leviathan/SKELETONKEY
1
0
Fork 0
Code Issues Pull Requests Actions 21 Packages Projects Releases Wiki Activity

README + site + binary: surface 22-of-26 VM-verified count

Browse Source 
Updates the visible 'how trustworthy is this' signal across all three
touchpoints after the verifier sweep landed 22 modules confirmed in
real Linux VMs:

README.md
  - Badge: '28 verified + 3 ported' → '22 VM-verified / 26'.
  - Headline tagline: emphasizes the 22-of-26 empirical confirmation.
  - 'Corpus at a glance' restructured: tier counts unchanged, but the
    stale '3 ported-but-unverified' subsection is replaced by a new
    'Empirical verification' table breaking the 22 records down by
    distro/kernel.
  - 'Status' section refreshed for v0.6.0 reality: 88 tests + 22
    verifications + mainline kernel fetch + --explain + KEV/CWE/ATT&CK
    metadata + 119 detection rules. The four still-unverified entries
    (vmwgfx, dirty_cow, dirtydecrypt, fragnesia) are listed with their
    blocking reasons.

docs/index.html
  - Hero stats row gets a new '22 ✓ VM-verified' chip (emerald-styled
    via new .stat-vfy CSS class), keeping modules/KEV/rules siblings.
  - Hero tagline calls out '22 of 26 CVEs empirically verified'.
  - Meta description + og:description updated.
  - Bento card 'Verifier ready' rewritten as '22 modules empirically
    verified' with concrete distro/kernel breakdown; styled with new
    .bento-vfy class for emerald accent (matches the stat chip).
  - Timeline 'shipped' column adds the verifier wins; 'in flight'
    swapped to current open items (drift fixes, packagekit provisioner,
    custom <=4.4 box for dirty_cow).

docs/og.svg + docs/og.png
  - 4-chip stats row instead of 3: 31 modules · 22 ✓ VM-verified · 10
    ★ in CISA KEV · 119 detection rules. Tagline now '22 of 26 CVEs
    verified in real Linux VMs.' Re-rendered to PNG via rsvg-convert.

skeletonkey.c (binary)
  - --list footer now prints '31 modules registered · 10 in CISA KEV
    (★) · 22 empirically verified in real VMs (✓)'. Counts computed
    from the registry + cve_metadata + verifications tables at runtime
    (so it stays accurate as more verifications land — the JSONL
    refresh propagates automatically).

No code logic changed; only surfacing.
This commit is contained in:
KaraZajac
2026-05-23 18:03:38 -04:00
parent 312e7d89b5
commit 6e0f811a2c
6 changed files with 108 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skeletonkey.c
+10 -2
View File
@@ -276,15 +276,23 @@ static int cmd_list(const struct skeletonkey_ctx *ctx)
"NAME", "CVE", "KEV", "VFY", "FAMILY", "SUMMARY");
fprintf(stdout, "%-20s %-18s %-3s %-3s %-25s %s\n",
"----", "---", "---", "---", "------", "-------");
size_t n_kev = 0, n_vfy = 0;
for (size_t i = 0; i < n; i++) {
const struct skeletonkey_module *m = skeletonkey_module_at(i);
const struct cve_metadata *md = cve_metadata_lookup(m->cve);
bool in_kev = md && md->in_kev;
bool verified = verifications_module_has_match(m->name);
if (in_kev) n_kev++;
if (verified) n_vfy++;
fprintf(stdout, "%-20s %-18s %-3s %-3s %-25s %s\n",
m->name, m->cve,
(md && md->in_kev) ? "" : "",
verifications_module_has_match(m->name) ? "" : "",
in_kev ? "" : "",
verified ? "" : "",
m->family, m->summary);
}
fprintf(stdout, "\n%zu modules registered · %zu in CISA KEV (★) · "
"%zu empirically verified in real VMs (✓)\n",
n, n_kev, n_vfy);
return 0;
}