ThreatTracer - CVE Checker, Public Exploit Enumerater and ZeroDay finder against any product and much more

Find CVEs, public exploits, and 0-Day vulnerabilities for any software component.

Key Features ✨

• 🔍 Multi-mode Search: Lookup by:
  • Component & Version (-c apache -v 2.4)
  • Direct CPE (--cpe cpe:2.3:a:apache:http_server:2.4)
  • Specific CVE (--cve CVE-2021-44228)
• 🚀 NVD API Integration with API key support for faster queries
• 📦 Trickest PoC Database integration for GitHub exploit lookup
• 📬 Marc Full Disclosure exploit search integration
• 🛡️ Exploit-DB lookup is removed with static code for faster results.
• ⚡ Rate limiting with automatic retry system
• 🔐 API Key Management with persistent storage
• 📊 Detailed Output with color-coded results

Installation 🛠️

git clone https://github.com/anmolksachan/ThreatTracer.git

cd ThreatTracer

pip3 install -r requirements.txt

python3 threattracer.py -h

Configure ⚙️

$ sudo python3 threattracer.py --apiStore <API KEY> -c 'Peel Shopping' -v '9.3.0'
API key stored in /root/.cve_finder.cfg

Request API Key here: https://nvd.nist.gov/developers/request-an-api-key

Usage 🚀

python3 threattracer.py --help

Basic usage 🩼

python3 threattracer.py -c "Apache" -v "2.4.56"

Advanced options ⚡

python3 threattracer.py -c 'Peel Shopping' -v '9.3.0' --poc --more

python3 threattracer.py --cpe "cpe:2.3:a:peel:peel_shopping:9.4.0"

python3 threattracer.py --cve CVE-2021-27190

Examples 📌

Component search with PoC lookup

python3 threattracer.py -c 'PEEL SHOPPING' -v "9.4.0" --poc

Direct CVE analysis

python3 threattracer.py --cve CVE-2021-27190

Store API key for repeated use

python3 threattracer.py --apiStore YOUR_API_KEY_HERE

Sample Run 📟/ Output Preview 🖥️

• Help

• Configure NIST API Key to avoid getting rate limited [Recommended]

• Lookup for component and version

• Lookup for component and version with --more to get detailed description of each CVE and --poc to lookup for POCs/ Exploits.

• Direct CVE lookup

• Direct CPE lookup

• Not interested in configuring API, directly use from the threattracer

• Force threattracer to not use NIST API even if its configured in environment

• Updated exploitDB module with detailed output and faster execution

Features Breakdown 💡

1. CVE Detection via NVD API

2. Exploit Verification through:

   • Static mode via ExploitDB
   • GitHub PoC database
   • Marc Full Disclosure

3. Zero-Day Hunting capabilities

4. Rate Limit Handling with automatic retries

5. Persistent API Key storage

Requirements 📋

pip3 install -r requirements.txt

Contributors 🤝

Mayur Patil @meppohak5
Deepak Dhasmana @0xCaretaker
Contribute to be mentioned here.

Read More 📝

Version 1: Enhancing Penetration Testing with CVE Checker Script — ThreatTracer
Version 3: ThreatTracer 3.0: Redefining Vulnerability Intelligence for Modern Defenders

Note 🔗

Feel free to enhance, modify, or contribute to this script to suit your needs and explore more security-related projects!

Support ❤️

⭐ Star this repository
📣 Follow @FR13ND0x7F
🤝 Contribute through pull requests

Disclaimer ⚠️

This tool is for educational and ethical security testing purposes only. Use only on systems you own or have explicit permission to test.

License 📜

MIT License - Copyright (c) 2024 Anmol Sachan