Skip to main content

SploitScan is a sophisticated cybersecurity utility designed to provide detailed information on vulnerabilities and associated exploits.

Project description

SploitScan

SPLOITSCAN-LOGO Version License

๐Ÿ“œ Description

SploitScan is a powerful and user-friendly tool designed to streamline the process of identifying exploits for known vulnerabilities and their respective exploitation probability. Empowering cybersecurity professionals with the capability to swiftly identify and apply known and test exploits. It's particularly valuable for professionals seeking to enhance their security measures or develop robust detection strategies against emerging threats.

๐Ÿ“– Table of contents

๐ŸŒŸ Features

  • CVE Information Retrieval: Fetches CVE details from the National Vulnerability Database.
  • EPSS Integration: Includes Exploit Prediction Scoring System (EPSS) data, offering a probability score for the likelihood of CVE exploitation, aiding in prioritization.
  • Public Exploits Aggregation: Gathers publicly available exploits, enhancing the understanding of vulnerabilities.
  • CISA KEV: Shows if the CVE has been listed in the Known Exploited Vulnerabilities (KEV) of CISA.
  • AI-Powered Risk Assessment: Leverages OpenAI to provide detailed risk assessments, potential attack scenarios, mitigation recommendations, and executive summaries.
  • HackerOne Reports: Shows if the CVE was used within HackerOne Bug Bounty programs including their total rank overall and severity distribution.
  • Patching Priority System: Evaluates and assigns a priority rating for patching based on various factors including public exploits availability.
  • Multi-CVE Support and Export Options: Supports multiple CVEs in a single run and allows exporting the results to HTML, JSON and CSV formats.
  • Vulnerability Scanner Import: Import vulnerability scans from popular vulnerability scanners and search directly for known exploits.
  • Granular Method Selection: Only specific methods (e.g., cisa, epss, hackerone, ai, etc.), giving you control over what data you want to retrieve.
  • User-Friendly Interface: Easy to use, providing clear and concise information.
  • Comprehensive Security Tool: Ideal for quick security assessments and staying informed about recent vulnerabilities.

sploitscan_v0 10 4

๐Ÿ’ฃ Supported Exploit Databases

๐Ÿ“ Supported Vulnerability Scanner Import

โš™๏ธ Installation

GitHub

git clone https://github.com/xaitax/SploitScan.git
cd sploitscan
pip install -r requirements.txt

pip

pip install --user sploitscan

Kali/Ubuntu/Debian

apt install sploitscan

Obtaining API Keys

  • VulnCheck: Sign up for a free account at VulnCheck to get your API key.
  • OpenAI: Create an account and get an API key at OpenAI.

Configuration File

Note: The OpenAI and VulnCheck API keys are optional. The OpenAI API key is used for AI-powered risk assessment, and the VulnCheck API key is used for VulnCheck data retrieval. If you do not intend to use these features, you can omit the configuration file or leave the API key fields blank.

Create a config.json file in one of the following locations with your API keys:

  • Current directory
  • ~/.sploitscan/
  • ~/.config/sploitscan/
  • /etc/sploitscan/
  • ~/Library/Application Support/sploitscan/ (macOS)
  • %APPDATA%/sploitscan/ (Windows)

You can also specify a custom configuration file path using the --config or -c command-line argument.

{
  "vulncheck_api_key": "your_vulncheck_api_key",
  "openai_api_key": "your_openai_api_key"
}

๐Ÿš€ Usage

$ sploitscan.py -h

โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•—โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•—      โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•—โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ–ˆโ•—   โ–ˆโ–ˆโ•—
โ–ˆโ–ˆโ•”โ•โ•โ•โ•โ•โ–ˆโ–ˆโ•”โ•โ•โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ•‘     โ–ˆโ–ˆโ•”โ•โ•โ•โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ•‘โ•šโ•โ•โ–ˆโ–ˆโ•”โ•โ•โ•โ–ˆโ–ˆโ•”โ•โ•โ•โ•โ•โ–ˆโ–ˆโ•”โ•โ•โ•โ•โ•โ–ˆโ–ˆโ•”โ•โ•โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ–ˆโ–ˆโ•—  โ–ˆโ–ˆโ•‘
โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•—โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•”โ•โ–ˆโ–ˆโ•‘     โ–ˆโ–ˆโ•‘   โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•‘   โ–ˆโ–ˆโ•‘   โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•—โ–ˆโ–ˆโ•‘     โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•”โ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•‘
โ•šโ•โ•โ•โ•โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•”โ•โ•โ•โ• โ–ˆโ–ˆโ•‘     โ–ˆโ–ˆโ•‘   โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•‘   โ–ˆโ–ˆโ•‘   โ•šโ•โ•โ•โ•โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•‘     โ–ˆโ–ˆโ•”โ•โ•โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•‘โ•šโ–ˆโ–ˆโ•—โ–ˆโ–ˆโ•‘
โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•‘     โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•—โ•šโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•”โ•โ–ˆโ–ˆโ•‘   โ–ˆโ–ˆโ•‘   โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•‘โ•šโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•—โ–ˆโ–ˆโ•‘  โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•‘ โ•šโ–ˆโ–ˆโ–ˆโ–ˆโ•‘
โ•šโ•โ•โ•โ•โ•โ•โ•โ•šโ•โ•     โ•šโ•โ•โ•โ•โ•โ•โ• โ•šโ•โ•โ•โ•โ•โ• โ•šโ•โ•   โ•šโ•โ•   โ•šโ•โ•โ•โ•โ•โ•โ• โ•šโ•โ•โ•โ•โ•โ•โ•šโ•โ•  โ•šโ•โ•โ•šโ•โ•  โ•šโ•โ•โ•โ•
v0.11.0 / Alexander Hagenah / @xaitax / ah@primepage.de

usage: sploitscan.py [-h] [-e {json,JSON,csv,CSV,html,HTML}] [-t {nessus,nexpose,openvas,docker}] [-m METHODS] [-i IMPORT_FILE] [-c CONFIG] [-d] [cve_ids ...]

SploitScan: Retrieve and display vulnerability data as well as public exploits for given CVE ID(s).

positional arguments:
  cve_ids               Enter one or more CVE IDs to fetch data. Separate multiple CVE IDs with spaces. Format for each ID: CVE-YYYY-NNNNN. This argument is optional if an import file is provided
                        using the -i option.

options:
  -h, --help            show this help message and exit
  -e {json,JSON,csv,CSV,html,HTML}, --export {json,JSON,csv,CSV,html,HTML}
                        Optional: Export the results to a JSON, CSV, or HTML file. Specify the format: 'json', 'csv', or 'html'.
  -t {nessus,nexpose,openvas,docker}, --type {nessus,nexpose,openvas,docker}
                        Specify the type of the import file: 'nessus', 'nexpose', 'openvas' or 'docker'.
  -m METHODS, --methods METHODS
                        Specify which methods to run, separated by commas. Options: 'cisa', 'epss', 'hackerone', 'ai', 'prio', 'references', etc.
  -i IMPORT_FILE, --import-file IMPORT_FILE
                        Path to an import file from a vulnerability scanner. If used, CVE IDs can be omitted from the command line arguments.
  -c CONFIG, --config CONFIG
                        Path to a custom config file.
  -d, --debug           Enable debug output.

Single CVE Query

sploitscan CVE-2024-1709

Multiple CVE Query

sploitscan CVE-2024-1709 CVE-2024-21413

Import from Vulnerability Scanner

Specify the type: 'nessus', 'nexpose', 'openvas', or 'docker' and provide the file path.

sploitscan --import-file path/to/yourfile.nessus --type nessus

Select Specific Methods

To run only specific data retrieval methods (e.g., CISA, EPSS, AI risk assessment), use the -m argument:

sploitscan CVE-2024-1709 -m cisa,epss

Export Results

Specify the export format: 'json', 'csv', or 'html'.

sploitscan CVE-2024-1709 -e html

Docker

Ensure you have Docker installed. For installation instructions, see Docker's official installation guide.

To build and run SploitScan in Docker:

docker build -t sploitscan .
docker run --rm sploitscan CVE-2024-1709

With a volume mounted from the current directory

Windows (Powershell)

docker run -v ${PWD}:/app --rm sploitscan CVE-2024-1709 -e JSON

Linux

docker run -v $(pwd):/app --rm sploitscan CVE-2024-1709 -e JSON

๐Ÿค– AI-Powered Risk Assessment

SploitScan integrates with OpenAI to provide a comprehensive AI-powered risk assessment for each CVE. This feature includes:

  • Detailed Risk Assessment: Understand the nature of the vulnerability and its business impact.
  • Potential Attack Scenarios: Get descriptions of potential attack scenarios leveraging the vulnerability.
  • Mitigation Recommendations: Receive specific, actionable recommendations to mitigate the risk.
  • Executive Summary: A concise summary accessible to non-technical stakeholders, highlighting the business impact and urgency.

Example output

$ sploitscan.py CVE-2024-21413

[...]

โ”Œโ”€โ”€โ”€[ ๐Ÿค– AI-Powered Risk Assessment ]
|
| 1. Risk Assessment
| -------------------
| The vulnerability identified by CVE-2024-21413 is a critical remote code execution flaw in
| Microsoft Outlook with a CVSS score of 9.8. The impact on business operations can be severe due to
| its high potential to be exploited over a network without any user interactions or elevated
| privileges. This unvalidated input vulnerability (CWE-20) could allow an attacker to execute
| arbitrary code on the target system, thereby compromising the confidentiality, integrity, and
| availability of critical business data and systems. Given its critical rating and the existence of
| multiple exploits on public repositories like GitHub, the likelihood of exploitation is very high.
| This necessitates immediate attention from the security teams to mitigate the risks associated.
|
| 2. Potential Attack Scenarios
| ------------------------------
| An attacker could exploit this vulnerability by sending a specially crafted email to a victim
| using Microsoft Outlook. Once the email is opened or previewed, the malicious payload would
| execute, allowing the attacker to gain control over the victim's system. The process involves: 1.
| Crafting a malicious email leveraging the specific flaw in email handling within Microsoft
| Outlook. 2. Sending the email to the intended victim. 3. Upon opening or previewing the email, the
| victimโ€™s system executes the malicious code. The potential outcomes of this attack include theft
| of sensitive information, installation of malware or ransomware, and compromising other systems
| within the same network due to lateral movement capabilities.
|
| 3. Mitigation Recommendations
| ------------------------------
| Immediate mitigation recommendation includes: 1. Applying the latest security patches provided by
| Microsoft. Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413 2.
| Implementing network-level protections such as email filtering and network segmentation to limit
| the spread of potential infections. 3. Conducting regular security awareness training for users to
| recognize phishing and malicious emails. 4. Monitoring network and system activity for signs of
| suspicious behavior and unauthorized execution. 5. Regularly backing up critical data and ensuring
| the integrity of backups.
|
| 4. Executive Summary
| ---------------------
| CVE-2024-21413, a critical remote code execution vulnerability in Microsoft Outlook, poses a
| significant risk to businesses due to its potential to be exploited without user interaction.
| Multiple exploit proofs are publicly available, increasing the likelihood of attacks.
| Organizations must act swiftly by applying the necessary patches from Microsoft, enhancing their
| email security protocols, and educating their staff to identify potential phishing attempts.
| Mitigating this vulnerability is essential to protect sensitive information, maintain business
| integrity, and ensure system availability, thus preventing potential financial and reputational
| damage. Immediate action is crucial to safeguard the organization against this severe threat.
|
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€

๐Ÿ›ก๏ธ Patching Priority System

The Patching Prioritization System in SploitScan provides a strategic approach to prioritizing security patches based on the severity and exploitability of vulnerabilities. It's influenced by the model from CVE Prioritizer, with enhancements for handling publicly available exploits. Here's how it works:

  • A+ Priority: Assigned to CVEs listed in CISA's KEV or those with publicly available exploits. This reflects the highest risk and urgency for patching.
  • A to D Priority: Based on a combination of CVSS scores and EPSS probability percentages. The decision matrix is as follows:
    • A: CVSS score >= 6.0 and EPSS score >= 0.2. High severity with a significant probability of exploitation.
    • B: CVSS score >= 6.0 but EPSS score < 0.2. High severity but lower probability of exploitation.
    • C: CVSS score < 6.0 and EPSS score >= 0.2. Lower severity but higher probability of exploitation.
    • D: CVSS score < 6.0 and EPSS score < 0.2. Lower severity and lower probability of exploitation.

This system assists users in making informed decisions on which vulnerabilities to patch first, considering both their potential impact and the likelihood of exploitation. Thresholds can be changed to your business needs.

๐Ÿซฑ๐Ÿผโ€๐Ÿซฒ๐Ÿฝ Contributing

Contributions are welcome! Whether it's fixing bugs, adding new features, or improving the documentation, feel free to fork the repository and submit a pull request. You can also report issues or suggest enhancements through the GitHub issue tracker.

Special thanks to:

๐Ÿ“Œ Author

Alexander Hagenah

๐Ÿ“† Changelog

  • For a detailed list of updates, fixes, and new features, check the Changelog.

๐Ÿ“š References

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sploitscan-0.11.0.tar.gz (63.1 kB view details)

Uploaded Source

Built Distribution

sploitscan-0.11.0-py3-none-any.whl (46.4 kB view details)

Uploaded Python 3

File details

Details for the file sploitscan-0.11.0.tar.gz.

File metadata

  • Download URL: sploitscan-0.11.0.tar.gz
  • Upload date:
  • Size: 63.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.8.18

File hashes

Hashes for sploitscan-0.11.0.tar.gz
Algorithm Hash digest
SHA256 cc383962c85d36b46ffc75f8f03e44b705d2c26b1948642832736805b815f8d8
MD5 a9477d8d04d1c373b2efd4c6d665ecfe
BLAKE2b-256 be71a39c109c1f84106e31693bb3fb0700a8dc5ac5417811c1a2e0d327f75c2d

See more details on using hashes here.

File details

Details for the file sploitscan-0.11.0-py3-none-any.whl.

File metadata

  • Download URL: sploitscan-0.11.0-py3-none-any.whl
  • Upload date:
  • Size: 46.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.8.18

File hashes

Hashes for sploitscan-0.11.0-py3-none-any.whl
Algorithm Hash digest
SHA256 7cef0e797584234471b3fabad413f46066aad492e785a2d979112ba96feda6fa
MD5 9423c63fe9036cff2aac105065d5b7de
BLAKE2b-256 86678290c98cc656d0037694fdaa909b2b227599a4fe29f6b4faf0e8eaacbe66

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page