Metadata-Version: 2.4
Name: cyberxyz-scanner
Version: 1.3.2
Summary: CyberXYZ Vulnerability Scanner CLI — real-time vulnerability intelligence, XYZ scoring, EPSS and depalert scores
Project-URL: Homepage, https://cyberxyz.io
Project-URL: Documentation, https://docs.cyberxyz.io
Author-email: CyberXYZ Security Team <support@cyberxyz.io>
License: Proprietary
License-File: LICENSE
Keywords: CVE,EPSS,GHSA,OSV,scanner,security,vulnerability
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: License :: Other/Proprietary License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=3.8
Requires-Dist: click>=8.0
Requires-Dist: pip-audit>=2.6
Requires-Dist: python-dotenv>=1.0
Requires-Dist: requests>=2.28
Requires-Dist: rich>=13.0
Requires-Dist: tabulate>=0.9
Description-Content-Type: text/markdown

# 🛡️ XYZ Scanner 🛡️

**From CyberXYZ Security Inc., our research team looks for the next 0-Day vulnerabilities in collaboration with Cork Institute for Technology (CIT).**

[![MIT License](https://img.shields.io/badge/License-MIT-green.svg)](https://choosealicense.com/licenses/mit/)

## 🚀 Overview

The XYZ Scanner is a powerful command-line interface that allows developers and security professionals to scan their projects for known vulnerabilities. It leverages the comprehensive XYZ Vulnerability Database to provide real-time security insights.

## ✨ Features

-   **Vulnerability Scanning**: Scan your projects for vulnerabilities using a variety of methods.
-   **Package Auditing**: Audit your dependencies for known security issues.
-   **Exploit Information**: Get information about known exploits for discovered vulnerabilities.
-   **Multi-Ecosystem Support**: Scan projects in various ecosystems, including Python and Go.

## 🛠️ Installation

You can install the XYZ Scanner using `pip` or `uv`:

```bash
pip install XYZ-Scanner
```

or

```bash
uv pip install XYZ-Scanner
```

**Note:** To use the Go auditing features, you will also need to install `depsdev`:

```bash
go install github.com/edoardottt/depsdev/cmd/depsdev@latest
```

## 👨‍💻 Usage

To get started, you'll need to log in to your CyberXYZ account:

```bash
xyz login
```

Once logged in, you can use the following commands to check your projects for vulnerabilities.

### `info`

Display information about the XYZ Vulnerability API.

```bash
xyz info
```

### `vuln`

Search for a specific vulnerability by ID (e.g., CVE, GHSA).

```bash
xyz vuln CVE-2021-44228
```

**Options:**

*   `-x`, `--exploits`: Include exploit information.
*   `--affected`: Show affected packages.
*   `--json`: Output as JSON.

### `package`

Search for vulnerabilities affecting a specific package.

```bash
xyz package requests -e pypi -v 2.25.1
```

**Options:**

*   `-e`, `--ecosystem`: Filter by ecosystem (e.g., npm, pypi, maven).
*   `-v`, `--version`: Filter by package version.
*   `-s`, `--severity`: Filter by severity (critical, high, medium, low).
*   `-x`, `--exploits`: Include exploit information.
*   `--limit`: Maximum results to return.
*   `--json`: Output as JSON.

### `scan`

Scan installed packages for vulnerabilities.

```bash
xyz scan --python --npm
```

**Options:**

*   `--python`: Scan Python packages.
*   `--npm`: Scan npm packages.
*   `-i`, `--system`: Scan system packages.
*   `--java`: Scan Java packages.
*   `--go`: Scan Go packages.
*   `--php`: Scan PHP packages.
*   `--microsoft`: Scan Microsoft packages.
*   `--all`: Scan all package types.
*   `-x`, `--exploits`: Include exploit information.
*   `--json`: Output as JSON.
*   `--list-packages`: Only list installed packages, do not scan for vulnerabilities.

### `audit`

Audit local development environments.

#### `python`

Audit Python environment for vulnerabilities and dependency tree.

```bash
xyz audit python
```

**Options:**

*   `--json`: Output audit results as JSON.

#### `go`

Audit Go modules.

```bash
xyz audit go
```

**Options:**

*   `--json`: Output audit results as JSON.

### `recent`

Show recent vulnerabilities.

```bash
xyz recent --days 7
```

**Options:**

*   `--days`: Number of days to look back.
*   `--limit`: Maximum results to return.
*   `-x`, `--exploits`: Include exploit information.
*   `--json`: Output as JSON.

### `stats`

Show database and API statistics.

```bash
xyz stats
```

## 🙏 Credits

This tool was developed by the CyberXYZ Security team.

## 📄 License

The XYZ Scanner is licensed under a commercial license. See the [LICENSE](LICENSE) file for more details.
