Github Page
Output pdf it gives
Codes

Vuln_Scan Documentation

Inspiration

In the constantly evolving field of cybersecurity, understanding vulnerabilities is crucial for maintaining secure systems. Recognizing that many applications might contain unpatched or unknown vulnerabilities, we wanted to build a tool that could automatically assess installed software for known security issues. Our goal was to make vulnerability assessment accessible and straightforward, empowering users and businesses to proactively protect their systems.

What it does

Vuln_Scan automates the process of identifying vulnerabilities in installed applications on a Windows system. It scans the system for installed software, retrieves version details, and checks for any associated CVEs (Common Vulnerabilities and Exposures) from public vulnerability databases. The final output is a report in PDF format that provides detailed information on each application's potential vulnerabilities, enabling users to make informed security decisions.

How we built it

We developed Vuln_Scan using Python, leveraging libraries such as tqdm for progress tracking and PyPDF2 to generate the final PDF report. The tool accesses system data through the Windows registry to gather information on installed applications and utilizes web scraping techniques to search for vulnerabilities on sites like CVE Details. We implemented a combination of exact and fuzzy matching algorithms to account for variations in application names, ensuring that our vulnerability checks are accurate even when names vary slightly between sources.

Challenges we ran into

One of the major challenges was handling inconsistent naming conventions across different platforms and databases. Many applications have multiple naming variations, which made it difficult to ensure accurate CVE matching. Additionally, managing the high volume of applications and ensuring the progress bar displayed correctly took some refining. We also had to design a solution that could efficiently search through large datasets while providing a user-friendly experience.

Accomplishments that we're proud of

We’re proud to have developed a tool that generates a comprehensive vulnerability report, allowing users to assess their system security with minimal manual effort. Our progress bar implementation now reflects real-time scanning and application processing, providing a clear and engaging user interface. Successfully optimizing the search algorithm to handle large datasets without sacrificing accuracy was a big win for the project.

What we learned

Throughout this project, we deepened our understanding of system security, data handling, and the importance of efficient progress monitoring in long-running processes. We learned to manage large datasets more effectively and gained experience with web scraping and automated report generation. Additionally, we encountered practical challenges in matching data across inconsistent sources, which helped us improve our algorithmic and problem-solving skills.

What's next for Vuln_Scan

Looking ahead, we plan to expand Vuln_Scan by adding more detailed reporting features, such as severity scores for each vulnerability and suggestions for mitigations. We also aim to integrate real-time vulnerability feeds to keep the database up-to-date. Additionally, we’re exploring support for multiple operating systems, making Vuln_Scan a cross-platform tool that can enhance security across various environments.

Built With

pypdf2
python
tqdm

Updates

Vipul Raj started this project — Oct 28, 2024 04:45 AM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.