Tools

Software within the Vulnerability-Lookup project.

Sightings

Vulnerability-Lookup facilitates the recording of vulnerability sightings, regardless of whether they have been published by a source. A suite of sighting clients is already available to support this functionality:

• Fediverse - A sighting client to gather vulnerability-related information from the Fediverse
• MISP - A sighting client that retrieves vulnerability observations from a MISP server and pushes them to a Vulnerability-Lookup instance
• Nuclei - A sighting client designed to retrieve vulnerability-related information from the Nuclei Git repository of templates.
• Exploit-DB - A client that retrieves vulnerability observations from Exploit-DB and pushes them to a Vulnerability-Lookup instance
• CISA KEV - Known Exploited Vulnerabilities (KEV) catalog
• RSS - Newspipe is a web news aggregator capable to detect various types of security advisories within articles.

If you want to create your own sigthing tool, it’s recommended to use PyVulnerabilityLookup, a Python library to access Vulnerability-Lookup via its REST API.

Software extending Vulnerability-Lookup functionalities

• CPE Guesser - a command-line tool or web service designed to guess the CPE name based on one or more keywords.

Libraries to access the Vulnerability-Lookup API

• PyVulnerabilityLookup the official Python library using the Vulnerability-Lookup Rest API.