SploitScan

📜 Description

SploitScan is a powerful and user-friendly tool designed to streamline the process of identifying exploits for known vulnerabilities and their respective exploitation probability. Empowering cybersecurity professionals with the capability to swiftly identify and apply known and test exploits. It's particularly valuable for professionals seeking to enhance their security measures or develop robust detection strategies against emerging threats.

📖 Table of contents

• 📜 Description
• 🌟 Features
• 💣 Supported Exploit Databases
• 📁 Supported Vulnerability Scanner Import
• ⚙️ Installation
• 🚀 Usage
• 🤖 AI-Powered Risk Assessment
• 🛡️ Patching Priority System
• 🫱🏼‍🫲🏽 Contributing
• 📌 Author
• 📆 Changelog

🌟 Features

• CVE Information Retrieval
  Retrieve detailed information about vulnerabilities.

• EPSS Integration
  Check the likelihood of exploitation with data from the Exploit Prediction Scoring System.

• Public Exploits Aggregation
  Collect publicly available exploit data to help you understand the context of each vulnerability.

• CISA KEV Integration
  Quickly see if a vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog.

• AI-Powered Risk Assessment
  Get risk assessments using multiple AI providers (OpenAI ChatGPT, Google Gemini, Grok AI, or DeepSeek) that explain potential risks and offer mitigation ideas.

• HackerOne Reports
  Find out if a vulnerability has been involved in HackerOne bug bounty reports, including basic ranking and severity details.

• Patching Priority System
  Receive a simple priority rating for patching based on CVSS, EPSS, and available exploit information.

• Multi-CVE Support and Export Options
  Work with multiple CVEs at once and export the results to HTML, JSON, or CSV formats.

• Vulnerability Scanner Import Import scan results from popular vulnerability scanners (Nessus, Nexpose, OpenVAS, Docker) to directly search for known exploits. Now supports directory-based import with --input-dir for batch processing multiple reports.

• Granular Method Selection
  Choose which specific data retrieval methods to run (such as CISA, EPSS, HackerOne, AI, etc.) so you only get the information you need.

• Local CVE Database Update & Cloning
  Maintain a local copy of the CVE List V5 repository. This lets you update the full CVE data on your machine for offline use and search.

• Keyword-Based CVE Search Across Sources
  Search for CVEs by keywords (for example, “Apple”) across both your local database and remote sources like CISA and Nuclei Templates.

• Fast Mode for Streamlined Output
  Use fast mode to display only the basic CVE information, skipping extra lookups for quicker results.

• User-Friendly Interface
  Enjoy a clear and straightforward interface that presents all the information in an easy-to-read format.

💣 Supported Exploit Databases

• GitHub
• ExploitDB
• VulnCheck (requires a free VulnCheck API key)
• Nuclei
• Metasploit

📁 Supported Vulnerability Scanner Import

• Nessus (.nessus)
• Nexpose (.xml)
• OpenVAS (.xml)
• Docker (.json)

⚙️ Installation

GitHub

git clone https://github.com/xaitax/SploitScan.git
cd sploitscan
pip install -r requirements.txt

pip

pip install --user sploitscan

Kali/Ubuntu/Debian (might not the latest version)

apt install sploitscan

Obtaining API Keys

• VulnCheck: Sign up for a free account at VulnCheck to get your API key.
• OpenAI: Create an account and get an API key at OpenAI.
• Google Gemini: Create an account and get an API key at Google AI Studio.
• xAI Grok: Create an account and get an API key at xAI.
• DeepSeek: Create an account and get an API key at DeepSeek.

Configuration File

SploitScan searches for a config.json in multiple locations by default. It will load the first valid file it finds, in this order:

1. Custom path passed via --config or -c
2. Environment variable: SPLOITSCAN_CONFIG_PATH
3. Local and standard config-file locations:
   • Current working directory
   • ~/.sploitscan/config.json
   • ~/.config/sploitscan/config.json
   • ~/Library/Application Support/sploitscan/config.json (macOS)
   • %APPDATA%/sploitscan/config.json (Windows)
   • /etc/sploitscan/config.json

Note: Only one file is loaded — the first one found in the above sequence. You can place your config.json in any of these paths.

A typical config.json might look like this:

{
    "vulncheck_api_key": "",
    "openai_api_key": "",
    "google_ai_api_key": "",
    "grok_api_key": "",
    "deepseek_api_key": ""
}

🚀 Usage

$ python .\sploitscan.py -h

███████╗██████╗ ██╗      ██████╗ ██╗████████╗███████╗ ██████╗ █████╗ ███╗   ██╗
██╔════╝██╔══██╗██║     ██╔═══██╗██║╚══██╔══╝██╔════╝██╔════╝██╔══██╗████╗  ██║
███████╗██████╔╝██║     ██║   ██║██║   ██║   ███████╗██║     ███████║██╔██╗ ██║
╚════██║██╔═══╝ ██║     ██║   ██║██║   ██║   ╚════██║██║     ██╔══██║██║╚██╗██║
███████║██║     ███████╗╚██████╔╝██║   ██║   ███████║╚██████╗██║  ██║██║ ╚████║
╚══════╝╚═╝     ╚══════╝ ╚═════╝ ╚═╝   ╚═╝   ╚══════╝ ╚═════╝╚═╝  ╚═╝╚═╝  ╚═══╝
v0.14.0 / Alexander Hagenah / @xaitax / ah@primepage.de

usage: sploitscan.py [-h] [-e {json,csv,html}] [-t {nessus,nexpose,openvas,docker}] [--ai {openai,google,grok,deepseek}] [-k KEYWORDS [KEYWORDS ...]] [-local] [-f] [-m METHODS] [-i IMPORT_FILE] [-c CONFIG] [-d] [cve_ids ...]

SploitScan: Retrieve and display vulnerability and exploit data for specified CVE ID(s).

positional arguments:
  cve_ids               Enter one or more CVE IDs (e.g., CVE-YYYY-NNNNN). This is optional if an import file is provided via -i.

options:
  -h, --help            show this help message and exit
  -e {json,csv,html}, --export {json,csv,html}
                        Export the results in the specified format ('json', 'csv', or 'html').
  -t {nessus,nexpose,openvas,docker}, --type {nessus,nexpose,openvas,docker}
                        Specify the type of the import file ('nessus', 'nexpose', 'openvas', or 'docker').
  --ai {openai,google,grok,deepseek}
                        Select the AI provider for risk assessment (e.g., 'openai', 'google', 'grok', or 'deepseek').
  -k KEYWORDS [KEYWORDS ...], --keywords KEYWORDS [KEYWORDS ...]
                        Search for CVEs related to specific keywords (e.g., product name).
  -local, --local-database
                        Download the cvelistV5 repository into the local directory. Use the local database over online research if available.
  -f, --fast-mode       Enable fast mode: only display basic CVE information without fetching additional exploits or data.
  -m METHODS, --methods METHODS
                        Specify which methods to run, separated by commas (e.g., 'cisa,epss,hackerone,ai,prio,references').
  -i IMPORT_FILE, --import-file IMPORT_FILE
                         Path to an import file. When provided, positional CVE IDs can be omitted. The file should be a plain text list with one CVE per line.
  --input-dir INPUT_DIR  Path to a directory containing vulnerability reports to scan for CVE IDs.
  -c CONFIG, --config CONFIG
                         Path to a custom configuration file.
  -d, --debug           Enable debug output.

Single CVE Query

sploitscan CVE-2024-1709

Multiple CVE Query

sploitscan CVE-2024-1709 CVE-2024-21413

Local CVE Database Update

You can now update (or initially clone) the full CVE List V5 repository locally by using the --local option. Note that this repository is several GB in size, so the download may take a while. For example:

sploitscan -local

███████╗██████╗ ██╗      ██████╗ ██╗████████╗███████╗ ██████╗ █████╗ ███╗   ██╗
██╔════╝██╔══██╗██║     ██╔═══██╗██║╚══██╔══╝██╔════╝██╔════╝██╔══██╗████╗  ██║
███████╗██████╔╝██║     ██║   ██║██║   ██║   ███████╗██║     ███████║██╔██╗ ██║
╚════██║██╔═══╝ ██║     ██║   ██║██║   ██║   ╚════██║██║     ██╔══██║██║╚██╗██║
███████║██║     ███████╗╚██████╔╝██║   ██║   ███████║╚██████╗██║  ██║██║ ╚████║
╚══════╝╚═╝     ╚══════╝ ╚═════╝ ╚═╝   ╚═╝   ╚══════╝ ╚═════╝╚═╝  ╚═╝╚═╝  ╚═══╝
v0.14.0 / Alexander Hagenah / @xaitax / ah@primepage.de

📥 Cloning CVE List V5 into 'C:\Users\ah/.sploitscan\cvelistV5'.
⚠️ Warning: The repository is several GB in size and the download may take a while.
🔄 Progress: 100.00% - 940.62 MiB | 4.97 MiB/s
✅ CVE List V5 cloned successfully.

Keyword-Based Search Across Sources

Search for CVEs by keywords (e.g., "Apple") across the local database, CISA, and Nuclei Templates.

[!TIP] This can replace more or less replace [searchsploit](https://www.exploit-db.co