Share
## https://sploitus.com/exploit?id=0D0EF1BD-14A5-50C1-A1F5-B5ADB34C49F4
# CVE2PoC - Zimbra defensive CVE tracking

This tool helps Zimbra operators track CVEs, public PoCs, CISA KEV, EPSS,
weaponized modules, and whether a credible fix record is visible. It also keeps
the general CVE2PoC public-PoC lookup features available for single-CVE
research.

The reason for this project is operational: one way to defend a Zimbra
deployment is to see what public security research and exploit indexes already
expose. Zimbra
security information is spread across vendor release notes, NVD/CVE.org, exploit
indexes, and third-party CVE sites, and those sources can lag, disagree, or
disappear behind broken filtered views. This tool pulls those signals together
so an operator can decide whether a risky Zimbra feature update is justified for
their environment.

If your goal is Zimbra operations, start with [QuickStart.md](QuickStart.md).

## Recommended Zimbra Workflow

Use the wrapper script from this checkout:

```sh
./zimbra-cve.sh install          # one-time install via uv, pinned to Python 3.12
./zimbra-cve.sh show 10.1        # full Zimbra CVE table, sorted for the 10.1 line
./zimbra-cve.sh watch 10.1       # stateful monitor for cron
./zimbra-cve.sh cve CVE-2024-27443
./zimbra-cve.sh update           # reinstall from this checkout
```

`show` uses an NVD keyword search for Zimbra, then triages every published CVE it
finds. CVE IDs in the tables are clickable terminal hyperlinks in terminals that
support OSC-8 links, such as GNOME Terminal. Terminals without OSC-8 support
show normal text.

## Installation

The wrapper handles installation:

```sh
./zimbra-cve.sh install
```

It uses `uv` to fetch a managed Python 3.12 and install `cve2poc` as a uv tool.
If `uv` is missing, the script explains the bootstrap first and asks before it
downloads Astral's uv installer and runs it with `sh`. On this system the
installed tool lives at:

- launcher: `~/.local/bin/cve2poc`
- uv tool env: `~/.local/share/uv/tools/cve2poc/`

When `zimbra-cve.sh` is run from a checkout that contains `pyproject.toml`,
`install` and `update` install from that local checkout. They do not pull from a
remote GitHub project.

If you answer no, install `uv` yourself and rerun `./zimbra-cve.sh install`.
In non-interactive shells, the script refuses to bootstrap `uv`.

To install directly without the wrapper:

```sh
uv tool install --force --python 3.12 
```

## Direct `cve2poc` Commands

The wrapper is easiest for Zimbra, but the direct CLI is still available:

```sh
cve2poc CVE-2024-27443
cve2poc --zimbra-cpe 10.1
cve2poc --zimbra-scan 10.1
cve2poc --watch "$(cve2poc --zimbra-cpe 10.1)"
cve2poc --show-state ~/.cve2poc/watch/.json
cve2poc --cve2cpe CVE-2024-27443
cve2poc --cpe2cve "cpe:2.3:a:zimbra:collaboration:10.0.0"
```

Run `cve2poc --help` for the complete current option list.

## Key Features

- Zimbra train shortcuts: `10.1`, `10.0`, `9.0`, and `8.8` resolve to the
  latest patch in that line.
- Full Zimbra keyword scan: shows CVEs even when NVD has weak or missing Zimbra
  CPE version data.
- Cross-source context: complements the
  [Zimbra Security Center](https://wiki.zimbra.com/wiki/Security_Center) and
  third-party CVE sites such as
  [CVEDetails](https://www.cvedetails.com/vulnerability-list/vendor_id-7863/Zimbra.html)
  instead of trusting any single source to be complete.
- Defensive triage: folds CISA KEV, EPSS, public PoCs, weaponized modules, and
  CVSS into a practical risk label.
- Fix signal tracking: reports `Fixed?` as `Yes` only when the CVE record has a
  credible fix signal.
- Stateful watch mode: first run establishes a baseline; later runs report only
  new or worsened CVEs.
- Original CVE2PoC features: GitHub/Nuclei/Exploit-DB/Metasploit lookup,
  CVE/CPE mapping, reports, labs, and bug bounty references.

## Documentation

- [QuickStart.md](QuickStart.md) - shortest path for the Zimbra workflow.
- [doc/Usage.md](doc/Usage.md) - direct `cve2poc` usage and watch-mode details.
- [doc/SCOPE.md](doc/SCOPE.md) - what this project is and is not trying to do.

## Scope And Safety

This is a defensive research and tracking tool. It queries public vulnerability,
advisory, and PoC databases, then reformats that information so Zimbra operators
can make a patching or mitigation decision.

It does not exploit systems, run PoCs, scan hosts, or touch a target site. Some
single-CVE output includes example command snippets or links for external tools;
those are printed as references only and are not executed.

## Acknowledgement

This project began from the GPLv3
[CVE2PoC](https://github.com/0liverFlow/CVE2PoC) project by Olivier Konaté. It
is independently maintained for defensive Zimbra CVE tracking; project-specific
issues and behavior belong here.