debsecan is a command line tool in Linux that can be used to scan a Debian-based system for known vulnerabilities. It checks the installed packages against a database of known vulnerabilities and reports any that are found. The vulnerabilities are identified by their Common Vulnerabilities and Exposures (CVE) identifier.
The debsecan command can be used to check the system for vulnerabilities and help the user to decide whether to update or patch the affected packages or not.
If you encounter the below error while running the command debsecan:
debsecan: command not found
you may try installing the below package as per your choice of distribution:
| Distribution | Command |
|---|---|
| Debian | apt-get install debsecan |
| Ubuntu | apt-get install debsecan |
| Kali Linux | apt-get install debsecan |
| Raspbian | apt-get install debsecan |
debsecan Command Examples
1. List vulnerable installed packages on the current host:
# debsecan
2. List vulnerable installed packages of a specific suite:
# debsecan --suite release_code_name
3. List only fixed vulnerabilities:
# debsecan --suite release_code_name --only-fixed
4. List only fixed vulnerabilities of unstable (“sid”) and mail to root:
# debsecan --suite sid --only-fixed --format report --mailto root --update-history
5. Upgrade vulnerable installed packages:
# sudo apt upgrade $(debsecan --only-fixed --format packages)