A client-server application for comprehensive CVE analysis, exploit detection and vulnerability assessment. The system provides a modern web interface with powerful features to aggregate data from multiple trusted sources, helping security professionals evaluate risks, detect available exploits and determine patching priorities through detailed analysis and reporting capabilities.
Installation Guide β’ Features β’ Examples β’ Roadmap
Click to expand
Exploit Seek is a comprehensive client-server application designed to analyze CVE vulnerabilities and detect available exploits. The system features an intuitive web interface with bilingual support, customizable themes, and real-time analysis tracking. It collects and processes data from multiple trusted sources, including exploit databases, security research repositories, and vulnerability intelligence platforms, helping security professionals assess exploitation risks, identify public exploits, and generate detailed analytical reports.
- Dark/Light theme support for comfortable work at any time
- Bilingual interface (English/Russian)
- Real-time analysis progress tracking
- File history with quick access to previous reports
- User-friendly settings management:
- Server configuration
- API keys management
- Proxy configuration (HTTP/HTTPS support with authentication)
- Language selection
- Theme preferences
- Secure authentication system
- Comprehensive vulnerability assessment using CVSS scoring system
- Exploitation probability evaluation through EPSS
- Public exploit detection from multiple sources:
- ExploitDB repository scanning
- GitHub security research monitoring
- VulnCheck intelligence integration
- Integration with CISA Known Exploited Vulnerabilities (KEV) catalog
- Nuclei template matching for vulnerability verification
- Advanced patching priority assessment (A+ to D rating) based on:
- CVSS base scores
- EPSS probability
- Public exploit availability
- Presence in CISA KEV catalog
- Multiple vulnerability scanner format support:
- REDCheck reports
- Nmap Vulners output
- Custom XML formats
- Direct CVE list input
- PDF report analysis
- Plain text file processing
- Detailed Excel reports with:
- Summary statistics
- Color-coded priority indicators
- Data filtering capabilities
- Multiple sheets for exploits and references
- HTML report generation with interactive elements
- Bilingual report support (English/Russian)
- Intelligent caching system for external API responses:
- Reduces API calls and improves response time
- Handles rate limits and service outages
- Caches EPSS scores, exploit data, KEV catalog, and more
- 24-hour cache duration with automatic invalidation
- Works offline for previously analyzed CVEs
View sample reports and outputs in our examples directory:
Application Screenshot
# Clone repository
git clone https://github.com/cansolele/exploit-seek.git
cd exploit-seek
# Build and start containers
docker-compose build --no-cache
docker-compose up -d
# The server will be available at http://0.0.0.0:5000
# The client will be available at http://0.0.0.0:8080Server Setup
- Install system dependencies:
sudo apt update
sudo apt install -y python3 python3-pip python3-venv libxml-xpath-perl pdfgrep- Create and activate virtual environment:
python3 -m venv venv
source venv/bin/activate- Install Python dependencies:
cd server
pip install -r requirements.txt- Run the server:
# Development mode
python server.py
# Production mode with Gunicorn
gunicorn --worker-class geventwebsocket.gunicorn.workers.GeventWebSocketWorker \
--workers 1 --bind 0.0.0.0:5000 server:appClient Setup
- Navigate to the client directory:
cd exploit-seek/client- Install client dependencies:
npm install- Build the client application:
npm run build- Serve the client application:
- Using Python's HTTP server:
python3 -m http.server 8080 --directory dist- Or using Node.js serve package:
npx serve -s distexploit-seek/
ββ client/ # Frontend application
β ββ Dockerfile
β ββ src/
β β ββ components/ # React components
β β β ββ Auth/ # Authentication components
β β β ββ ExploitsTable/ # Main analysis interface
β β β ββ Footer/ # Footer components
β β β ββ Header/ # Header and settings
β β ββ hooks/ # Custom React hooks
β β ββ App.jsx # Main application component
β ββ vite.config.js # Vite configuration
ββ server/ # Backend application
β ββ Dockerfile
β ββ config/ # Configuration files
β β ββ service_config.py # Service settings
β ββ constants/ # Application constants
β β ββ api_endpoints.py # API endpoints
β β ββ directories.py # Directory paths
β β ββ messages.py # Message strings
β β ββ thresholds.py # Threshold values
β ββ models/ # Database models
β ββ parsers/ # Input data parsers
β β ββ base_parser.py # Base parser class
β β ββ manual_parser.py # Manual input parser
β β ββ nmap_parser.py # Nmap XML parser
β β ββ redcheck_parser.py # RedCheck parser
β ββ routes/ # API routes
β β ββ exploits_routes.py # Exploit analysis routes
β β ββ settings_routes.py # Settings management
β ββ services/ # Business logic services
β β ββ api/ # External API services
β β β ββ nvd_service.py # NVD API integration
β β β ββ epss_service.py # EPSS API integration
β β β ββ exploitdb_service.py # ExploitDB integration
β β β ββ github_service.py # GitHub API integration
β β β ββ kev_service.py # KEV API integration
β β β ββ nuclei_service.py # Nuclei integration
β β β ββ vulncheck_service.py # VulnCheck integration
β β ββ base/ # Base service classes
β β β ββ api_service.py # Base API service
β β β ββ cache_service.py # Caching service
β β ββ exploits_service.py # Exploit analysis service
β β ββ file_service.py # File operations service
β β ββ report_service.py # Report generation service
β ββ server.py # Main server file
β ββ requirements.txt # Python dependencies
ββ exploit_seek_data/ # Application data
β ββ cache/ # API response cache
β ββ databases/ # Local databases
β ββ logs/ # Application logs
β ββ reports/ # Generated reports
β ββ uploads/ # Uploaded files
ββ docker-compose.yml # Docker configuration
The application uses a centralized configuration system located in server/config/service_config.py that controls various aspects of API services. When running in Docker, the configuration directory is mounted as a volume, allowing you to edit settings without rebuilding the container:
- Edit
server/config/service_config.pyon your host machine - Changes will be immediately available to the application
- No container restart required for most configuration changes
The configuration includes:
- Cache Settings:
CACHE_TTL: Time-to-live for cached responses (default: 24 hours)CACHE_SIZE_LIMIT: Maximum number of items in cacheCACHE_CLEANUP_INTERVAL: Interval for automatic cache cleanup- Empty results are also cached to prevent unnecessary API calls
The application requires API keys for full functionality:
- NVD API key: Register at NVD Portal
- VulnCheck API key: Available at VulnCheck
Configure these in the application settings after installation.
The application supports HTTP/HTTPS proxy configuration that can be set up either globally through the web interface or individually for specific services in server/config/service_config.py. This allows you to control which services use proxy and which connect directly.
Configure proxy settings in the application settings after installation.
- Initial Setup
- Configure server address
- Set up API keys (NVD, VulnCheck)
- Choose interface language (English/Russian)
- Select theme mode (Dark/Light)
- Configure other interface preferences
- Data Input
- Choose input method (manual/file upload)
- Select vulnerability scanner type
- Upload or enter CVE data
- Analysis Configuration
- Select data sources
- Configure output settings
- Choose sorting options
- Report Generation
- Select report format (HTML/Excel)
- Configure report details
- Download and view results
Reports include:
- Detailed CVE information with CVSS scores
- Exploitation probability assessments
- Available public exploits from multiple sources
- Patching priority recommendations
- References and additional resources
Excel reports feature:
- Color-coded priority indicators
- Custom data filtering
- Multiple data sheets
- Summary statistics
HTML reports provide:
- Interactive elements
- Comprehensive data presentation
- Easy navigation
- Export capabilities
- NVD - CVE information and CVSS scores
- FIRST.org - EPSS scoring
- CISA - Known Exploited Vulnerabilities Catalog
- Offensive Security - Exploit Database
- Project Discovery - Nuclei Templates
- VulnCheck - Vulnerability Intelligence
- React + Vite
- Material-UI
- Socket.IO Client
- Recharts
- Flask
- SQLAlchemy
- Flask-SocketIO
- OpenPyXL
- Jinja2
- Docker
- Docker Compose
- Gunicorn
- Gevent
Upcoming features and improvements:
- π§ Neural analysis integration with Ollama
- π€ AI-powered vulnerability assessment
- π Advanced risk prediction models
- π Additional vulnerability scanner support
- π Automated scan result import
- π Enhanced interactive HTML reports
- π¨ Customizable report templates
- π Advanced data visualization options
- π Deep learning-based exploit detection
- π― Enhanced risk scoring algorithms
- π Real-time threat intelligence integration
For questions, bug reports, and suggestions, please contact: shvs@cbi-info.ru