cve-toolkit

CVE helper toolkit
git clone git://git.finwo.net/app/cve-toolkit
Log | Files | Refs | README | LICENSE
commit 255a61f1a59d0a2e0f36c3080d75562fe22bd293
parent 30b77f265e04a56a6a95882920d7a61e47c1f1d4
Author: finwo <finwo@pm.me>
Date:   Sat,  9 May 2026 02:09:30 +0200

Update readme to reflect current state

Diffstat:

MREADME.md | 22+++++++++++++++-------


1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
@@ -2,7 +2,12 @@
 
 A lightweight CVE detection toolkit for Linux systems.
 
-> **Note:** This is currently detection-only. There are no command-line arguments — just run it and it checks everything it knows about.
+## Detected Vulnerabilities
+
+| CVE                                                               | Alias     | Details                                              |
+| ----------------------------------------------------------------- | --------- | ---------------------------------------------------- |
+| [CVE-2026-31431](https://www.cve.org/CVERecord?id=CVE-2026-31431) | CopyFail  | Kernel crypto initialization bypass via `algif_aead` |
+| [CVE-2026-43284](https://www.cve.org/CVERecord?id=CVE-2026-43284) | DirtyFrag | xfrm-ESP page-cache write LPE                        |
 
 ## Build
 
@@ -13,23 +18,26 @@ make
 ## Usage
 
 ```bash
-./cve-toolkit
+./cve-toolkit              # Run all detectors
+./cve-toolkit -v           # Run with verbose exploit logging
+./cve-toolkit --license    # Print license and exit
+./cve-toolkit --help       # Show help
 ```
 
-That's it. The tool runs all bundled detectors, reports pass/fail per check, and prints remediation steps for any detected vulnerabilities.
+The tool runs all bundled detectors, reports `[pass]`/`[fail]` per check to stderr, prints detected CVE IDs to stdout, and shows remediation steps. Exit code is `0` if all clean, `1` if any vulnerabilities are found.
 
 ## Adding Detectors
 
 Detectors live under `src/detector/`. Each `.c` file registers itself at startup via a `__attribute__((constructor))` function:
 
 ```c
-int detector_cve_XXXX_XXXXX(int num) {
-    // return 0 for pass, 1 for fail
+int detector_cve_XXXX_XXXXX(struct cve_context *ctx) {
+    // return 0 for pass, non-zero for fail
 }
 
 __attribute__((constructor))
-void detector_cve_XXXX_XXXXX_setup() {
-    detector_queue_append("CVE-XXXX-XXXXX", "Remediation text here.", detector_cve_XXXX_XXXXX);
+void detector_cve_XXXX_XXXXX_setup(void) {
+    detector_queue_append("CVE-XXXX-XXXXX", "Nickname", "Remediation text here.", detector_cve_XXXX_XXXXX);
 }
 ```