ThreatTracer - CVE Checker, Public Exploit Enumerater and ZeroDay finder against any product
This script fetches CVE details for a given component and version by identifying relevant CPEs, and searches for public exploits for relevant CVEs.
- Make sure you have Python3 installed on your system.
- Install required libraries using
pip3 install -r requirements.txt. - Run the script using
python3 threattracer.py.
This script uses the National Vulnerability Database (NVD) API to fetch Common Vulnerabilities and Exposures (CVE) details for a specified component and version.
- CVE Finder Script: This script is designed to identify Common Vulnerabilities and Exposures (CVEs) based on the name and version of a component.
- User-friendly Interaction: The script interacts with users to input the name and version of a software component, making it easy to search for CVEs.
- Web Scraping: The script utilizes web scraping techniques to fetch Common Platform Enumeration (CPE) information from NIST's National Vulnerability Database (NVD).
- Colorful Output: Output messages are color-coded using the termcolor library to enhance readability and provide a visually appealing experience.
- CPE Search: The script searches for all matching CPEs for the specified component and version, displaying the URLs used for CPE retrieval.
- CVE Querying: It then queries the NVD API using the CPE information to fetch CVE details for each CPE found.
- Detailed Information: The script displays detailed information about each CVE, including the CVE ID, description, weaknesses, and link to the NVD page.
- Robust Error Handling: The script handles cases where CPEs are not found, providing appropriate error messages to users.
- Easy-to-Use: The user interface is designed to be straightforward, allowing users to quickly search for CVEs associated with a specific software version.
- CPEs Enumeration: When multiple CPEs are found, the script lists all the discovered CPEs before proceeding to query CVE details for each one.
- Reusability: The modular structure of the script makes it reusable and easy to integrate into other projects or scripts.
- Interactive Prompt: The script employs an interactive prompt to guide users through the process of entering the software component and version.
- Automated Querying: The script automates the process of querying and fetching CVE details, saving users time and effort.
- API Integration: It leverages the NVD API to retrieve and present accurate CVE information for the specified software version.
- Store results in text: Store the results in a nice formatted way [In first version, not supported any more]
- Add every CVE public exploit via
pyExploitDbfeature by @meppohak5 - The v2.1 release of the code optimizes the previous version by incorporating asynchronous HTTP requests using the aiohttp library, faster response time.
- https://poc-in-github.motikan2010.net -> Github POC lookup support.
- Reverse search for public exploits/ 0-Days over
packetstormsecurity - Search for all possible exploits/ 0Days.
- Python (3.6+ recommended)
requestslibrary (pip3 install requests)termcolorlibrary (pip3 install termcolor)pyExploitDblibrary (pip3 install pyExploitDb==1.0.0)aiohttplibrary (pip3 install aiohttp)
- Run the script.
- Enter the component (e.g.,
jquery). - Enter the version (e.g.,
1.0.0).
The script will display relevant CVE information, if available.
ThreatTracer_Exploit_Identifier_POC.Demo.mp4
Sometimes the vulnerability doesn't have CVE associated yet and it is possible that a public exploit is available.
Shoot my DM : @FR13ND0x7F
@FR13ND0x7F @0xCaretaker @meppohak5 Contribute to be mentioned here.
Feel free to enhance, modify, or contribute to this script to suit your needs and explore more security-related projects!
Give me a Star in the repository or follow me @FR13ND0x7F , thats enough for me :P