Generates a JSON file indexing exploits from exploit-database/exploitdb
by CVE (or any other identifier found in the codes column, e.g. OSVDB-xxxx),
based on the repository's files_exploits.csv file.
{
"CVE-2009-3699": [
{ "id": "16929", "type": "dos" }
],
"OSVDB-58726": [
{ "id": "16929", "type": "dos" }
]
}- Each key corresponds to one code from the
codescolumn (that column can contain several codes separated by;, e.g.CVE-2009-3699;OSVDB-58726: in that case the exploit appears under both keys). - Each value is a list of
{id, type}objects (id= theidcolumn from the CSV,type= thetypecolumn from the CSV), since several exploits can share the same CVE. - Rows with no code at all in the
codescolumn are skipped.
# Download the CSV from GitLab
curl -O https://gitlab.com/exploit-database/exploitdb/-/raw/master/files_exploits.csv
# Generate the JSON
python3 scripts/build_index.py files_exploits.csv exploits_by_cve.jsonThe .github/workflows/update.yml workflow:
- Runs every 6 hours (
schedule) or can be triggered manually (workflow_dispatch). - Downloads the latest version of
files_exploits.csvfrom GitLab. - Regenerates
exploits_by_cve.json. - Commits and pushes only if the content actually changed.
GitLab and GitHub are two independent platforms: a git push to the
exploit-database repository on GitLab cannot natively notify GitHub. Two
options exist:
- What's provided here (the simplest one): a GitHub Actions
cronthat periodically checks the source and only commits if the generated JSON differs from the previous one (so no unnecessary noise in the history). Adjust the frequency incron: "0 */6 * * *"to fit your needs (e.g."0 * * * *"for hourly). - A more reactive alternative (requires control over a GitLab CI
pipeline, which isn't the case here since you don't own the exploitdb
repository): set up a GitLab CI job that calls the GitHub API
(
repository_dispatch) on every push tofiles_exploits.csv. Since you don't control the source repository, this option doesn't apply here.
- Create a GitHub repository and copy these files into it
(
scripts/build_index.py,.github/workflows/update.yml). - Under Settings → Actions → General → Workflow permissions, enable "Read and write permissions" so the workflow can commit.
- (Optional) Trigger the workflow manually once via the Actions tab
(
workflow_dispatch) to generate the firstexploits_by_cve.json.