Welcome on QDCC home page

Project description

QDCC (Quick and Dirty CVE Checker) is a tool for simply test if a system is affected by some CVE.
It could be used on any unix systems that have perl.
QDCC already handle Gentoo, Debian, ArchLinux, Slackware and CentOS and could easily handle others systems.
But CVE use upstream version name, so all distributions that do "security backport" could produce some false positive reports.

After downloading CVE data files QDCC will scan each package present on a system (local or distant via SSH) and try to match against CVE.
At the end of the scan, QDCC produce a HTML result file with the listing of all affected packages.

Goals for this project is to be simple, with minimum dependencies and at maximum cross/multi-platform.

QDCC is licensed under GPLv3

QDCC News

• 12 April 2013 QDCC 1.1

  Handle ArchLinux and slackware systems.
  Add more CPE mapping

• 20 July 2011 QDCC 1.0

  First version availlable.

Download

All available downloads can be found at Sourceforge.net

• Last release QDCC 1.1

Installation, configuration, supported systems

Dependencies: perl, XML::LibXML and XML::LibXML::XPathContext
Latest version can be found at http://qdcc.sourceforge.net

QDCC use the output of rpm, dpkg, pacman and equery for getting the package list.
So Gentoo, ArchLinux, all redhat clone, and all Debian clones are supported.

Simply untar the QDCC tarball
Then you must download some NVD data file.
For that use download_cve_file.bash
Then you just can type qdcc.pl

By default download_cve_file.bash download only CVE from current year.
You can change this with --start and --end options
Same thing for qdcc.pl, it check only CVE for current year by default.

Example 1: Scan local system for all CVE for current year.

tar xzf qdcc.tar.gz
./download_cve_file.bash
./qdcc.pl

Example 2: Scan local system for all CVE since 2011 to present.

tar xzf qdcc.tar.gz
./download_cve_file.bash --start 2011
./qdcc.pl -s 2011

Example 3 Scan a distant system for all CVE since 2007 to 2009

./download_cve_file.bash --start 2007 --end 2009
./qdcc.pl -s 2007 -e 2009 -w root@target.mydomain
or if target is a RedHat/CentOS
./qdcc.pl -s 2007 -e 2009 -t redhat -w root@target.mydomain

Support, bugs, patchs, critics, etc..

Patch, contributions, critics ( even bad:) ) are welcome.
You can perhaps find me on channel #qdcc on Freenode IRC servers
Project Web Hosted by