Share
## https://sploitus.com/exploit?id=14E80B89-2972-5AEC-AE0A-F89C0F7B94E8
# cve-exploit-engine
An automated CVE monitoring and exploit workflow generator built with n8n. Fetches real-time vulnerabilities from NVD, OSV.dev and Exploit-DB every 4 hours, enriches them with attack methodology, and sends prioritised Slack alerts.
---
## What it does
- Pulls new CVEs every 4 hours from 3 sources (NVD, OSV.dev, Exploit-DB)
- Deduplicates and normalises all data into a flat schema
- Auto-generates attack steps and testing focus for each CVE based on keyword detection
- Routes CVEs into 3 severity lanes (PoC exploit / Critical / High)
- Sends formatted Slack alerts to `#cve-alerts` with full exploit methodology
---
## Workflow architecture
```
Schedule Trigger (every 4h)
โ Fetch OSV Vulns (POST api.osv.dev)
โ Fetch NVD CVEs (GET services.nvd.nist.gov)
โ Fetch Exploit-DB RSS (GET exploit-db.com/rss.xml)
โ Normalise CVE Data (Code node โ dedupe + flatten)
โ Exploit Workflow Generator (Code node โ attack methodology)
โ Route by Severity (Switch node)
โ Output 0: PoC exists โ Slack ๐ฃ
โ Output 1: CVSS โฅ 9 โ Slack ๐ด
โ Output 2: CVSS โฅ 7 โ Slack ๐ก
```
---
## Vulnerability types detected
The Exploit Workflow Generator automatically detects and generates methodology for:
| Keyword detected | Attack generated |
|---|---|
| xss, cross-site scripting | XSS payload injection |
| sql, injection | SQL injection testing |
| upload, file | Malicious file upload |
| api | API endpoint fuzzing |
| rce, remote code, command | Remote code execution |
| ssrf | Server-side request forgery |
| csrf | CSRF token testing |
| path, traversal, directory | Path traversal payloads |
| auth, bypass | Authentication bypass |
| overflow, buffer | Memory corruption analysis |
| privilege, escalation | Privilege escalation paths |
| deserialization | Insecure deserialization |
---
## Example Slack alert
```
๐ฃ PoC EXPLOIT DETECTED โ EDB-52486
[webapps] WordPress Backup Migration 1.3.7 - Remote Command Execution
CVSS: 9.0 | Exploit-DB
โ๏ธ Attack steps:
โข Attempt remote code execution
โข Test file upload with malicious files
๐ฏ Testing focus:
โข Test command injection via OS commands
โข Try SVG, HTML, PHP, polyglot files
๐ https://www.exploit-db.com/exploits/52486
```
---
## Setup
### Prerequisites
- n8n (cloud or self-hosted)
- Slack workspace with a bot token (`xoxb-`)
- A `#cve-alerts` channel in your Slack workspace
### Import workflow
1. Download `cve-exploit-engine.json`
2. In n8n โ click **+** โ **Import from file**
3. Upload the JSON file
4. Add your Slack credential (OAuth or `xoxb-` token)
5. Set the channel to your `#cve-alerts` channel name
6. Click **Publish**
### Run locally for free
```bash
npx n8n
```
Open `http://localhost:5678` and import the workflow JSON.
---
## Data sources
| Source | Type | What it covers |
|---|---|---|
| [NVD (NIST)](https://nvd.nist.gov) | JSON API | Official US CVE database โ most complete |
| [OSV.dev](https://osv.dev) | REST API | Open source package vulnerabilities |
| [Exploit-DB](https://exploit-db.com) | RSS feed | Published PoC exploits |
---
## Self-hosting (free forever)
### Option 1 โ Local (npx)
```bash
npx n8n
# Open http://localhost:5678
```
### Option 2 โ Docker
```bash
docker run -it --rm \
--name n8n \
-p 5678:5678 \
-v ~/.n8n:/home/node/.n8n \
n8nio/n8n
```
### Option 3 โ Oracle Cloud Free Tier
Create a free VM at cloud.oracle.com โ install Docker โ run the Docker command above. Runs 24/7 for free forever.
---
## Built with
- [n8n](https://n8n.io) โ workflow automation
- [NVD API](https://nvd.nist.gov/developers/vulnerabilities) โ CVE data
- [OSV.dev API](https://google.github.io/osv.dev/) โ open source vuln data
- [Exploit-DB RSS](https://www.exploit-db.com/rss.xml) โ exploit feed
- [Slack API](https://api.slack.com) โ notifications
---
## License
MIT โ free to use, modify and distribute.