Share
## https://sploitus.com/exploit?id=14E80B89-2972-5AEC-AE0A-F89C0F7B94E8
# cve-exploit-engine

An automated CVE monitoring and exploit workflow generator built with n8n. Fetches real-time vulnerabilities from NVD, OSV.dev and Exploit-DB every 4 hours, enriches them with attack methodology, and sends prioritised Slack alerts.

---

## What it does

- Pulls new CVEs every 4 hours from 3 sources (NVD, OSV.dev, Exploit-DB)
- Deduplicates and normalises all data into a flat schema
- Auto-generates attack steps and testing focus for each CVE based on keyword detection
- Routes CVEs into 3 severity lanes (PoC exploit / Critical / High)
- Sends formatted Slack alerts to `#cve-alerts` with full exploit methodology

---

## Workflow architecture

```
Schedule Trigger (every 4h)
  โ†’ Fetch OSV Vulns       (POST api.osv.dev)
  โ†’ Fetch NVD CVEs        (GET services.nvd.nist.gov)
  โ†’ Fetch Exploit-DB RSS  (GET exploit-db.com/rss.xml)
  โ†’ Normalise CVE Data    (Code node โ€” dedupe + flatten)
  โ†’ Exploit Workflow Generator (Code node โ€” attack methodology)
  โ†’ Route by Severity     (Switch node)
      โ†’ Output 0: PoC exists    โ†’ Slack ๐ŸŸฃ
      โ†’ Output 1: CVSS โ‰ฅ 9      โ†’ Slack ๐Ÿ”ด
      โ†’ Output 2: CVSS โ‰ฅ 7      โ†’ Slack ๐ŸŸก
```

---

## Vulnerability types detected

The Exploit Workflow Generator automatically detects and generates methodology for:

| Keyword detected | Attack generated |
|---|---|
| xss, cross-site scripting | XSS payload injection |
| sql, injection | SQL injection testing |
| upload, file | Malicious file upload |
| api | API endpoint fuzzing |
| rce, remote code, command | Remote code execution |
| ssrf | Server-side request forgery |
| csrf | CSRF token testing |
| path, traversal, directory | Path traversal payloads |
| auth, bypass | Authentication bypass |
| overflow, buffer | Memory corruption analysis |
| privilege, escalation | Privilege escalation paths |
| deserialization | Insecure deserialization |

---

## Example Slack alert

```
๐ŸŸฃ PoC EXPLOIT DETECTED โ€” EDB-52486
[webapps] WordPress Backup Migration 1.3.7 - Remote Command Execution
CVSS: 9.0 | Exploit-DB

โš”๏ธ Attack steps:
โ€ข Attempt remote code execution
โ€ข Test file upload with malicious files

๐ŸŽฏ Testing focus:
โ€ข Test command injection via OS commands
โ€ข Try SVG, HTML, PHP, polyglot files

๐Ÿ”— https://www.exploit-db.com/exploits/52486
```

---

## Setup

### Prerequisites
- n8n (cloud or self-hosted)
- Slack workspace with a bot token (`xoxb-`)
- A `#cve-alerts` channel in your Slack workspace

### Import workflow
1. Download `cve-exploit-engine.json`
2. In n8n โ†’ click **+** โ†’ **Import from file**
3. Upload the JSON file
4. Add your Slack credential (OAuth or `xoxb-` token)
5. Set the channel to your `#cve-alerts` channel name
6. Click **Publish**

### Run locally for free
```bash
npx n8n
```
Open `http://localhost:5678` and import the workflow JSON.

---

## Data sources

| Source | Type | What it covers |
|---|---|---|
| [NVD (NIST)](https://nvd.nist.gov) | JSON API | Official US CVE database โ€” most complete |
| [OSV.dev](https://osv.dev) | REST API | Open source package vulnerabilities |
| [Exploit-DB](https://exploit-db.com) | RSS feed | Published PoC exploits |

---

## Self-hosting (free forever)

### Option 1 โ€” Local (npx)
```bash
npx n8n
# Open http://localhost:5678
```

### Option 2 โ€” Docker
```bash
docker run -it --rm \
  --name n8n \
  -p 5678:5678 \
  -v ~/.n8n:/home/node/.n8n \
  n8nio/n8n
```

### Option 3 โ€” Oracle Cloud Free Tier
Create a free VM at cloud.oracle.com โ†’ install Docker โ†’ run the Docker command above. Runs 24/7 for free forever.

---

## Built with

- [n8n](https://n8n.io) โ€” workflow automation
- [NVD API](https://nvd.nist.gov/developers/vulnerabilities) โ€” CVE data
- [OSV.dev API](https://google.github.io/osv.dev/) โ€” open source vuln data
- [Exploit-DB RSS](https://www.exploit-db.com/rss.xml) โ€” exploit feed
- [Slack API](https://api.slack.com) โ€” notifications

---

## License

MIT โ€” free to use, modify and distribute.