The VulnCheck CLI

vulncheck is access to the VulnCheck API on the command line. It brings index browsing, backup management, and vulnerability scanning to the terminal.

Installation

Provided install scripts

You can easily install vulncheck using an install script. Choose the script and method that matches your operating system:

Note

The installation script may require administrator privileges to install vulncheck system-wide. You may be prompted for your password during the installation process.

macOS and Linux

Open a terminal and run the following command:

curl -sSL https://raw.githubusercontent.com/vulncheck-oss/cli/main/install.sh | bash

Windows

Option 1: Using PowerShell Open PowerShell and run:

iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/vulncheck-oss/cli/main/install.ps1'))

vulncheck binaries are also available for MacOS, Linux, and Windows. You can download precompiled binaries from our releases page

Note

Support for package managers is coming soon.

Configuration

• Run vulncheck auth login to authenticate with your VulnCheck account.
• Alternatively vulncheck will respect the VC_TOKEN environment variable.
• vulncheck auth by itself will show other options like checking your status and logging out.

Available commands

• Browse/list indices
• Browse/list an index
• Download a backup
• Request vulnerabilities related to a CPE
• Request vulnerabilities related to a PURL
• Scan a repository for vulnerabilities

Browse/list indices

You can browse all available indices interactively or output them as a list

vulncheck indices browse|list <search> [flags]

You can search for a specific index by passing a search term.

Tip

Pressing [Enter] on an index while browsing will begin browsing that particular index

Flags (list only)

Flag	Description
--json	Output the list of indices in JSON format.

Browse/list an index

You can browse the contents of any index interactively or output some as JSON

vulncheck index browse|list <index> [flags]

Flags

Flag	Type	Description
--alias	string	Alias
--asn	string	Asn
--botnet	string	Botnet
--country	string	Country
--countrycode	string	CountryCode
--cursor	string	Cursor
--cve	string	Cve
--hostname	string	Hostname
--iava	string	Iava
--id	string	ID
--lastmodenddate	string	LastModEndDate
--lastmodstartdate	string	LastModStartDate
--limit	string	Limit
--mispid	string	MispId
--mitreid	string	MitreId
--nextcursor	string	NextCursor
--order	string	Order
--page	string	Page
--prevcursor	string	PrevCursor
--pubenddate	string	PubEndDate
--pubstartdate	string	PubStartDate
--ransomware	string	Ransomware
--sort	string	Sort
--threatactor	string	ThreatActor
--help		Show help for command

Download a backup

Download a backup of a specified index either interactively or retrieve a signed temporary URL

vulncheck backup download|url <index>

Flags (url only)

Flag	Description
--json	Output the download URL in JSON format.

Request vulnerabilities related to a CPE

Based on the specified CPE (Common Platform Enumeration) URI string, this endpoint will return a list of vulnerabilities that are related to the package. We support v2.2 and v2.3

vulncheck cpe <cpe>

Request vulnerabilities related to a PURL

Based on the specified PURL, this command will return a list of vulnerabilities that are related to the package. You can find a list of supported package managers here

vulncheck purl <purl>

Scan a repository for vulnerabilities

This command will scan a directory for traces of packages via generating an SBOM and then check for vulnerabilities.

vulncheck scan <path> [flags]

Flags

Flag	Description
-f	Save scan results to output.json

Tip

Looking to plug this into your Github Repository? Check out our own Action