Share
## https://sploitus.com/exploit?id=7D8F0D00-55FC-5AB0-9DD5-A449E2109B3B
# ExploitRank - Exploit Intelligence Engine (EIE) v1.0.0

[![Python 3.9+](https://img.shields.io/badge/python-3.9+-blue.svg)](https://www.python.org/downloads/)
[![Version](https://img.shields.io/badge/version-1.0.0-green.svg)](https://github.com/jason-allen-oneal/ExploitRank/releases/tag/v1.0.0)
[![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](LICENSE)

**ExploitRank** is an automated Exploit Intelligence Engine (EIE) designed to ingest, normalize, and score vulnerabilities based on real-world exploit availability. It serves as the data backbone for the ZeroSignal security network, providing high-fidelity intelligence for both automated remediation and adversarial testing.

---

## ๐Ÿ›  Core Capabilities

### 1. Ingestion Framework
Multi-source adapter architecture for pulling raw vulnerability and exploit data:
*   **NVD Adapter**: Ingests official CVE data including descriptions, CVSS scores, and timestamps.
*   **GitHub Adapter**: Scans repositories for Proof-of-Concept (PoC) code and active exploits.
*   **Extensible Design**: Support for additional sources like Exploit-DB or custom feeds.

### 2. Normalization Engine
Converts disparate raw data formats into a standardized **VulnRecord** and **ExploitCandidate** schema, ensuring consistency across the entire intelligence pipeline.

### 3. ERS (Exploit Rank Score) calculation
A proprietary scoring engine that calculates the **Exploit Rank Score (0-100)** by factoring in:
*   **CVSS Severity**: Base technical impact.
*   **Exploit Availability**: Weighting for PoCs vs. weaponized exploit modules.
*   **Vulnerability Recency**: Prioritizing new and emerging threats.

### 4. Reproduction Recipe (RR) Generation
Automatically generates structured **Remediation Recipes** in JSON format. These bundles include:
*   Standardized vulnerability assessments.
*   Remediation priority levels based on ERS.
*   Contextual metadata for downstream automation runners.

### 5. DarkPrompt Integration
Directly bridges with **DarkPrompt** (AI Adversarial Toolkit), allowing security audits to use real-world exploit data for generating targeted, high-fidelity attack payloads.

---

## ๐Ÿš€ Installation

### Prerequisites
*   Python 3.9+
*   SQLAlchemy

### Setup
```bash
git clone https://github.com/jason-allen-oneal/ExploitRank.git
cd ExploitRank
python3 -m venv venv
source venv/bin/activate
pip install -e .
```

---

## ๐Ÿ“– Usage Examples

### Ingest NVD Data
```bash
eie ingest --nvd ./nvd_dump.json
```

### Calculate ERS for a CVE
```bash
eie score CVE-2024-9999
```

### Generate a Remediation Recipe
```bash
eie recipe CVE-2024-9999 --out ./recipes/
```

---

## โš–๏ธ License
Licensed under the Apache License, Version 2.0. See [LICENSE](LICENSE) for details.

---

*โ€œIntelligence without action is a overhead; Action without intelligence is a risk.โ€* โ€“ ExploitRank provides the intelligence required for decisive action.