SploitScan

Overview

SploitScan is a versatile command-line tool that aggregates vulnerability intelligence from multiple sources including NVD (National Vulnerability Database), Exploit-DB, Shodan, GitHub, and security advisories. It performs real-time searches to identify public exploits, proof-of-concepts, and vulnerability details for specified CVE IDs or software products.

The tool is particularly useful during the reconnaissance phase of authorized security assessments, allowing penetration testers to quickly identify available exploits and vulnerabilities affecting target systems without manual database searches.

Installation

Linux/macOS

# Clone the repository
git clone https://github.com/xaitax/SploitScan.git
cd SploitScan

# Install Python dependencies
pip3 install -r requirements.txt

# Make executable
chmod +x sploitscan.py

# Create symlink for system-wide access
sudo ln -s $(pwd)/sploitscan.py /usr/local/bin/sploitscan

Windows

# Clone via Git Bash or PowerShell
git clone https://github.com/xaitax/SploitScan.git
cd SploitScan

# Install dependencies
pip install -r requirements.txt

# Run directly with Python
python sploitscan.py [options]

Using pip (if available)

pip3 install sploitscan
sploitscan --help

Basic Usage

Search by CVE

# Search a single CVE
sploitscan --cve CVE-2024-1234

# Search multiple CVEs
sploitscan --cve CVE-2024-1234 CVE-2024-5678

# Search with detailed output
sploitscan --cve CVE-2024-1234 --verbose

Search by Product/Software

# Search for vulnerabilities in a specific product
sploitscan --product "Apache Log4j"

# Search with version information
sploitscan --product "Microsoft Exchange" --version 2019

Search by Exploit Database

# Search Exploit-DB only
sploitscan --cve CVE-2024-1234 --source exploitdb

# Search multiple sources
sploitscan --cve CVE-2024-1234 --source nvd exploitdb github

Common Commands

Command	Description
`sploitscan --cve CVE-ID`	Search specific CVE across all sources
`sploitscan --product "Name"`	Find vulnerabilities in product
`sploitscan --latest`	Show latest vulnerabilities
`sploitscan --trending`	Display trending exploits
`sploitscan --source DB-NAME`	Search specific database only
`sploitscan --severity high`	Filter by severity level
`sploitscan --output json`	Export results in JSON format
`sploitscan --limit 50`	Limit number of results
`sploitscan --verbose`	Detailed output with all info
`sploitscan --update-db`	Update local databases

Advanced Techniques

Filter by Severity

# High severity only
sploitscan --cve CVE-2024-1234 --severity high

# Critical vulnerabilities
sploitscan --product "Windows" --severity critical

# Multiple severity levels
sploitscan --cve CVE-2024-1234 --severity critical high

Output Formatting

# JSON output for parsing
sploitscan --cve CVE-2024-1234 --output json > results.json

# CSV export
sploitscan --product "Docker" --output csv > vuln_report.csv

# Pretty-printed text
sploitscan --cve CVE-2024-1234 --output text --verbose

Automated Scanning

# Scan multiple CVEs from file
while read cve; do
  sploitscan --cve "$cve"
done < cve_list.txt

# Batch processing with output
for cve in CVE-2024-1234 CVE-2024-5678 CVE-2024-9012; do
  echo "=== Scanning $cve ===" >> report.txt
  sploitscan --cve "$cve" --output json >> report.txt
done

CVSS Score Filtering

# Find vulnerabilities with CVSS > 8.0
sploitscan --product "Apache" --cvss-min 8.0

# Range filtering
sploitscan --cve CVE-2024-1234 --cvss-min 5.0 --cvss-max 7.9

Database Sources

Primary Sources

Source	Coverage	Update Frequency	Details
NVD (NIST)	~200,000+ CVEs	Real-time	Official CVE repository
Exploit-DB	~40,000+ exploits	Daily	Public exploit collection
Shodan	Internet scans	Continuous	Vulnerable service detection
GitHub	PoC repos	Real-time	Security research POCs
CISA	Recent exploits	Daily	US government advisories
PacketStorm	Multiple	Daily	Security news and exploits

API Integration

# Configure API keys for enhanced results
export SHODAN_API_KEY="your_key_here"
export GITHUB_API_TOKEN="your_token_here"

sploitscan --cve CVE-2024-1234 --use-apis

Practical Assessment Scenarios

Pre-Engagement Reconnaissance

# Scan all known vulnerabilities for target software stack
sploitscan --product "Apache 2.4.41" --verbose > apache_vulns.txt
sploitscan --product "PHP 7.4" --verbose > php_vulns.txt

# Prioritize by CVSS score
sploitscan --product "OpenSSL 1.1.1" --cvss-min 7.0

Exploit Availability Check

# Verify public exploits exist for vulnerability
sploitscan --cve CVE-2024-1234 --source exploitdb github

# Check PoC availability on GitHub
sploitscan --cve CVE-2024-1234 --source github --output json | grep -i "github_repo"

Vulnerability Comparison

# Generate report comparing two products
{
  echo "=== Product A Vulnerabilities ===" 
  sploitscan --product "Product A" --severity critical
  echo ""
  echo "=== Product B Vulnerabilities ===" 
  sploitscan --product "Product B" --severity critical
} > comparison.txt

Trend Analysis

# Identify trending exploits affecting your environment
sploitscan --trending --severity high

# Check if target software appears in recent exploits
sploitscan --product "Windows Server" --latest

Output Analysis

Parsing JSON Results

# Extract CVE IDs from results
sploitscan --product "Apache" --output json | jq '.results[].cve_id'

# Get exploit URLs
sploitscan --cve CVE-2024-1234 --output json | jq '.results[].exploit_url'

# Filter by CVSS score
sploitscan --product "OpenSSL" --output json | jq '.results[] | select(.cvss_score >= 8.0)'

Generating Reports

# Create formatted vulnerability report
{
  echo "Vulnerability Assessment Report - $(date)"
  echo "Target: Apache 2.4.41"
  echo "Generated: $(date)"
  echo ""
  sploitscan --product "Apache 2.4.41" --output text --verbose
} > assessment_report.txt

# HTML report generation
sploitscan --product "Apache" --output json | python3 << 'EOF'
import json, sys
data = json.load(sys.stdin)
print("<html><table>")
for item in data.get('results', []):
    print(f"<tr><td>{item['cve_id']}</td><td>{item['title']}</td></tr>")
print("</table></html>")
EOF

Configuration

Config File Location

# Linux/macOS
~/.sploitscan/config.yaml

# Windows
%APPDATA%\sploitscan\config.yaml

Sample Configuration

# Default severity filter
default_severity: "medium"

# Default number of results
default_limit: 25

# Enable API sources
use_apis: true

# API keys
api_keys:
  shodan: "your_key"
  github: "your_token"

# Database sources priority
sources:
  - nvd
  - exploitdb
  - github
  - shodan

# Cache settings
cache_enabled: true
cache_expiry_hours: 24

Performance Optimization

Parallel Scanning

# Use GNU parallel for batch processing
cat cve_list.txt | parallel sploitscan --cve {} --output json

# With xargs
cat cve_list.txt | xargs -n 1 -P 4 sploitscan --cve

Caching Results

# Enable caching for repeated searches
sploitscan --cve CVE-2024-1234 --cache

# Clear cache
sploitscan --clear-cache

# Check cache status
sploitscan --cache-info

Troubleshooting

Common Issues

# No results returned
# Solution: Check internet connection and API rate limits
sploitscan --cve CVE-2024-1234 --verbose

# SSL certificate errors
# Solution: Update certificates or disable SSL verification (use cautiously)
sploitscan --cve CVE-2024-1234 --insecure

# Rate limiting
# Solution: Add delays between requests
sploitscan --cve CVE-2024-1234 --delay 2

Debugging

# Enable debug logging
sploitscan --cve CVE-2024-1234 --debug

# Log to file
sploitscan --cve CVE-2024-1234 --log-file debug.log --log-level debug

# Check version and configuration
sploitscan --version
sploitscan --config-info

Best Practices

Verify Authorization: Always ensure you have written permission before scanning targets
Cross-Reference Sources: Don’t rely on single database; verify findings across multiple sources
Update Regularly: Run --update-db frequently to get latest vulnerability information
Respect Rate Limits: Implement delays when performing large-scale scans
Document Findings: Export results and maintain detailed assessment records
Privacy: Configure API keys securely and never commit them to version control
Staged Approach: Test with known CVEs first before production assessments

Integration Examples

Integration with Metasploit

# Export exploits for Metasploit usage
sploitscan --cve CVE-2024-1234 --output json | grep -i "metasploit_module"

# Automated module checking
for cve in $(cat targets.txt); do
  sploitscan --cve "$cve" | grep -i metasploit
done

Integration with OSINT Tools

# Feed results to TheHarvester
sploitscan --product "Company Software" --output json > results.json

# Correlate with vulnerability scanners
# Use SploitScan findings to prioritize Nessus/OpenVAS scans

Resources

Official Repository: https://github.com/xaitax/SploitScan
CVE Database: https://nvd.nist.gov
Exploit-DB: https://www.exploit-db.com
GitHub Security: https://github.com/topics/security-exploit

Summary

SploitScan streamlines vulnerability research by aggregating intelligence from multiple sources. Effective use requires proper authorization, systematic methodology, and careful result verification. Regular database updates and integration with other security tools maximize assessment effectiveness.