Skip to content

Risklogyx represents a robust solution that aids in the prioritization of vulnerability patching. It achieves this by amalgamating CVSS, EPSS, and CISA's Known Exploited Vulnerabilities data. This tool delivers invaluable insights into the probability of exploitation and the potential repercussions of vulnerabilities on your information system.

Notifications You must be signed in to change notification settings

MRAK96/Risklogyx

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Risklogyx

Made By infa-aksharma - With ❤️
Risklogyx represents a robust solution that aids in the prioritization of vulnerability patching. It achieves this by amalgamating CVSS, EPSS, and CISA's Known Exploited Vulnerabilities data. This tool delivers invaluable insights into the probability of exploitation and the potential repercussions of vulnerabilities on your information system.

Installation

  1. Clone the repository
  2. Run the command - pip3 install -r requirements.txt
  3. Request an API key from NIST NVD to avoid public rate limits. You can obtain a key here and add it to the env variable "NIST_API_KEY"

Usage

To use this tool effectively, follow these steps:

  1. Request an API key from NIST NVD to avoid public rate limits. You can obtain a key here and add it to the env variable. Refer this to understand the procedure to set env variable based on your OS.

  2. Choose one of the following input methods:

    • Single CVE: Use the -c or --cve flags followed by the CVE ID.
    • List of CVEs: Provide a space-separated list of CVEs using the -l flag.
    • File with CVEs: Import a file containing CVE IDs (one per line) using the -f flag.
  3. Tailor the output according to your needs:

    • Use the -v or --verbose flags for detailed information, including EPSS Score, CVSS Base Score, CVSS Version, CVSS Severity, and CISA KEV status.
    • Define custom thresholds using the --cvss and/or --epss flags to align the results with your organization's risk appetite.

Installation

  1. Clone the repository
  2. Run the command - pip3 install -r requirements.txt
  3. Request an API key from NIST NVD to avoid public rate limits. You can obtain a key here and add it to the env variable "NIST_API_KEY"

Usage

To use this tool effectively, follow these steps:

  1. Request an API key from NIST NVD to avoid public rate limits. You can obtain a key here and add it to the env variable

  2. Choose one of the following input methods:

    • Single CVE: Use the -c or --cve flags followed by the CVE ID.
    • List of CVEs: Provide a space-separated list of CVEs using the -l flag.
    • File with CVEs: Import a file containing CVE IDs (one per line) using the -f flag.
  3. Tailor the output according to your needs:

    • Use the -v or --verbose flags for detailed information, including EPSS Score, CVSS Base Score, CVSS Version, CVSS Severity, and CISA KEV status.
    • Define custom thresholds using the --cvss and/or --epss flags to align the results with your organization's risk appetite.

Examples

Single CVE

python3 main.py -c CVE-2020-29127

filw2.png

List of CVEs

python3 main.py -l CVE-2020-29127 CVE-2017-16885

filw2.png

File with CVEs

python3 main.py -f file.txt

filw2.png

Outputs

Here are the available output options:

Summary Results (default): Provides a concise summary, including the CVE-ID and its priority.

single_s.png

Verbose Mode: Enables detailed output with the following information for each CVE:

  • EPSS Score
  • CVSS Score
  • INFA Severity
  • CISA KEV Status (TRUE or FALSE)

single v.png

Supported OS

Windows

Linux

macOS

About

Risklogyx represents a robust solution that aids in the prioritization of vulnerability patching. It achieves this by amalgamating CVSS, EPSS, and CISA's Known Exploited Vulnerabilities data. This tool delivers invaluable insights into the probability of exploitation and the potential repercussions of vulnerabilities on your information system.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages