Use golang.org/x/vuln to scan your dependencies

vulnz - Use golang.org/x/vuln to scan your dependencies

vulnz uses golang.org/x/vuln to scan the dependencies in your go.mod.

Install

go install github.com/tebeka/vulnz

Use

$ vulnz 

golang.org/x/crypto: GO-2020-0012: An attacker can craft an ssh-ed25519 or [email protected] public
key, such that the library will panic when trying to verify a signature
with it. If verifying signatures using user supplied public keys, this
may be used as a denial of service vector.
https://go-review.googlesource.com/c/crypto/+/220357
https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236
https://groups.google.com/g/golang-announce/c/3L45YRc91SY

...

Yeah, too many false positives - I might work on it :)

Owner
Miki Tebeka
A person (arguably) also CEO of @353solutions
Miki Tebeka
https://github.com/tebeka/vulnz
Similar Resources

Go network scan tool.

gns Go network scan tool. Version: v0.6.0 Usage: gns [Options] IP or domain eg: gns -r 22-8080 -s 300 localhost Options: -a All ports, 1-6553

Dec 9, 2021

Fast scan for redtools

Fast scan for redtools

scaninfo by 华东360安服团队 注意的点 漏洞扫描的时候有时候最后几个任务会卡住,是因为ftp爆破模块,这个fscan也一样目前没有好的解决办法,后续更新.先阶段可以-eq 21跳过ftp,或者control+c 主动停止不影响结果保存。 有时候扫外网的全端口会漏掉端口可以使用-n 指定

Dec 27, 2022

Scan all AWS EC2 instances in a region for potentially vulnerable log4j versions

ec2-log4j-scan Scan all AWS EC2 instances in a region for potentially vulnerable log4j versions. This is a clumsy but effective tool which takes outpu

Dec 28, 2021

Log4j-scanner tools - Support for multiple scan method

Log4j-scanner URL mode (fuzzing url with header, payload) go run . url -h Usage

Sep 7, 2022

Auto scan log4j bug with excel of server list

Log4JCheck Auto scan log4j bug with excel of server list. Please read https://ww

Dec 24, 2021

Scan for viruses by shelling out to clamav (streaming via stdin)

clamscan This is currently just an example program, but will eventually be a small library. ClamAV has functionality for performing a streaming scan o

Jan 12, 2022

Build & Scan - Container Image

BSImage (build&scan image) Requirements Trivy Docker BSImage (shell script version) Usage of build (shell script version) ./bsimage.sh start image:ta

Apr 12, 2022

Scan systems and docker images for potential spring4shell vulnerabilities.

Scan systems and docker images for potential spring4shell vulnerabilities.

Scan systems and docker images for potential spring4shell vulnerabilities. Will detect in-depth (layered archives jar/zip/tar/war and scans for vulnerable Spring4shell versions. Binaries for Windows, Linux and OsX, but can be build on each platform supported by supported Golang.

Nov 9, 2022

BadActor.org An in-memory application driven jailer written in Go

BadActor.org An in-memory application driven jailer written in Go

BadActor BadActor is an in-memory, application driven jailer built in the spirit of fail2ban. A middleware with the primary goal to increase the expen

Dec 16, 2022
Related tags
Security vulnz
Git watchdog will scan your public repository and find out the vulnerabilities

Dependencies Docker Go 1.17 MySQL 8.0.25 Bootstrap Run chmod +x start.sh if start.sh script does not have privileged to run Run ./start.sh --bootstrap

Dec 30, 2021
Scan your pictures and videos for corruption, and sort them by EXIF or modification time

scanogram Scan your pictures and videos for corruption, and sort them by EXIF or modification time. Introduction This tool is a fast and lightweight s

Dec 2, 2022
A tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index
 A tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index

Nancy nancy is a tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index, and as well, works with Nexus IQ Server

Dec 22, 2022
A port scan and service weakpass brute tool build by golang.
 A port scan and service weakpass brute tool build by golang.

A port scan and service weakpass brute tool build by golang.

Jan 5, 2023
A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).
 A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

proxylogscan This tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and imperson

Dec 26, 2022
A fast tool to scan CRLF vulnerability written in Go
 A fast tool to scan CRLF vulnerability written in Go

CRLFuzz A fast tool to scan CRLF vulnerability written in Go Resources Installation from Binary from Source from GitHub Usage Basic Usage Flags Target

Jan 1, 2023
Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...
 Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...

Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more... Coded with ?? by edoardottt. Share on Twitter! P

Dec 25, 2022
Akuma Scan comes with the purpose of scanning/detecting WAF (Web Application Firewall) on a certain website. Made to be easy, accurate and agile.

.m. ,_ ' ;M; ,;m ` ;M;.

Mar 21, 2022
Carbon Black Harbor Adapter is a scanner to scan images in Harbor Registry with the help of Carbon Black Cloud.
 Carbon Black Harbor Adapter is a scanner to scan images in Harbor Registry with the help of Carbon Black Cloud.

carbon-black-adapter-for-harbor Overview Carbon Black adapter for Harbor integrates your Harbor Registry with the Carbon Black Cloud. It leverages Har

Nov 1, 2022
WIP. Converts Azure Container Scan Action output to SARIF, for an easier integration with GitHub Code Scanning

container-scan-to-sarif container-scan-to-sarif converts Azure Container Scan Action output to Static Analysis Results Interchange Format (SARIF), for

Jan 25, 2022