Risklogyx represents a robust solution that aids in the prioritization of vulnerability patching. It achieves this by amalgamating CVSS, EPSS, and CISA's Known Exploited Vulnerabilities data. This tool delivers invaluable insights into the probability of exploitation and the potential repercussions of vulnerabilities on your information system.
- Clone the repository
- Run the command -
pip3 install -r requirements.txt
- Request an API key from NIST NVD to avoid public rate limits. You can obtain a key here and add it to the env variable "NIST_API_KEY"
To use this tool effectively, follow these steps:
-
Request an API key from NIST NVD to avoid public rate limits. You can obtain a key here and add it to the env variable. Refer this to understand the procedure to set env variable based on your OS.
-
Choose one of the following input methods:
- Single CVE: Use the
-c
or--cve
flags followed by the CVE ID. - List of CVEs: Provide a space-separated list of CVEs using the
-l
flag. - File with CVEs: Import a file containing CVE IDs (one per line) using the
-f
flag.
- Single CVE: Use the
-
Tailor the output according to your needs:
- Use the
-v
or--verbose
flags for detailed information, including EPSS Score, CVSS Base Score, CVSS Version, CVSS Severity, and CISA KEV status. - Define custom thresholds using the
--cvss
and/or--epss
flags to align the results with your organization's risk appetite.
- Use the
- Clone the repository
- Run the command -
pip3 install -r requirements.txt
- Request an API key from NIST NVD to avoid public rate limits. You can obtain a key here and add it to the env variable "NIST_API_KEY"
To use this tool effectively, follow these steps:
-
Request an API key from NIST NVD to avoid public rate limits. You can obtain a key here and add it to the env variable
-
Choose one of the following input methods:
- Single CVE: Use the
-c
or--cve
flags followed by the CVE ID. - List of CVEs: Provide a space-separated list of CVEs using the
-l
flag. - File with CVEs: Import a file containing CVE IDs (one per line) using the
-f
flag.
- Single CVE: Use the
-
Tailor the output according to your needs:
- Use the
-v
or--verbose
flags for detailed information, including EPSS Score, CVSS Base Score, CVSS Version, CVSS Severity, and CISA KEV status. - Define custom thresholds using the
--cvss
and/or--epss
flags to align the results with your organization's risk appetite.
- Use the
python3 main.py -c CVE-2020-29127
python3 main.py -l CVE-2020-29127 CVE-2017-16885
python3 main.py -f file.txt
Here are the available output options:
Summary Results (default): Provides a concise summary, including the CVE-ID and its priority.
Verbose Mode: Enables detailed output with the following information for each CVE:
- EPSS Score
- CVSS Score
- INFA Severity
- CISA KEV Status (TRUE or FALSE)