Skip to content

user70616E6461/phantom-intel

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
phantom_intel.py
phantom_intel.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

🔮 Phantom Intel

CVE Threat Intelligence Platform
Vulnerability analysis · CVSS scoring · Exploit assessment · CWE knowledge base · EN/RU

What is this?

Phantom Intel is a desktop CVE intelligence tool for penetration testers and security researchers. It queries the NVD (National Vulnerability Database) API 2.0 and provides deep analysis of vulnerabilities — not just CVSS scores, but exploitation vectors, known incidents, countermeasures, and impact assessments.

Think of it as a local CVE encyclopedia with threat intelligence built in.

Features

Feature Description
NVD API 2.0 Direct queries to NIST's National Vulnerability Database
CVE Search By ID (CVE-2024-3094), keyword (Log4Shell), or technology (apache rce)
Threat Feed Latest critical CVEs from the past 14 days, sorted by severity
Deep Analysis Exploitation vectors, known incidents, countermeasures, impact assessment
CWE Knowledge Base 20+ weakness types with descriptions, attack scenarios, and defenses
Notable CVEs Built-in intel notes on major vulns (Log4Shell, XZ backdoor, PrintNightmare, etc.)
Discoverer Tracking Who found it, which CNA assigned it, advisory sources
SQLite Cache Offline mode — query once, access forever
Export Markdown or JSON intel reports
Bilingual Full EN/RU interface — switch with one click
Desktop GUI Native tkinter — no browser, no electron, runs anywhere

Quick Start

Install

git clone https://github.com/user70616E6461/phantom-intel.git
cd phantom-intel
pip install -r requirements.txt

Run

python phantom_intel.py

Optional: NVD API Key (faster, higher rate limits)

Get a free key at nvd.nist.gov:

export NVD_API_KEY="your-key-here"
python phantom_intel.py

How to Use

Search by CVE ID

Type CVE-2024-3094 and hit SCAN — get the full intel report.

Search by keyword

Type Log4Shell, apache rce, buffer overflow — returns matching CVEs from NVD.

Threat Feed

Click THREAT FEED — loads the latest critical CVEs published in the last 14 days.

Export

Select a CVE → click EXPORT → save as Markdown (.md) or JSON (.json).

Intel Notes

Each CVE has a notes tab where you can save your own analysis, PoC links, or testing observations. Notes persist in the local SQLite cache.

Tabs

Tab Content
OVERVIEW CVSS score, severity, attack vector, CWE classification, affected products, discoverer info, timeline
ANALYSIS Exploitation assessment, known real-world incidents, countermeasures, impact rating
SOURCES All NVD references with clickable links, tagged by type (Exploit, Patch, Advisory)
INTEL NOTES Your personal notes on each CVE — saved locally

CWE Knowledge Base

Built-in intelligence on 20+ weakness types:

CWE Type Built-in Intel
CWE-79 XSS Attack scenarios, defenses
CWE-89 SQL Injection Attack scenarios, defenses
CWE-78 OS Command Injection Attack scenarios, defenses
CWE-918 SSRF Attack scenarios, defenses
CWE-611 XXE Attack scenarios, defenses
CWE-502 Deserialization Attack scenarios, defenses
CWE-787 Out-of-bounds Write Attack scenarios, defenses
CWE-416 Use After Free Attack scenarios, defenses
... +12 more Full EN/RU descriptions

Notable CVEs Database

Built-in analyst notes on major vulnerabilities:

  • CVE-2024-3094 — XZ Utils supply-chain backdoor
  • CVE-2021-44228 — Log4Shell (Log4j)
  • CVE-2021-34527 — PrintNightmare
  • CVE-2023-44487 — HTTP/2 Rapid Reset DDoS
  • CVE-2023-4966 — Citrix Bleed
  • CVE-2024-21762 — FortiOS RCE
  • And more...

Architecture

phantom_intel.py          — Single-file application (1300+ lines)
│
├── NVD API 2.0           — Real-time CVE queries
├── SQLite Cache           — ~/.phantom_intel/cache.db
│   ├── cve_cache         — Cached CVE data (24h TTL)
│   └── notes             — User intel notes
├── CWE Knowledge Base    — 20+ weakness types with analysis
├── Notable CVEs DB       — Analyst notes on major vulns
├── Threat Analyzer        — Exploitation / impact / countermeasures
└── GUI (tkinter)          — Dark tactical theme

System Requirements

  • Python 3.8+
  • requests library
  • tkinter (included with Python on most systems)
  • Works on: Ubuntu, Kali Linux, Windows, macOS

Kali / Ubuntu — if tkinter is missing:

sudo apt install python3-tk

Export Example

Markdown export produces a structured intel report:

# INTEL REPORT: CVE-2024-3094

> Generated by **Phantom Intel v4.0** — 2026-04-11 22:30 UTC

**SEVERITY:** `CRITICAL`**CVSS:** `10.0`
**ATTACK VECTOR:** `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H`

## VULNERABILITY DESCRIPTION
...

## EXPLOITATION VECTOR
...

## COUNTERMEASURES
...

Disclaimer

This tool queries publicly available data from the NVD (National Vulnerability Database) API. It is intended for security research, penetration testing preparation, and vulnerability management. Always use responsibly and within legal boundaries.

Contributing

PRs welcome! Ideas:

  • CISA KEV (Known Exploited Vulnerabilities) integration
  • Exploit-DB cross-reference
  • EPSS (Exploit Prediction Scoring System) display
  • Bulk CVE import from scan reports (Nessus, OpenVAS)
  • Notification system for tracked CVEs
  • Dark/light theme toggle

License

MIT — see LICENSE

About

CVE Threat Intelligence Platform — NVD API 2.0

Topics

cve cve-search cve-threat-intelligence-nvd-pentest-python

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages