptions:\n  -h, --help       show this help message and exit\n  --user           Streams events that are relevant to the authorized user, i.e. home timeline and notifications.\n  --public         Streams public events.\n  --push-sighting  Push the sightings to Vulnerability Lookup.\n  --push-status    Push the status to Vulnerability Lookup.\n```\n\n#### Examples\n\nStreams events that are relevant to the authorized user, i.e. home timeline and notifications:\n\n```bash\n$ FediVuln-Stream --user --push-sighting\n```\n\nIf you want to get the stream of public events (local server + connected servers):\n\n```bash\n$ FediVuln-Stream --public --push-sighting\n```\n\nUsing the ``--push-sighting`` argument, detected vulnerability IDs will be recorded in\n[Vulnerability Lookup](https://github.com/cve-search/vulnerability-lookup) as\n[sightings](https://vulnerability-lookup.readthedocs.io/en/latest/sightings.html).\n\n\n### Search\n\n```bash\nusage: FediVuln-Search [-h] --query QUERY\n\nAllows you to search for users, tags and, when enabled, full text, by default within your own posts and those you have interacted with.\n\noptions:\n  -h, --help     show this help message and exit\n  --query QUERY  Query of the search.\n```\n\n\n### Publishing\n\nWIP.\n\n```bash\n$ python publish.py\n```\n\n\n## License\n\n[FediVuln](https://github.com/CIRCL/FediVuln) is licensed under\n[GNU General Public License version 3](https://www.gnu.org/licenses/gpl-3.0.html)\n\n~~~\nCopyright (c) 2024 Computer Incident Response Center Luxembourg (CIRCL)\nCopyright (C) 2024 C\u00e9dric Bonhomme - https://github.com/cedricbonhomme\n~~~\n",
    "bugtrack_url": null,
    "license": "GPL-3.0-or-later",
    "summary": "A client to gather vulnerability-related information from the Fediverse.",
    "version": "0.4.0",
    "project_urls": {
        "Homepage": "https://github.com/CIRCL/FediVuln",
        "Repository": "https://github.com/CIRCL/FediVuln"
    },
    "split_keywords": [
        "vulnerability-lookup",
        " vulnerability",
        " cve",
        " fediverse",
        " mastodon"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "cdfab046e0ba633be0fecd9fede94d4e99ac0374f2e08024ad38468500d5a0da",
                "md5": "e07a68465c1afda8f7ced1f9f0cb115d",
                "sha256": "3333d603d792c0d8d487ce17b45fa09870d27f8fd61f901f11460463d90a5981"
            },
            "downloads": -1,
            "filename": "fedivuln-0.4.0-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "e07a68465c1afda8f7ced1f9f0cb115d",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": "<4.0,>=3.10",
            "size": 34080,
            "upload_time": "2024-11-19T10:22:21",
            "upload_time_iso_8601": "2024-11-19T10:22:21.272705Z",
            "url": "https://files.pythonhosted.org/packages/cd/fa/b046e0ba633be0fecd9fede94d4e99ac0374f2e08024ad38468500d5a0da/fedivuln-0.4.0-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "8b280bd01bfa751ed3dcad354a36d08d26c5a795e272106b347c77bd9f94cc79",
                "md5": "22b1da7289876422a7828a94143fd5a1",
                "sha256": "598159a07f707f07d338f36f5bb36affe9186eec81be0ac4dfa8d52e19649f7c"
            },
            "downloads": -1,
            "filename": "fedivuln-0.4.0.tar.gz",
            "has_sig": false,
            "md5_digest": "22b1da7289876422a7828a94143fd5a1",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": "<4.0,>=3.10",
            "size": 18239,
            "upload_time": "2024-11-19T10:22:23",
            "upload_time_iso_8601": "2024-11-19T10:22:23.116580Z",
            "url": "https://files.pythonhosted.org/packages/8b/28/0bd01bfa751ed3dcad354a36d08d26c5a795e272106b347c77bd9f94cc79/fedivuln-0.4.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-11-19 10:22:23",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "CIRCL",
    "github_project": "FediVuln",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": false,
    "lcname": "fedivuln"
}
        
Elapsed time: 0.38588s