A production-ready CVE analysis framework for HackTheBox lab automation and vulnerability research.
Quick Links:
- 📖 Installation Guide - Complete setup instructions (10-15 min)
- 🚀 GitHub Repository - Source code
- 🐛 Issues - Report problems
✓ 280K+ CVE Database - Persistent SQLite storage, offline-first
✓ NVD API Integration - Authenticated API access with delta updates
✓ Multi-Source PoC Crawler - GitHub, Exploit-DB, Metasploit
✓ HTB Lab Analysis - Automated machine vulnerability mapping
✓ Semantic Search - Vector embeddings with Chroma
✓ Professional CLI - 15+ commands for all operations
✓ Optional Ollama - Offline LLM for code generation and analysis
# 1. Clone and enter directory
git clone https://github.com/SecScholar/para-zero.git
cd para-zero
# 2. Create virtual environment and install
python3 -m venv venv
source venv/bin/activate # or venv\Scripts\activate on Windows
pip install -r requirements.txt
pip install -e .
# 3. Verify installation
python test_v2.py
# 4. Get started (see INSTALL.md for next steps)
python -m para_zero --helpFor detailed setup instructions, see INSTALL.md
para-zero/
├── src/para_zero/ # Main implementation
│ ├── cli.py # Command-line interface
│ ├── storage/
│ │ ├── database.py # SQLite database layer
│ │ ├── schema.py # SQLAlchemy ORM models
│ │ └── vectordb.py # Chroma vector embeddings
│ ├── data/
│ │ ├── nvd_builder.py # NVD API client (v2.0)
│ │ └── poc_crawler.py # PoC discovery
│ └── analysis/
│ ├── htb_analyzer.py # HackTheBox machine analysis
│ └── llm_engine.py # Ollama integration
├── data/ # Runtime data directory
├── INSTALL.md # Installation & setup guide
├── README.md # This file
├── pyproject.toml # Project metadata
├── requirements.txt # Python dependencies
└── test_v2.py # Unit tests (7/7 passing)
# Initialize database
python -m para_zero database init
# Download CVEs from NVD (with API key)
export NVD_API_KEY='your-key-here'
python -m para_zero crawl nvd --start-year 2020
# Analyze HackTheBox machines
python -m para_zero analyze htb --machine "Stocker"
# Show all available commands
python -m para_zero --help- Python 3.8+
- 4 GB disk space (for CVE database)
- 2 GB RAM (minimum)
Optional:
- NVD API Key (free, for authenticated access) - Get at https://nvd.nist.gov/developers/request-an-api-key
- Ollama (for offline LLM) - https://ollama.ai
- Follow the Installation Guide - Step-by-step setup
- Run tests:
python test_v2.py- Verify installation - Explore the CLI:
python -m para_zero --help- See all commands - Load sample data:
python -m para_zero database load-samples- Try it out
- Query offline CVE database
- Analyze HackTheBox machines for vulnerabilities
- Run built-in test suite
- Download full CVE dataset (50 requests/30 seconds)
- Perform delta updates automatically
- Analyze historical vulnerabilities
- Generate verification code with offline LLMs
- Analyze vulnerability patterns
- Create custom analysis pipelines
python test_v2.pyExpected: 7/7 tests pass ✓
ModuleNotFoundError: Ensure virtual environment is activated and -e flag was used:
source venv/bin/activate
pip install -e .Missing dependencies: Reinstall requirements:
pip install --upgrade -r requirements.txtDatabase errors: Recreate data directories:
mkdir -p data/{archive,quarantine,research_queue,vectordb}
rm -f data/para_zero.db-wal data/para_zero.db-shmSee INSTALL.md for more troubleshooting.
MIT License - See LICENSE file
- 📚 Documentation: INSTALL.md
- 🐛 Issues: https://github.com/SecScholar/para-zero/issues
- 📧 Contact: contact@para-zero.dev
Para-Zero v2.0 | Production Ready | January 2026