Page:
Simple Vulnerability Scanner
Pages
API Rate Limiter
API Security Scanner
Base64 Tool
Bug Bounty Platform
Caesar Cipher
Certification Roadmaps
Contributing
DNS Lookup
Docker Security Audit
Encrypted P2P Chat
Getting Started
Home
Keylogger
Metadata Scrubber Tool
Network Traffic Analyzer
Project Roadmap
SIEM Dashboard
Simple Port Scanner
Simple Vulnerability Scanner
Tools and Resources
1
Simple Vulnerability Scanner
CarterPerez-dev edited this page 2026-02-11 04:56:38 -05:00
Simple Vulnerability Scanner
Go-based Python dependency security scanner that checks for outdated packages and known CVEs.
Overview
angela is a CLI tool that scans Python projects for outdated dependencies and known security vulnerabilities. It reads pyproject.toml or requirements.txt, checks PyPI for latest versions, queries OSV.dev for CVEs, and updates dependency files while preserving comments and formatting.
Status: Complete | Difficulty: Beginner
Tech Stack
| Technology | Version | Purpose |
|---|---|---|
| Go | 1.24+ | Core language |
| Cobra | - | CLI framework |
| pelletier/go-toml | - | TOML parsing |
| PyPI Simple API | PEP 691 | Package metadata |
| OSV.dev API | - | Vulnerability database |
Features
Core Functionality
- Scan
pyproject.tomlandrequirements.txtfor outdated dependencies - Query OSV.dev for known CVEs with severity levels (CRITICAL, HIGH, MODERATE, LOW)
- Update dependency versions in-place, preserving comments and formatting
- Dry-run mode to preview changes before applying
- File-based caching with ETag support and TTL expiration
- Concurrent workers with bounded concurrency via errgroup
Commands
| Command | Description |
|---|---|
scan |
Check for outdated packages and vulnerabilities |
check |
Dry run — show what would change |
update |
Update dependency versions in-place |
update --vulns |
Update and scan for vulnerabilities |
cache clear |
Clear the local cache |
Security Relevance
- Supply chain attacks (PyTorch torchtriton compromise, 2022)
- Dependency confusion and typosquatting
- CVE tracking across transitive dependencies
- PEP 440 version parsing for accurate resolution
Architecture
cmd/angela/main.go (Entry point)
↓
internal/cli/ (Cobra commands + output formatting)
↓
┌──────────────┬──────────────┬──────────────┐
│ pypi/ │ osv/ │ pyproject/ │
│ PyPI Simple │ OSV.dev │ TOML parser │
│ API client │ batch CVE │ + writer │
│ + cache │ queries │ (preserves │
│ (ETag/TTL) │ │ comments) │
├──────────────┼──────────────┼──────────────┤
│ version.go │ client.go │ parser.go │
│ PEP 440 │ │ writer.go │
│ parser │ │ │
└──────────────┴──────────────┴──────────────┘
↓
internal/ui/ (Terminal colors and spinners)
Quick Start
cd PROJECTS/beginner/simple-vulnerability-scanner
# Install Go dependencies
go mod download
# Scan test data
go run ./cmd/angela scan --file testdata/pyproject.toml
# Check what would change (dry run)
go run ./cmd/angela check --file testdata/pyproject.toml
# Update dependencies
go run ./cmd/angela update --file testdata/pyproject.toml
# Update and scan for vulnerabilities
go run ./cmd/angela update --vulns --file testdata/pyproject.toml
Project Structure
simple-vulnerability-scanner/
├── cmd/angela/
│ └── main.go # Entry point
├── internal/
│ ├── cli/ # Cobra commands and output
│ │ ├── update.go
│ │ └── output.go
│ ├── pypi/ # PyPI API client
│ │ ├── client.go # HTTP client with caching
│ │ ├── cache.go # File-based cache (ETag)
│ │ └── version.go # PEP 440 version parser
│ ├── osv/ # Vulnerability scanner
│ │ └── client.go # Batch CVE queries
│ ├── pyproject/ # TOML parser/writer
│ ├── requirements/ # requirements.txt parser
│ ├── config/ # Configuration loader
│ └── ui/ # Terminal colors/spinners
├── pkg/types/ # Shared type definitions
├── testdata/ # Sample files
├── Justfile
└── .golangci.yml
Development
# Run tests
go test ./...
# Lint
golangci-lint run
# Build
go build -o angela ./cmd/angela
Source Code
Navigation
Beginner Projects
- Simple Port Scanner
- Keylogger
- Caesar Cipher
- DNS Lookup Tool
- Vulnerability Scanner
- Metadata Scrubber
- Network Traffic Analyzer
- Base64 Encoder/Decoder
Intermediate Projects
Advanced Projects
Guides
Resources
Progress: 14/60
©AngelaMos | CertGames.com | CarterPerez-dev | 2026