Welcome on QDCC home page
QDCC (Quick and Dirty CVE Checker) is a tool for simply test if a system is affected by some CVE.
It could be used on any unix systems that have perl.
QDCC already handle Gentoo, Debian, ArchLinux, Slackware and CentOS and could easily handle others systems.
But CVE use upstream version name, so all distributions that do "security backport" could produce some false positive reports.
After downloading CVE data files QDCC will scan each package present on a system (local or distant via SSH) and try to match against CVE.
At the end of the scan, QDCC produce a HTML result file with the listing of all affected packages.
Goals for this project is to be simple, with minimum dependencies and at maximum cross/multi-platform.
QDCC is licensed under GPLv3
12 April 2013 QDCC 1.1
Handle ArchLinux and slackware systems.
Add more CPE mapping
20 July 2011 QDCC 1.0
First version availlable.
All available downloads can be found at Sourceforge.net
Installation, configuration, supported systems
Dependencies: perl, XML::LibXML and XML::LibXML::XPathContext
Latest version can be found at http://qdcc.sourceforge.net
QDCC use the output of rpm, dpkg, pacman and equery for getting the package list.
So Gentoo, ArchLinux, all redhat clone, and all Debian clones are supported.
Simply untar the QDCC tarball
Then you must download some NVD data file.
For that use download_cve_file.bash
Then you just can type qdcc.pl
By default download_cve_file.bash download only CVE from current year.
You can change this with --start and --end options
Same thing for qdcc.pl, it check only CVE for current year by default.
Scan local system for all CVE for current year.
tar xzf qdcc.tar.gz
Scan local system for all CVE since 2011 to present.
tar xzf qdcc.tar.gz
./download_cve_file.bash --start 2011
./qdcc.pl -s 2011
Scan a distant system for all CVE since 2007 to 2009
./download_cve_file.bash --start 2007 --end 2009
./qdcc.pl -s 2007 -e 2009 -w firstname.lastname@example.org
or if target is a RedHat/CentOS
./qdcc.pl -s 2007 -e 2009 -t redhat -w email@example.com
Support, bugs, patchs, critics, etc..
Patch, contributions, critics ( even bad:) ) are welcome.
You can perhaps find me on channel #qdcc on Freenode IRC servers
Project Web Hosted by