Share
## https://sploitus.com/exploit?id=9A32A3B1-BA55-5EDD-A200-30432EDB282C
# Intelligence Engine
> A lean Python CLI that aggregates CVE intelligence from NVD, CISA KEV, GitHub, and Exploit-DB into a normalized **0โ100 risk score**.




Intelligence Engine answers the three questions every security engineer actually cares about for any given CVE:
1. **Is it being exploited in the wild?** โ CISA Known Exploited Vulnerabilities catalog
2. **Is a public PoC available?** โ GitHub code search + Exploit-DB references
3. **How bad is it really?** โ CVSS fused with exploit availability and recency into a 0โ100 risk score
No SaaS. No API keys required. One file. One command.

---
## Features
- **Live data** from NVD 2.0, CISA KEV, GitHub code search, and Exploit-DB
- **Normalized 0โ100 risk score** that fuses CVSS, exploit availability, and recency
- **Threat classification ladder:** *Actively Exploited โ Likely Exploited โ PoC Available โ No Public Exploit*
- **Two query modes:** single CVE lookup, or date-range / recency sweep with CVSS filtering
- **Color-graded terminal output** powered by `rich` โ severity, risk, and classification cells are visually weighted
- **Resilient by default:** retry-with-backoff on rate limits, graceful KEV-unavailable fallback, optional GitHub disable
- **Zero config to start.** Optional `NVD_API_KEY` and `GITHUB_TOKEN` env vars raise rate limits
---
## Installation
```bash
git clone https://github.com/pashasec/search-cve.git
cd search-cve
pip install -r requirements.txt
```
Requires Python 3.10 or newer.
---
## Usage
### Look up a single CVE
```bash
python cve.py CVE-2026-43341
```

### Sweep recent high-severity CVEs
```bash
python cve.py --recent --days 7 --min-cvss 8.0
```
### Query a date range
```bash
python cve.py --start-date 2026-05-01 --end-date 2026-05-15 --min-cvss 7.0
```
### All flags
| Flag | Purpose |
|------|---------|
| `` | Look up a specific CVE (positional) |
| `--recent` | Fetch recently published CVEs |
| `--days N` | Lookback window for `--recent` (default: 7) |
| `--start-date YYYY-MM-DD` | Range start (inclusive) |
| `--end-date YYYY-MM-DD` | Range end (inclusive) |
| `--min-cvss FLOAT` | Minimum CVSS score to include |
| `--limit N` | Max results to enrich and display (default: 25) |
| `--no-github` | Skip GitHub PoC search (offline / rate-limited runs) |
---
## How the risk score works
The 0โ100 score is computed deterministically from four signals:
| Signal | Contribution | Notes |
|--------|--------------|-------|
| **CVSS base score** | up to **70** points | `min(cvss, 10) ร 7` |
| **Listed in CISA KEV** | **+25** points | Known-exploited in the wild |
| **Public PoC available** | up to **+15** points | GitHub repos > 0, or Exploit-DB reference present |
| **Recency** | **+10** if < 7 days, **+5** if < 30 days | New vulnerabilities get a boost |
Final score is clamped to `[0, 100]`. The classification label is derived independently:
- `Actively Exploited` โ present in CISA KEV
- `Likely Exploited` โ 3+ GitHub PoCs **or** Exploit-DB reference
- `PoC Available` โ 1โ2 GitHub PoCs
- `No Public Exploit` โ nothing found
---
## Data sources
| Source | Purpose | Auth |
|--------|---------|------|
| [NVD 2.0 API](https://nvd.nist.gov/developers/vulnerabilities) | CVE metadata, CVSS v3.1/v3.0/v2 (auto-fallback), references | Optional `NVD_API_KEY` |
| [CISA KEV catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) | Actively exploited vulnerabilities | None |
| [GitHub Search API](https://docs.github.com/en/rest/search) | Public PoC repository discovery | Optional `GITHUB_TOKEN` |
| Exploit-DB references | Surfaced from NVD reference tags | None |
### Raising rate limits
```bash
# Windows PowerShell
$env:NVD_API_KEY = "your-nvd-api-key"
$env:GITHUB_TOKEN = "your-github-pat"
# Linux / macOS
export NVD_API_KEY=your-nvd-api-key
export GITHUB_TOKEN=your-github-pat
```
NVD keys: request at https://nvd.nist.gov/developers/request-an-api-key
GitHub tokens: https://github.com/settings/tokens (no scopes needed for public search)
---
## Example output
```
CVE-2021-44228 CVSS 10.0 (CRITICAL) Risk 100/100 Actively Exploited
Published: 2021-12-10T10:15:09.143
Exploit: YES
CISA KEV: listed (added 2021-12-10)
GitHub PoC: 2820 repo(s) โ https://github.com/projectdiscovery/nuclei
Exploit-DB: http://packetstormsecurity.com/files/165270/...
Description:
Apache Log4j2 2.0-beta9 through 2.15.0 JNDI features used in configuration,
log messages, and parameters do not protect against attacker controlled
LDAP and other JNDI related endpoints...
```
---
## Roadmap
- [ ] JSON output mode for piping into SIEMs / scripts
- [ ] EPSS (Exploit Prediction Scoring System) integration
- [ ] Vendor / product / CWE filtering
- [ ] Caching layer for repeated lookups
- [ ] Optional CSV / Markdown export
---
## License
[MIT](LICENSE) ยฉ 2026 pashasec
---
## Part of the 30-Day Cybersecurity Tools Challenge
Day **2 / 30**. One real, useful security utility every day, no toys.