vulncheck is access to the VulnCheck API on the command line. It brings index browsing, backup management, and vulnerability scanning to the terminal.
You can easily install vulncheck using an install script. Choose the script and method that matches your operating system:
Note
The installation script may require administrator privileges to install vulncheck system-wide. You may be prompted for your password during the installation process.
Open a terminal and run the following command:
curl -sSL https://raw.githubusercontent.com/vulncheck-oss/cli/main/install.sh | bashOption 1: Using PowerShell Open PowerShell and run:
iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/vulncheck-oss/cli/main/install.ps1'))
vulncheck binaries are also available for MacOS, Linux, and Windows. You can download precompiled binaries from our releases page
Note
Support for package managers is coming soon.
- Run
vulncheck auth loginto authenticate with your VulnCheck account. - Alternatively
vulncheckwill respect theVC_TOKENenvironment variable. vulncheck authby itself will show other options like checking your status and logging out.
- Browse/list indices
- Browse/list an index
- Download a backup
- Request vulnerabilities related to a CPE
- Request vulnerabilities related to a PURL
- Scan a repository for vulnerabilities
You can browse all available indices interactively or output them as a list
vulncheck indices browse|list <search> [flags]
You can search for a specific index by passing a search term.
Tip
Pressing [Enter] on an index while browsing will begin browsing that particular index
| Flag | Description |
|---|---|
| --json | Output the list of indices in JSON format. |
You can browse the contents of any index interactively or output some as JSON
vulncheck index browse|list <index> [flags]
| Flag | Type | Description |
|---|---|---|
| --alias | string | Alias |
| --asn | string | Asn |
| --botnet | string | Botnet |
| --country | string | Country |
| --countrycode | string | CountryCode |
| --cursor | string | Cursor |
| --cve | string | Cve |
| --hostname | string | Hostname |
| --iava | string | Iava |
| --id | string | ID |
| --lastmodenddate | string | LastModEndDate |
| --lastmodstartdate | string | LastModStartDate |
| --limit | string | Limit |
| --mispid | string | MispId |
| --mitreid | string | MitreId |
| --nextcursor | string | NextCursor |
| --order | string | Order |
| --page | string | Page |
| --prevcursor | string | PrevCursor |
| --pubenddate | string | PubEndDate |
| --pubstartdate | string | PubStartDate |
| --ransomware | string | Ransomware |
| --sort | string | Sort |
| --threatactor | string | ThreatActor |
| --help | Show help for command |
Download a backup of a specified index either interactively or retrieve a signed temporary URL
vulncheck backup download|url <index>
| Flag | Description |
|---|---|
| --json | Output the download URL in JSON format. |
Based on the specified CPE (Common Platform Enumeration) URI string, this endpoint will return a list of vulnerabilities that are related to the package. We support v2.2 and v2.3
vulncheck cpe <cpe>
Based on the specified PURL, this command will return a list of vulnerabilities that are related to the package. You can find a list of supported package managers here
vulncheck purl <purl>
This command will scan a directory for traces of packages via generating an SBOM and then check for vulnerabilities.
vulncheck scan <path> [flags]
| Flag | Description |
|---|---|
| -f | Save scan results to output.json |
Tip
Looking to plug this into your Github Repository? Check out our own Action