CVE Seeker — Unveiling Cyber Threats: From Assets to Vulnerability Insights

Anmol K Sachan
3 min readJun 24, 2024

--

In the ever-evolving landscape of cybersecurity, staying ahead of potential threats is paramount. Introducing CVE Seeker, a comprehensive tool designed to streamline the process of identifying cyber vulnerabilities. From passive asset scanning to pinpointing associated Common Vulnerabilities and Exposures (CVEs), CVE Seeker offers a robust solution for cybersecurity professionals and enthusiasts alike. Let’s delve into its features and how it can fortify your cybersecurity arsenal.

Github

Tool : https://github.com/anmolksachan/cveseeker

Features

CVE Seeker is packed with powerful features that make it an essential tool for anyone looking to bolster their cybersecurity efforts:

  1. Passive CVE Identification: Utilizing Shodan’s free API, CVE Seeker performs passive scans to identify CVEs associated with your assets.
  2. Domain to IP Resolution: It resolves domains to their corresponding IP addresses, ensuring comprehensive asset coverage.
  3. Open Port Identification: For each IP address, CVE Seeker identifies open ports, providing a clear picture of potential entry points.
  4. CVE Retrieval: Fetches CVEs linked to each identified IP, offering insights into known vulnerabilities.
  5. Proof-of-Concept (POC) Exploits: Retrieves publicly available POCs for identified CVEs from GitHub, facilitating vulnerability testing and mitigation.
  6. Reverse CVE to POC Lookup: Allows for targeted searches by CVE ID to find relevant POCs.

Installation

Getting started with CVE Seeker is straightforward. Follow these steps to install the tool and its dependencies:

  1. Clone the Repository:
git clone https://github.com/anmolksachan/CVESeeker && cd CVESeeker

2. Install Required Libraries:

pip3 install -r requirements.txt

Or you can use the below command to install quickly

  1. One-Line Installer: For a quick installation and setup, use the following command:
git clone https://github.com/anmolksachan/CVESeeker && cd CVESeeker && pip3 install -r requirements.txt && echo "We are ready to seek sailor!" && python3 cveSeeker.py

Usage

Using CVE Seeker is intuitive and efficient. The tool accepts input files containing domains or IP addresses, and you can specify a project name for organized result storage. Here’s how to run CVE Seeker:

python3 cveSeeker.py --file <input_file> --project <project_name>

Parameters:

  • --file: Input file containing domains or IPs, one per line.
  • --project: Project name for storing results.
  • -cve CVE-ID: Fetch POCs for a specific CVE ID.

Example:

  1. Scan assets:
    To scan a list of domains or IPs from a file named targets.txt and store the results under the project name my_project:
python3 cveSeeker.py --file targets.txt --project my_project

2. CVE Reverse POC lookup:

Conclusion

CVE Seeker is more than just a tool; it’s a gateway to understanding and mitigating cyber threats. By providing detailed insights into your assets’ vulnerabilities and offering direct links to proof-of-concept exploits, CVE Seeker empowers you to take proactive steps in securing your digital environment. Whether you’re a cybersecurity professional or an enthusiast, CVE Seeker is an invaluable addition to your toolkit. Embrace the power of CVE Seeker and fortify your defences against the ever-present cyber threats. Happy hunting!

--

--

Anmol K Sachan

Builder, Developer, Problem solver, Ethical Hacker and Penetration tester. I’m Consistent Security Researcher with the desire to make a difference.