exploitlens
A simple, lightweight vulnerability scanner that reports if CVEs are present in the CISA KEV database.
Checking for the presense of CVEs in the CISA KEV database is useful for choosing which vulnerabilities to prioritize for remediation.
Uses Grype to perform the scan.
Usage
Build from source
make build
Scan a container image
./build/exploitlens golang:1.21.4
If there are CVEs discovered that are present in the CISA KEV database, the output will look similar to:
*** WARNING: These are known exploited vulnerabilities ***
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
libnghttp2-14 1.52.0-1 deb CVE-2023-44487 High
linux-libc-dev 6.1.55-1 deb CVE-2021-3864 High