Skip to content
/ FediVuln Public

A client to gather vulnerability-related information from the Fediverse.

social.circl.lu/@vulnerability_collector

License

GPL-3.0 license
6 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CIRCL/FediVuln

BranchesTags

Repository files navigation

FediVuln

A client to gather vulnerability-related information from the Fediverse. The gathered data is subsequently transmitted to the Vulnerability-Lookup API.

Installation

pipx is an easy way to install and run Python applications in isolated environments. It's easy to install.

$ pipx install FediVuln
$ export FEDIVULN_CONFIG=~/.FediVuln/conf.py

The configuration for FediVuln should be defined in a Python file (e.g., ~/.FediVuln/conf.py). You must then set an environment variable (FEDIVULN_CONFIG) with the full path to this file.

You can have a look at this example of configuration.

Usage

Register your application

$ FediVuln-Register

This script uses OAuth in order to retrieve the access token. This is achieved in several steps.

  • Register the application with Mastodon instance, a including all necessary scopes
  • Instantiate Mastodon client with client credentials
  • Log in - Generate authorization URL with the exact same scopes
  • Once the user authorizes, prompt for the authorization code
  • Use the authorization code to retrieve the access token, with the same scopes

You only have to execute it once.

Streaming

usage: FediVuln-Stream [-h] [--user] [--public] [--push-sighting] [--push-status]

Allows access to the streaming API.

options:
  -h, --help       show this help message and exit
  --user           Streams events that are relevant to the authorized user, i.e. home timeline and notifications.
  --public         Streams public events.
  --push-sighting  Push the sightings to Vulnerability Lookup.
  --push-status    Push the status to Vulnerability Lookup.

Examples

Streams events that are relevant to the authorized user, i.e. home timeline and notifications:

$ FediVuln-Stream --user --push-sighting

If you want to get the stream of public events (local server + connected servers):

$ FediVuln-Stream --public --push-sighting

Using the --push-sighting argument, detected vulnerability IDs will be recorded in Vulnerability Lookup as sightings.

Search

usage: FediVuln-Search [-h] --query QUERY

Allows you to search for users, tags and, when enabled, full text, by default within your own posts and those you have interacted with.

options:
  -h, --help     show this help message and exit
  --query QUERY  Query of the search.

Publishing

WIP.

$ python publish.py

License

FediVuln is licensed under GNU General Public License version 3

Copyright (c) 2024 Computer Incident Response Center Luxembourg (CIRCL)
Copyright (C) 2024 Cédric Bonhomme - https://github.com/cedricbonhomme

About

A client to gather vulnerability-related information from the Fediverse.

social.circl.lu/@vulnerability_collector

Topics

vulnerability mastodon cve fediverse vulnerability-lookup

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

6 stars

Watchers

8 watching

Forks

0 forks
Report repository

Releases 5

Release 0.4.0 Latest
Nov 19, 2024
+ 4 releases

Packages

No packages published

Languages