SploitScan
Overview
Sección titulada «Overview»SploitScan is a versatile command-line tool that aggregates vulnerability intelligence from multiple sources including NVD (National Vulnerability Database), Exploit-DB, Shodan, GitHub, and security advisories. It performs real-time searches to identify public exploits, proof-of-concepts, and vulnerability details for specified CVE IDs or software products.
The tool is particularly useful during the reconnaissance phase of authorized security assessments, allowing penetration testers to quickly identify available exploits and vulnerabilities affecting target systems without manual database searches.
Installation
Sección titulada «Installation»Linux/macOS
Sección titulada «Linux/macOS»# Clone the repository
git clone https://github.com/xaitax/SploitScan.git
cd SploitScan
# Install Python dependencies
pip3 install -r requirements.txt
# Make executable
chmod +x sploitscan.py
# Create symlink for system-wide access
sudo ln -s $(pwd)/sploitscan.py /usr/local/bin/sploitscanWindows
Sección titulada «Windows»# Clone via Git Bash or PowerShell
git clone https://github.com/xaitax/SploitScan.git
cd SploitScan
# Install dependencies
pip install -r requirements.txt
# Run directly with Python
python sploitscan.py [options]Using pip (if available)
Sección titulada «Using pip (if available)»pip3 install sploitscan
sploitscan --helpBasic Usage
Sección titulada «Basic Usage»Search by CVE
Sección titulada «Search by CVE»# Search a single CVE
sploitscan --cve CVE-2024-1234
# Search multiple CVEs
sploitscan --cve CVE-2024-1234 CVE-2024-5678
# Search with detailed output
sploitscan --cve CVE-2024-1234 --verboseSearch by Product/Software
Sección titulada «Search by Product/Software»# Search for vulnerabilities in a specific product
sploitscan --product "Apache Log4j"
# Search with version information
sploitscan --product "Microsoft Exchange" --version 2019Search by Exploit Database
Sección titulada «Search by Exploit Database»# Search Exploit-DB only
sploitscan --cve CVE-2024-1234 --source exploitdb
# Search multiple sources
sploitscan --cve CVE-2024-1234 --source nvd exploitdb githubCommon Commands
Sección titulada «Common Commands»| Command | Description |
|---|---|
sploitscan --cve CVE-ID | Search specific CVE across all sources |
sploitscan --product "Name" | Find vulnerabilities in product |
sploitscan --latest | Show latest vulnerabilities |
sploitscan --trending | Display trending exploits |
sploitscan --source DB-NAME | Search specific database only |
sploitscan --severity high | Filter by severity level |
sploitscan --output json | Export results in JSON format |
sploitscan --limit 50 | Limit number of results |
sploitscan --verbose | Detailed output with all info |
sploitscan --update-db | Update local databases |
Advanced Techniques
Sección titulada «Advanced Techniques»Filter by Severity
Sección titulada «Filter by Severity»# High severity only
sploitscan --cve CVE-2024-1234 --severity high
# Critical vulnerabilities
sploitscan --product "Windows" --severity critical
# Multiple severity levels
sploitscan --cve CVE-2024-1234 --severity critical highOutput Formatting
Sección titulada «Output Formatting»# JSON output for parsing
sploitscan --cve CVE-2024-1234 --output json > results.json
# CSV export
sploitscan --product "Docker" --output csv > vuln_report.csv
# Pretty-printed text
sploitscan --cve CVE-2024-1234 --output text --verboseAutomated Scanning
Sección titulada «Automated Scanning»# Scan multiple CVEs from file
while read cve; do
sploitscan --cve "$cve"
done < cve_list.txt
# Batch processing with output
for cve in CVE-2024-1234 CVE-2024-5678 CVE-2024-9012; do
echo "=== Scanning $cve ===" >> report.txt
sploitscan --cve "$cve" --output json >> report.txt
doneCVSS Score Filtering
Sección titulada «CVSS Score Filtering»# Find vulnerabilities with CVSS > 8.0
sploitscan --product "Apache" --cvss-min 8.0
# Range filtering
sploitscan --cve CVE-2024-1234 --cvss-min 5.0 --cvss-max 7.9Database Sources
Sección titulada «Database Sources»Primary Sources
Sección titulada «Primary Sources»| Source | Coverage | Update Frequency | Details |
|---|---|---|---|
| NVD (NIST) | ~200,000+ CVEs | Real-time | Official CVE repository |
| Exploit-DB | ~40,000+ exploits | Daily | Public exploit collection |
| Shodan | Internet scans | Continuous | Vulnerable service detection |
| GitHub | PoC repos | Real-time | Security research POCs |
| CISA | Recent exploits | Daily | US government advisories |
| PacketStorm | Multiple | Daily | Security news and exploits |
API Integration
Sección titulada «API Integration»# Configure API keys for enhanced results
export SHODAN_API_KEY="your_key_here"
export GITHUB_API_TOKEN="your_token_here"
sploitscan --cve CVE-2024-1234 --use-apisPractical Assessment Scenarios
Sección titulada «Practical Assessment Scenarios»Pre-Engagement Reconnaissance
Sección titulada «Pre-Engagement Reconnaissance»# Scan all known vulnerabilities for target software stack
sploitscan --product "Apache 2.4.41" --verbose > apache_vulns.txt
sploitscan --product "PHP 7.4" --verbose > php_vulns.txt
# Prioritize by CVSS score
sploitscan --product "OpenSSL 1.1.1" --cvss-min 7.0Exploit Availability Check
Sección titulada «Exploit Availability Check»# Verify public exploits exist for vulnerability
sploitscan --cve CVE-2024-1234 --source exploitdb github
# Check PoC availability on GitHub
sploitscan --cve CVE-2024-1234 --source github --output json | grep -i "github_repo"Vulnerability Comparison
Sección titulada «Vulnerability Comparison»# Generate report comparing two products
{
echo "=== Product A Vulnerabilities ==="
sploitscan --product "Product A" --severity critical
echo ""
echo "=== Product B Vulnerabilities ==="
sploitscan --product "Product B" --severity critical
} > comparison.txtTrend Analysis
Sección titulada «Trend Analysis»# Identify trending exploits affecting your environment
sploitscan --trending --severity high
# Check if target software appears in recent exploits
sploitscan --product "Windows Server" --latestOutput Analysis
Sección titulada «Output Analysis»Parsing JSON Results
Sección titulada «Parsing JSON Results»# Extract CVE IDs from results
sploitscan --product "Apache" --output json | jq '.results[].cve_id'
# Get exploit URLs
sploitscan --cve CVE-2024-1234 --output json | jq '.results[].exploit_url'
# Filter by CVSS score
sploitscan --product "OpenSSL" --output json | jq '.results[] | select(.cvss_score >= 8.0)'Generating Reports
Sección titulada «Generating Reports»# Create formatted vulnerability report
{
echo "Vulnerability Assessment Report - $(date)"
echo "Target: Apache 2.4.41"
echo "Generated: $(date)"
echo ""
sploitscan --product "Apache 2.4.41" --output text --verbose
} > assessment_report.txt
# HTML report generation
sploitscan --product "Apache" --output json | python3 << 'EOF'
import json, sys
data = json.load(sys.stdin)
print("<html><table>")
for item in data.get('results', []):
print(f"<tr><td>{item['cve_id']}</td><td>{item['title']}</td></tr>")
print("</table></html>")
EOFConfiguration
Sección titulada «Configuration»Config File Location
Sección titulada «Config File Location»# Linux/macOS
~/.sploitscan/config.yaml
# Windows
%APPDATA%\sploitscan\config.yamlSample Configuration
Sección titulada «Sample Configuration»# Default severity filter
default_severity: "medium"
# Default number of results
default_limit: 25
# Enable API sources
use_apis: true
# API keys
api_keys:
shodan: "your_key"
github: "your_token"
# Database sources priority
sources:
- nvd
- exploitdb
- github
- shodan
# Cache settings
cache_enabled: true
cache_expiry_hours: 24Performance Optimization
Sección titulada «Performance Optimization»Parallel Scanning
Sección titulada «Parallel Scanning»# Use GNU parallel for batch processing
cat cve_list.txt | parallel sploitscan --cve {} --output json
# With xargs
cat cve_list.txt | xargs -n 1 -P 4 sploitscan --cveCaching Results
Sección titulada «Caching Results»# Enable caching for repeated searches
sploitscan --cve CVE-2024-1234 --cache
# Clear cache
sploitscan --clear-cache
# Check cache status
sploitscan --cache-infoTroubleshooting
Sección titulada «Troubleshooting»Common Issues
Sección titulada «Common Issues»# No results returned
# Solution: Check internet connection and API rate limits
sploitscan --cve CVE-2024-1234 --verbose
# SSL certificate errors
# Solution: Update certificates or disable SSL verification (use cautiously)
sploitscan --cve CVE-2024-1234 --insecure
# Rate limiting
# Solution: Add delays between requests
sploitscan --cve CVE-2024-1234 --delay 2Debugging
Sección titulada «Debugging»# Enable debug logging
sploitscan --cve CVE-2024-1234 --debug
# Log to file
sploitscan --cve CVE-2024-1234 --log-file debug.log --log-level debug
# Check version and configuration
sploitscan --version
sploitscan --config-infoBest Practices
Sección titulada «Best Practices»- Verify Authorization: Always ensure you have written permission before scanning targets
- Cross-Reference Sources: Don’t rely on single database; verify findings across multiple sources
- Update Regularly: Run
--update-dbfrequently to get latest vulnerability information - Respect Rate Limits: Implement delays when performing large-scale scans
- Document Findings: Export results and maintain detailed assessment records
- Privacy: Configure API keys securely and never commit them to version control
- Staged Approach: Test with known CVEs first before production assessments
Integration Examples
Sección titulada «Integration Examples»Integration with Metasploit
Sección titulada «Integration with Metasploit»# Export exploits for Metasploit usage
sploitscan --cve CVE-2024-1234 --output json | grep -i "metasploit_module"
# Automated module checking
for cve in $(cat targets.txt); do
sploitscan --cve "$cve" | grep -i metasploit
doneIntegration with OSINT Tools
Sección titulada «Integration with OSINT Tools»# Feed results to TheHarvester
sploitscan --product "Company Software" --output json > results.json
# Correlate with vulnerability scanners
# Use SploitScan findings to prioritize Nessus/OpenVAS scansResources
Sección titulada «Resources»- Official Repository: https://github.com/xaitax/SploitScan
- CVE Database: https://nvd.nist.gov
- Exploit-DB: https://www.exploit-db.com
- GitHub Security: https://github.com/topics/security-exploit
Summary
Sección titulada «Summary»SploitScan streamlines vulnerability research by aggregating intelligence from multiple sources. Effective use requires proper authorization, systematic methodology, and careful result verification. Regular database updates and integration with other security tools maximize assessment effectiveness.