SploitScan
Overview
SploitScan is a versatile command-line tool that aggregates vulnerability intelligence from multiple sources including NVD (National Vulnerability Database), Exploit-DB, Shodan, GitHub, and security advisories. It performs real-time searches to identify public exploits, proof-of-concepts, and vulnerability details for specified CVE IDs or software products.
The tool is particularly useful during the reconnaissance phase of authorized security assessments, allowing penetration testers to quickly identify available exploits and vulnerabilities affecting target systems without manual database searches.
Installation
Linux/macOS
# Clone the repository
git clone https://github.com/xaitax/SploitScan.git
cd SploitScan
# Install Python dependencies
pip3 install -r requirements.txt
# Make executable
chmod +x sploitscan.py
# Create symlink for system-wide access
sudo ln -s $(pwd)/sploitscan.py /usr/local/bin/sploitscanWindows
# Clone via Git Bash or PowerShell
git clone https://github.com/xaitax/SploitScan.git
cd SploitScan
# Install dependencies
pip install -r requirements.txt
# Run directly with Python
python sploitscan.py [options]Using pip (if available)
pip3 install sploitscan
sploitscan --helpBasic Usage
Search by CVE
# Search a single CVE
sploitscan --cve CVE-2024-1234
# Search multiple CVEs
sploitscan --cve CVE-2024-1234 CVE-2024-5678
# Search with detailed output
sploitscan --cve CVE-2024-1234 --verboseSearch by Product/Software
# Search for vulnerabilities in a specific product
sploitscan --product "Apache Log4j"
# Search with version information
sploitscan --product "Microsoft Exchange" --version 2019Search by Exploit Database
# Search Exploit-DB only
sploitscan --cve CVE-2024-1234 --source exploitdb
# Search multiple sources
sploitscan --cve CVE-2024-1234 --source nvd exploitdb githubCommon Commands
| Command | Description |
|---|---|
sploitscan --cve CVE-ID | Search specific CVE across all sources |
sploitscan --product "Name" | Find vulnerabilities in product |
sploitscan --latest | Show latest vulnerabilities |
sploitscan --trending | Display trending exploits |
sploitscan --source DB-NAME | Search specific database only |
sploitscan --severity high | Filter by severity level |
sploitscan --output json | Export results in JSON format |
sploitscan --limit 50 | Limit number of results |
sploitscan --verbose | Detailed output with all info |
sploitscan --update-db | Update local databases |
Advanced Techniques
Filter by Severity
# High severity only
sploitscan --cve CVE-2024-1234 --severity high
# Critical vulnerabilities
sploitscan --product "Windows" --severity critical
# Multiple severity levels
sploitscan --cve CVE-2024-1234 --severity critical highOutput Formatting
# JSON output for parsing
sploitscan --cve CVE-2024-1234 --output json > results.json
# CSV export
sploitscan --product "Docker" --output csv > vuln_report.csv
# Pretty-printed text
sploitscan --cve CVE-2024-1234 --output text --verboseAutomated Scanning
# Scan multiple CVEs from file
while read cve; do
sploitscan --cve "$cve"
done < cve_list.txt
# Batch processing with output
for cve in CVE-2024-1234 CVE-2024-5678 CVE-2024-9012; do
echo "=== Scanning $cve ===" >> report.txt
sploitscan --cve "$cve" --output json >> report.txt
doneCVSS Score Filtering
# Find vulnerabilities with CVSS > 8.0
sploitscan --product "Apache" --cvss-min 8.0
# Range filtering
sploitscan --cve CVE-2024-1234 --cvss-min 5.0 --cvss-max 7.9Database Sources
Primary Sources
| Source | Coverage | Update Frequency | Details |
|---|---|---|---|
| NVD (NIST) | ~200,000+ CVEs | Real-time | Official CVE repository |
| Exploit-DB | ~40,000+ exploits | Daily | Public exploit collection |
| Shodan | Internet scans | Continuous | Vulnerable service detection |
| GitHub | PoC repos | Real-time | Security research POCs |
| CISA | Recent exploits | Daily | US government advisories |
| PacketStorm | Multiple | Daily | Security news and exploits |
API Integration
# Configure API keys for enhanced results
export SHODAN_API_KEY="your_key_here"
export GITHUB_API_TOKEN="your_token_here"
sploitscan --cve CVE-2024-1234 --use-apisPractical Assessment Scenarios
Pre-Engagement Reconnaissance
# Scan all known vulnerabilities for target software stack
sploitscan --product "Apache 2.4.41" --verbose > apache_vulns.txt
sploitscan --product "PHP 7.4" --verbose > php_vulns.txt
# Prioritize by CVSS score
sploitscan --product "OpenSSL 1.1.1" --cvss-min 7.0Exploit Availability Check
# Verify public exploits exist for vulnerability
sploitscan --cve CVE-2024-1234 --source exploitdb github
# Check PoC availability on GitHub
sploitscan --cve CVE-2024-1234 --source github --output json | grep -i "github_repo"Vulnerability Comparison
# Generate report comparing two products
{
echo "=== Product A Vulnerabilities ==="
sploitscan --product "Product A" --severity critical
echo ""
echo "=== Product B Vulnerabilities ==="
sploitscan --product "Product B" --severity critical
} > comparison.txtTrend Analysis
# Identify trending exploits affecting your environment
sploitscan --trending --severity high
# Check if target software appears in recent exploits
sploitscan --product "Windows Server" --latestOutput Analysis
Parsing JSON Results
# Extract CVE IDs from results
sploitscan --product "Apache" --output json | jq '.results[].cve_id'
# Get exploit URLs
sploitscan --cve CVE-2024-1234 --output json | jq '.results[].exploit_url'
# Filter by CVSS score
sploitscan --product "OpenSSL" --output json | jq '.results[] | select(.cvss_score >= 8.0)'Generating Reports
# Create formatted vulnerability report
{
echo "Vulnerability Assessment Report - $(date)"
echo "Target: Apache 2.4.41"
echo "Generated: $(date)"
echo ""
sploitscan --product "Apache 2.4.41" --output text --verbose
} > assessment_report.txt
# HTML report generation
sploitscan --product "Apache" --output json | python3 << 'EOF'
import json, sys
data = json.load(sys.stdin)
print("<html><table>")
for item in data.get('results', []):
print(f"<tr><td>{item['cve_id']}</td><td>{item['title']}</td></tr>")
print("</table></html>")
EOFConfiguration
Config File Location
# Linux/macOS
~/.sploitscan/config.yaml
# Windows
%APPDATA%\sploitscan\config.yamlSample Configuration
# Default severity filter
default_severity: "medium"
# Default number of results
default_limit: 25
# Enable API sources
use_apis: true
# API keys
api_keys:
shodan: "your_key"
github: "your_token"
# Database sources priority
sources:
- nvd
- exploitdb
- github
- shodan
# Cache settings
cache_enabled: true
cache_expiry_hours: 24Performance Optimization
Parallel Scanning
# Use GNU parallel for batch processing
cat cve_list.txt | parallel sploitscan --cve {} --output json
# With xargs
cat cve_list.txt | xargs -n 1 -P 4 sploitscan --cveCaching Results
# Enable caching for repeated searches
sploitscan --cve CVE-2024-1234 --cache
# Clear cache
sploitscan --clear-cache
# Check cache status
sploitscan --cache-infoTroubleshooting
Common Issues
# No results returned
# Solution: Check internet connection and API rate limits
sploitscan --cve CVE-2024-1234 --verbose
# SSL certificate errors
# Solution: Update certificates or disable SSL verification (use cautiously)
sploitscan --cve CVE-2024-1234 --insecure
# Rate limiting
# Solution: Add delays between requests
sploitscan --cve CVE-2024-1234 --delay 2Debugging
# Enable debug logging
sploitscan --cve CVE-2024-1234 --debug
# Log to file
sploitscan --cve CVE-2024-1234 --log-file debug.log --log-level debug
# Check version and configuration
sploitscan --version
sploitscan --config-infoBest Practices
- Verify Authorization: Always ensure you have written permission before scanning targets
- Cross-Reference Sources: Don’t rely on single database; verify findings across multiple sources
- Update Regularly: Run
--update-dbfrequently to get latest vulnerability information - Respect Rate Limits: Implement delays when performing large-scale scans
- Document Findings: Export results and maintain detailed assessment records
- Privacy: Configure API keys securely and never commit them to version control
- Staged Approach: Test with known CVEs first before production assessments
Integration Examples
Integration with Metasploit
# Export exploits for Metasploit usage
sploitscan --cve CVE-2024-1234 --output json | grep -i "metasploit_module"
# Automated module checking
for cve in $(cat targets.txt); do
sploitscan --cve "$cve" | grep -i metasploit
doneIntegration with OSINT Tools
# Feed results to TheHarvester
sploitscan --product "Company Software" --output json > results.json
# Correlate with vulnerability scanners
# Use SploitScan findings to prioritize Nessus/OpenVAS scansResources
- Official Repository: https://github.com/xaitax/SploitScan
- CVE Database: https://nvd.nist.gov
- Exploit-DB: https://www.exploit-db.com
- GitHub Security: https://github.com/topics/security-exploit
Summary
SploitScan streamlines vulnerability research by aggregating intelligence from multiple sources. Effective use requires proper authorization, systematic methodology, and careful result verification. Regular database updates and integration with other security tools maximize assessment effectiveness.