VersionGopher™ combines lightweight downloadable collectors with a hosted analysis dashboard to discover software versions, executable metadata, CVE exposure, and software drift across diverse operating systems and architectures.
VersionGopher™ is developed and provided by AstroSec LLC, a Virginia limited liability company.
VersionGopher is built for teams that need defensible software evidence before they fund a deal, approve an environment, inherit a fleet, or brief leadership on real risk.
Scan acquired laptops, servers, firmware images, and offline exports to surface vulnerable software, risky archives, exposed private keys, crypto-wallet artifacts, AI prompt-risk files, unmanaged tools, and evidence gaps before integration begins.
Use collector output to see binaries and scripts across endpoints, servers, file shares, and air-gapped systems where EDR, SBOM, or package-manager data is incomplete.
Drop small collectors onto ARM, OpenWrt/Entware ARMv7, MIPS, PowerPC, Linux, macOS, and Windows targets. Bring JSONL back to the dashboard when connectivity, custody, or mission rules allow.
VersionGopher™ is offered in two connected ways: downloadable collectors that run locally for approved users, and a hosted dashboard that turns uploaded scan output into software, vulnerability, package-risk, and drift analysis.
VersionGopher™ includes downloadable collector binaries and command-line software for authorized users. The collectors are designed to run locally on supported systems and generate structured software inventory and version-discovery output for upload or offline review.
Approved users can download VersionGopher™ collectors after account approval. The downloadable software performs local file discovery, executable inspection, version extraction, metadata collection, and JSONL/JSON output generation.
VersionGopher™ provides verifiable collector provenance so buyers can trace released artifacts back to the expected build workflow and source revision.
Embedded Linux targets where supported, including ARM, OpenWrt/Entware ARMv7, MIPS, and PowerPC/PPC32 systems scanning large mounted storage sets.
VersionGopher collectors are designed for infrastructure beyond laptops and servers: NAS, SAN, RAID arrays, mounted forensic images, data lakes, and embedded Linux systems close to large storage estates, including OpenWrt/Entware ARMv7 and PowerPC controller-frontline targets.
VersionGopher™ also provides a hosted software analysis dashboard for importing scan results, reviewing discovered software versions, investigating CVE and package-advisory matches, comparing scans, and identifying software or environment drift over time.
Upload or import scan output, review scan history, and filter software findings.
Explore CVE matches and OSV npm/PyPI package advisory matches.
Compare software inventories and track version drift for intentional scan groups.
Review metadata across operating systems and manage organization or group-scoped scan visibility.
VersionGopher™ is developed and provided by AstroSec LLC, a Virginia limited liability company.
Recent npm, PyPI, Crates.io, GitHub, and developer-extension attacks all point to the same operator question: which endpoints, CI runners, caches, mounted images, and storage estates had the named package or version on disk?
VersionGopher™ package-risk scanning is built for that first exposure answer, while keeping ordinary OSV advisories separate from known malicious-package findings.
Read the package-risk note
Dogfooding scan evidence, sanitized for public preview.
Native collectors for macOS, Linux, Windows, ARM, OpenWrt/Entware ARMv7, MIPS, and PowerPC. Lightweight binaries traverse entire filesystems in seconds.
Deep PE resources, PE Rich Header evidence, ELF notes, Mach-O plist extraction, and script regex - no version escapes detection.
Compare software genomes over time to identify new executables, changed versions, removed components, leftover agents, and unauthorized software across enterprise, embedded, and satellite fleets.
Automated NVD CVE matching with CPE resolution, EPSS exploitation probability, CISA KEV catalog, and GitHub PoC search.
Identify exact npm and PyPI package evidence, then separate ordinary OSV advisories from MAL malicious-package findings.
Buyer-ready assessment reports combine CVE exposure, OSV package advisory matches, sensitive-artifact indicators, binary context, and scan provenance.
VersionGopher's embedded collectors are small enough to run on ARM, OpenWrt/Entware ARMv7, MIPS, and PowerPC Linux systems, IoT gateways, routers, and small satellite flight computers. Drop the right binary on the target, scan without network access, and move compact JSONL results back to the ground station or SOC when connectivity allows.
Collectors target ARM32, ARM64, OpenWrt/Entware ARMv7, MIPS, and PowerPC Linux - BusyBox routers, industrial gateways, avionics, and CubeSat flight software.
MIPS little-endian builds cover router SoCs, payload support boards, lab testbeds, and long-lived embedded controllers where hardware outlives normal software lifecycles.
PowerPC 32-bit big-endian builds cover telecom-class controllers, storage-frontline systems, mission labs, and other deterministic embedded Linux environments.
Inventory every binary on a satellite payload before launch. Cross-reference against NVD to verify no known-vulnerable libraries fly.
Runs entirely offline. Collect JSONL on the target, transfer via serial/USB/downlink, and analyze on the ground station.
Footage: NASA/GSFC · BurstCube & SNOOPI CubeSats deployed from the ISS, SpaceX CRS-30, April 2024 · OSIRIS-REx departure from asteroid Bennu
Search and filter across hundreds of thousands of binaries. Every version, every path, every file type — indexed and queryable in real time.
Operating environments rarely stay frozen after deployment. MSPs change, MSSPs rotate, endpoint agents are replaced, old tools are only partially removed, and new executables appear over time.
VersionGopher compares current scans against known-good baselines to reveal what changed across your software estate - from enterprise endpoints and servers to embedded Linux systems and pLEO satellite payloads.
Compare any scan against a golden image, previous scan, or approved mission baseline.
Find new binaries, scripts, payload processors, agents, or tools that were not present in the approved environment.
Track upgrades, downgrades, patched libraries, stale components, and silent version changes.
Detect leftover RMM, EDR, antivirus, VPN, monitoring, or MSSP tooling after vendor transitions.
See which systems drifted, when they drifted, and whether the change is isolated or spreading.
Verify onboard software still matches the approved pre-launch or post-update baseline across pLEO and SmallSat systems.
Know whether endpoint security, remote-management, VPN, monitoring, and operations agents are actually present - and whether legacy tools were fully removed.
VersionGopher does not just tell you what version is present. It tells you what changed, what appeared, and what no longer matches the approved baseline.
Analysts need to know whether a CVE match is real, whether a binary belongs on a system, and how it was built. VersionGopher carries provenance into the executable card: scan source, collector hash, publisher metadata, PE Rich Header toolchain evidence, ELF build IDs, interpreter paths, dependencies, and hardening signals.
Publisher, product, path, platform, and file-type context help separate real packages from common-name false positives.
Flag suspicious loaders, checksum anomalies, missing ELF hardening, writable-path interpreters, and unusual dependencies.
One detail view brings together CVE rationale, scan provenance, hashes, metadata, and build fingerprints for fast triage.
Binary: sshd
Scan: payload-testbed-04 / MIPS embedded Linux
Collector: version_gopher 0.7.0
SHA-256: 48bbabc8495055...
ELF Forensics
Build ID: 8d7a0c9b...
Interpreter: /lib/ld-musl-mipsel-sf.so.1
Needed libs: libc.so, libcrypto.so
Hardening: NX on, RELRO partial, Canary absent
PE Rich Header
Toolchain evidence: Visual Studio family
Compiler/linker IDs: retained for analyst review
Result
CVE match: explainable
Forensic signals: 2 review, 1 hardening gapCVE results ranked by composite risk score combining CVSS severity, EPSS exploitation probability, CISA KEV status, and known PoC availability.
Click to explore each component of the scanning pipeline.
Lightweight native binaries compiled for every major platform. Drop a single executable on any target, run it, and get structured JSONL output ready for analysis. No agent service, no installation, no runtime framework required.
$ out="versiongopher-${HOSTNAME}-linux-x64-firmware-20260520-154233.jsonl"
$ ./version_gopher -d /firmware -J > "$out"
$ wc -l "$out"
34,291 versiongopher-host-linux-x64-firmware-20260520-154233.jsonlThe PE parser walks the full RT_VERSION resource tree, handling both type-0 (binary) and type-1 (text) VS_VERSIONINFO string entries. No arbitrary size limits on resource sections — firmware updaters with 50MB+ embedded blobs are parsed correctly.
{
"filepath": "/firmware/发生产/update.exe",
"filename": "update",
"version": "31.125.0.0",
"file_type": "PE"
}The web pipeline preserves file-first evidence so analysts can inspect how a binary was found, what collector produced it, what metadata was present, and whether the executable shows unusual build or runtime characteristics.
filename: fusion.dll
publisher: Microsoft Corporation
path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\
candidate_cpe: nagios:fusion
decision: suppress common-name false positive
reason: vendor, platform, path, and component type conflictResumable NVD sync builds a local CVE catalog. The matching engine resolves products via CPE dictionaries, applies version range logic, checks vendor and platform context, and enriches every result with exploitation intelligence.
CVE-2024-3094 xz-utils 5.6.0
├─ CVSS: 10.0 (CRITICAL)
├─ EPSS: 94.7%
├─ KEV: Yes (CISA deadline 2024-04-19)
├─ PoC: 3 confirmed exploits
└─ Risk: PATCH IMMEDIATELYA responsive web interface for exploring scan results, filtering by type and severity, and drilling into individual CVE matches. Supports multi-scan comparison, scan history management, and JSONL import from collector output.
$ cd web && pip install -r requirements.txt
$ python3 -m flask run --port 5000
# Open http://localhost:5000
# Import versiongopher-*.jsonl → instant resultsThe 2025 CISA–NSA joint guidance "A Shared Vision of Software Bill of Materials" — endorsed by 21 international agencies — calls for organizations to generate, analyze, and integrate SBOMs into operational security workflows. VersionGopher gives you the binary-level component inventory that SBOM pipelines depend on. Read the NSA press release →
Discover every binary, library, and versioned component on a target — the foundational data layer for SPDX and CycloneDX SBOM generation.
Automatically map discovered versions to CVEs via NVD. The joint guidance emphasizes using SBOMs for "risk-informed decision making" — not just inventory.
21 international partners. One standard. VersionGopher's cross-platform scanning meets the guidance's call for interoperable, automated software transparency.
Start with a focused pilot: scan a laptop, server, firmware image, or inherited environment and turn the results into an evidence-backed risk brief.