Vulnify is a vulnerability notification system integrated with Telegram Bot API as communication channel, and VulnDB API as vulnerability intelligence service.
This is useful for Cyber Security teams, like cyber threat analysts, to be notified instantly after a new vulnerability revealed.
This project has scalable code-base in order to integrate more communication services like E-mail, SMS, Voice call or anything else support Python!
The bot sends message to the group, in which bot added, when any new vulnerability entry available in Vulndb API.
- Use the package manager pip to install dependencies.
pip install -r requirements.txt- Only Unix systems supported! (for now)
- Create a Telegram Group, obtain group chat id and save it into app.config file
- Create a Telegram Bot and get token key, then save it into app.config file
- Add that bot into the group
- Create a Vulndb account, get the API key and save it into app.config file
the final result of app.config file below:
{
"telegram": {"token": "TELEGRAM_BOT_TOKEN_HERE", "group_id": "TELEGRAM_GROUP_CHAT_ID_HERE"},
"vulndb": {"endpoint_url": "hxxtp://...", "keys": "VULNDB_API_KEY_HERE", "logfiles": "/tmp"}
}
- Schedule an hourly basis task via crontab or any task scheduler for main.py file (A vps or cloud app service is recommended)
To don't waste Vulndb API request limit (bcz the free API is limited), use example.json file for parsing, filtering etc..
In Vulnify.py file, comment out API request api method and enable code blocks regarding reading example.json file
# feedlist = self.__request_api()
with open("example.json") as json_file:
example = json.load(json_file)
feedlist = example- Multiple Vulndb API calls will be implemented to notify more information about vulnerability, including vulnerability simplicity, exploit availability, vulnerability class etc...
- Parameterized filtering, ex: only Windows based vulnerabilities to be notified.
- More communication channels will be supported like using Twilio API for SMS, Email, or even Voice Call.
A comprehensive guideline for how to contribute the project in wiki page.
Any contribution to enrich functionality of the project will be considered.