Search for vulnerabilities and exposures while filtering based on age, keywords, and other parameters.

Related tags

Security fave
Overview

FAV/E

License Twitter Follow

FAV/E (Find A Vulnerability/Exposure) utilizes the NIST CVE database search API to search for vulnerabilities and exposures while filtering based on age, keywords, and other parameters.

https://un4gi.io/blog/fave-find-a-vulnerability-exposure

Usage:

Use the -h flag to display available flags

$ fave -h
Flag Description Example
-cwe Search for CVEs based on a CWE number. fave -cwe 79
-exact Return only items matching the exact keyword(s) specified with -k fave -k un4gi -exact
-fd Number of days to filter results (prior to today) fave -fd 5
-fm Number of months to filter results (prior to today) fave -m 2
-fy Numer of years to filter results (prior to today) fave -y 3
-k Search for CVEs based on a keyword (or words) fave -k "Microsoft Windows 10" -exact
-s Search for CVEs based on the CVSS V3 severity. fave -cvss CRITICAL

Example usage:

$ fave -k "Windows 10" -exact -cvss CRITICAL -fy 2

Installation

To install, use:

go get -u github.com/un4gi/fave
You might also like...
SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities

SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities Why?

A tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index
A tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index

Nancy nancy is a tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index, and as well, works with Nexus IQ Server

Package for controlling the Windows firewall (aka Windows Filtering Platform, WFP)

wf What This is a package for controlling the Windows Filtering Platform (WFP), also known as the Windows firewall. See its docs: https://godoc.org/in

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes. A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple to

SandboxPPL - Golang PoC that sandboxes Defender (or other PPL) by setting its token integrity to Untrusted
SandboxPPL - Golang PoC that sandboxes Defender (or other PPL) by setting its token integrity to Untrusted

SandboxPPL Golang PoC that sandboxes Defender (or other PPL) by setting its toke

Search and store the best cryptos for the best scalable and modern application development.

Invst Hunt Search and store the best cryptos for the best scalable and modern application development. Layout Creating... Project Challenge The Techni

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side (
Comments
Releases(v1.1.0)
  • v1.1.0(Nov 12, 2022)

  • v1.0.1(Nov 19, 2021)

    Summary

    NIST recently updated their API to limit the maximum allowable range when using the date range parameters to 120 consecutive days. This release temporarily fixed the filter-by-date functionality of FAV/E by implementing the following fixes:

    • The -fy and -fm flags have been removed to prevent non-descript errors.
    • The -fd flag is now limited to a maximum of 120 days.
    • Removal of the unexpected end of JSON input error message.

    A more permanent fix is in the works.

    Source code(tar.gz)
    Source code(zip)
  • v1.0(Sep 18, 2021)

Owner
Tony West
hackerone.com/un4gi
Tony West
gup aka Get All Urls parameters to create wordlists for brute forcing parameters.

Description GUP is a tool to create wrodlists from the urls. Purpose The purpose of this tool is to create wordlists for brute forcing parameters. Ins

Chan Nyein Wai 14 Feb 25, 2022
A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.

Dent More Information If you want to learn more about the techniques utlized in this framework please take a look at this article. Description This fr

Optiv Security 293 Dec 2, 2022
Small utility package for stealing tokens from other processes and using them in current threads, or duplicating them and starting other processes

getsystem small utility for impersonating a user in the current thread or starting a new process with a duplicated token. must already be in a high in

Alex Flores 12 Dec 24, 2022
Convert SSH Ed25519 keys to age keys. This is useful for usage in sops-nix and sops

ssh-to-age Convert SSH Ed25519 keys to age keys. This is useful for usage in sops-nix and sops Usage Exports the private key: $ ssh-to-age -private-ke

Jörg Thalheim 24 Dec 21, 2022
password manager using age for encryption

page ====== password manager using age (https://age-encryption.org/) for encryption. encrypted secrets are files in the $PAGE_SECRETS/ directory that

null 5 May 30, 2022
Encrypt embedded go files using age.

encembed Encrypt embedded resource in compiled binary using age. Meant for usage with go generate. This tool will generate a go source file that embed

C_Sto 35 Nov 20, 2022
Git watchdog will scan your public repository and find out the vulnerabilities

Dependencies Docker Go 1.17 MySQL 8.0.25 Bootstrap Run chmod +x start.sh if start.sh script does not have privileged to run Run ./start.sh --bootstrap

Quang Nguyen 2 Dec 30, 2021
🍷 Find exploits and vulnerabilities in the most important databases.

?? Dionisio Dionisio is a tool that can automate the search for exploits and vulnerabilities. Written in Go and open source, Dionisio has an advanced

Y G Λ O 0 Mar 14, 2022
Scan systems and docker images for potential spring4shell vulnerabilities.

Scan systems and docker images for potential spring4shell vulnerabilities. Will detect in-depth (layered archives jar/zip/tar/war and scans for vulnerable Spring4shell versions. Binaries for Windows, Linux and OsX, but can be build on each platform supported by supported Golang.

null 10 Nov 9, 2022
PHP security vulnerabilities checker

Local PHP Security Checker The Local PHP Security Checker is a command line tool that checks if your PHP application depends on PHP packages with know

Fabien Potencier 989 Jan 3, 2023