Tools
Software within the Vulnerability-Lookup project.
Sightings
Vulnerability-Lookup facilitates the recording of vulnerability sightings, regardless of whether they have been published by a source. A suite of sighting clients is already available to support this functionality:
Tool | Description |
---|---|
ShadowSight | A client that retrieves vulnerability observations from the The Shadowserver Foundation and pushes them to a Vulnerability-Lookup instance. |
FediVuln | A client to gather vulnerability-related information from the Fediverse. |
BlueSkySight | A client to gather vulnerability-related information from Bluesky. |
MISPSight | A client that retrieves vulnerability observations from a MISP server and pushes them to a Vulnerability-Lookup instance. |
NucleiVuln | A client designed to retrieve vulnerability-related observations from the Nuclei Git repository of templates and pushes them to a Vulnerability-Lookup instance. |
ExploitDBSighting | A client that retrieves vulnerability observations from Exploit-DB and pushes them to a Vulnerability-Lookup instance. |
KEVSight | A client to generate sightings for Vulnerability-Lookup from the Known Exploited Vulnerabilities (KEV) catalog. |
GistSight | A client for gathering vulnerability-related information from GitHub Gists. |
More information related to the sightings can be found in the user manual.
Libraries to access the Vulnerability-Lookup API
- PyVulnerabilityLookup the official Python library using the Vulnerability-Lookup Rest API.
Software extending Vulnerability-Lookup
- CPE Guesser - a command-line tool or web service designed to guess the CPE name based on one or more keywords.
Software using Vulnerability-Lookup
- Nmap vulnerability lookup script For each available CPE the script prints out known vulns (links to the correspondent info) and correspondent CVSS scores.