vulnpilot 0.1.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- vulnpilot-0.1.0/LICENSE +21 -0
- vulnpilot-0.1.0/PKG-INFO +325 -0
- vulnpilot-0.1.0/README.md +302 -0
- vulnpilot-0.1.0/pyproject.toml +40 -0
- vulnpilot-0.1.0/setup.cfg +4 -0
- vulnpilot-0.1.0/tests/test_core.py +78 -0
- vulnpilot-0.1.0/vulnpilot/__init__.py +3 -0
- vulnpilot-0.1.0/vulnpilot/cli.py +105 -0
- vulnpilot-0.1.0/vulnpilot/enrich/__init__.py +3 -0
- vulnpilot-0.1.0/vulnpilot/enrich/enricher.py +33 -0
- vulnpilot-0.1.0/vulnpilot/enrich/feeds.py +72 -0
- vulnpilot-0.1.0/vulnpilot/parser/__init__.py +2 -0
- vulnpilot-0.1.0/vulnpilot/parser/nessus.py +139 -0
- vulnpilot-0.1.0/vulnpilot/reports/__init__.py +2 -0
- vulnpilot-0.1.0/vulnpilot/reports/terminal.py +88 -0
- vulnpilot-0.1.0/vulnpilot/scoring/__init__.py +2 -0
- vulnpilot-0.1.0/vulnpilot/scoring/engine.py +60 -0
- vulnpilot-0.1.0/vulnpilot.egg-info/PKG-INFO +325 -0
- vulnpilot-0.1.0/vulnpilot.egg-info/SOURCES.txt +21 -0
- vulnpilot-0.1.0/vulnpilot.egg-info/dependency_links.txt +1 -0
- vulnpilot-0.1.0/vulnpilot.egg-info/entry_points.txt +2 -0
- vulnpilot-0.1.0/vulnpilot.egg-info/requires.txt +4 -0
- vulnpilot-0.1.0/vulnpilot.egg-info/top_level.txt +1 -0
vulnpilot-0.1.0/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 PatchVex
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
vulnpilot-0.1.0/PKG-INFO
ADDED
|
@@ -0,0 +1,325 @@
|
|
|
1
|
+
Metadata-Version: 2.1
|
|
2
|
+
Name: vulnpilot
|
|
3
|
+
Version: 0.1.0
|
|
4
|
+
Summary: Turn vulnerability scan data into prioritized action. Runs locally. Your data never leaves your machine.
|
|
5
|
+
Project-URL: Homepage, https://patchvex.com
|
|
6
|
+
Project-URL: Repository, https://github.com/PatchVex/vulnpilot
|
|
7
|
+
Project-URL: Bug Tracker, https://github.com/PatchVex/vulnpilot/issues
|
|
8
|
+
Keywords: security,vulnerability,nessus,cve,kev,epss,devsecops
|
|
9
|
+
Classifier: Development Status :: 3 - Alpha
|
|
10
|
+
Classifier: Environment :: Console
|
|
11
|
+
Classifier: Intended Audience :: Information Technology
|
|
12
|
+
Classifier: Topic :: Security
|
|
13
|
+
Classifier: Programming Language :: Python :: 3
|
|
14
|
+
Classifier: Programming Language :: Python :: 3.10
|
|
15
|
+
Classifier: Programming Language :: Python :: 3.11
|
|
16
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
17
|
+
Requires-Python: >=3.10
|
|
18
|
+
Description-Content-Type: text/markdown
|
|
19
|
+
License-File: LICENSE
|
|
20
|
+
Provides-Extra: dev
|
|
21
|
+
Requires-Dist: pytest>=7; extra == "dev"
|
|
22
|
+
Requires-Dist: pytest-cov; extra == "dev"
|
|
23
|
+
|
|
24
|
+
# VulnPilot
|
|
25
|
+
|
|
26
|
+
**Prioritize vulnerabilities using real-world exploit intelligence — not just severity scores.**
|
|
27
|
+
|
|
28
|
+
Runs locally. Your data never leaves your machine.
|
|
29
|
+
|
|
30
|
+
[](LICENSE)
|
|
31
|
+
[](https://python.org)
|
|
32
|
+
[]()
|
|
33
|
+
[]()
|
|
34
|
+
|
|
35
|
+
---
|
|
36
|
+
|
|
37
|
+
## Quick Start
|
|
38
|
+
|
|
39
|
+
```bash
|
|
40
|
+
pip install vulnpilot
|
|
41
|
+
vulnpilot update-feeds
|
|
42
|
+
vulnpilot analyze scan.csv
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
VulnPilot downloads the latest public threat intelligence, analyzes your Nessus scan locally, and shows what should be remediated first. No API keys required.
|
|
46
|
+
|
|
47
|
+
---
|
|
48
|
+
|
|
49
|
+
## Features
|
|
50
|
+
|
|
51
|
+
- Local-first vulnerability prioritization — scan data never leaves your machine
|
|
52
|
+
- CISA KEV enrichment — flags findings confirmed exploited in the wild
|
|
53
|
+
- FIRST EPSS enrichment — exploitation probability scoring
|
|
54
|
+
- Composite risk scoring — KEV + EPSS + CVSS combined
|
|
55
|
+
- Top vulnerable hosts ranked by aggregate risk
|
|
56
|
+
- Zero cloud upload, zero telemetry, zero account required
|
|
57
|
+
- GitHub Actions daily feed automation
|
|
58
|
+
- Open source Community Edition — MIT licensed
|
|
59
|
+
|
|
60
|
+
---
|
|
61
|
+
|
|
62
|
+
## The problem
|
|
63
|
+
|
|
64
|
+
Security teams often spend hours manually triaging scan results. Your Nessus export contains thousands of findings. CVSS says hundreds are Critical. The real question — which ones are actively being exploited right now?
|
|
65
|
+
|
|
66
|
+
VulnPilot automates this process in seconds on typical scan files.
|
|
67
|
+
|
|
68
|
+
---
|
|
69
|
+
|
|
70
|
+
## Why VulnPilot?
|
|
71
|
+
|
|
72
|
+
| Instead of | VulnPilot |
|
|
73
|
+
|---|---|
|
|
74
|
+
| Sorting by CVSS score alone | Uses KEV + EPSS + CVSS composite scoring |
|
|
75
|
+
| Manual triage taking hours | Automated prioritization in seconds |
|
|
76
|
+
| Uploading scans to cloud services | Local-first — data never leaves your machine |
|
|
77
|
+
| Enterprise-only platforms | Developer Preview — free and open source |
|
|
78
|
+
|
|
79
|
+
---
|
|
80
|
+
|
|
81
|
+
## Why local-first?
|
|
82
|
+
|
|
83
|
+
Many organizations prohibit uploading vulnerability scan data to third-party cloud services. VulnPilot performs all analysis locally on your machine.
|
|
84
|
+
|
|
85
|
+
No customer vulnerability data is transmitted outside your environment.
|
|
86
|
+
|
|
87
|
+
---
|
|
88
|
+
|
|
89
|
+
## Architecture
|
|
90
|
+
|
|
91
|
+
```
|
|
92
|
+
Public Threat Intelligence
|
|
93
|
+
+-------------------------------+
|
|
94
|
+
| CISA KEV FIRST EPSS |
|
|
95
|
+
+---------------+---------------+
|
|
96
|
+
|
|
|
97
|
+
vulnpilot update-feeds
|
|
98
|
+
|
|
|
99
|
+
~/.vulnpilot/feeds/ (local cache)
|
|
100
|
+
|
|
|
101
|
+
vulnpilot analyze
|
|
102
|
+
|
|
|
103
|
+
Nessus CSV (Local Machine Only)
|
|
104
|
+
|
|
|
105
|
+
Composite Risk Engine
|
|
106
|
+
|
|
|
107
|
+
Prioritized Findings
|
|
108
|
+
```
|
|
109
|
+
|
|
110
|
+
Only public threat intelligence feeds are downloaded. No API keys required. Your scan data never leaves your machine.
|
|
111
|
+
|
|
112
|
+
---
|
|
113
|
+
|
|
114
|
+
## Install
|
|
115
|
+
|
|
116
|
+
```bash
|
|
117
|
+
pip install vulnpilot
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
Tested on Python 3.10, 3.11, and 3.12.
|
|
121
|
+
|
|
122
|
+
---
|
|
123
|
+
|
|
124
|
+
## Usage
|
|
125
|
+
|
|
126
|
+
```bash
|
|
127
|
+
# Download latest KEV and EPSS feeds
|
|
128
|
+
vulnpilot update-feeds
|
|
129
|
+
|
|
130
|
+
# Analyze a Nessus CSV export
|
|
131
|
+
vulnpilot analyze scan.csv
|
|
132
|
+
|
|
133
|
+
# Show top N hosts by aggregate risk
|
|
134
|
+
vulnpilot analyze scan.csv --top-hosts 5
|
|
135
|
+
|
|
136
|
+
# Use local feed files
|
|
137
|
+
vulnpilot analyze scan.csv --kev ./kev.json --epss ./epss.csv.gz
|
|
138
|
+
|
|
139
|
+
# Disable colour output (for CI pipelines)
|
|
140
|
+
vulnpilot analyze scan.csv --no-colour
|
|
141
|
+
```
|
|
142
|
+
|
|
143
|
+
---
|
|
144
|
+
|
|
145
|
+
## Example output
|
|
146
|
+
|
|
147
|
+
```
|
|
148
|
+
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
149
|
+
VulnPilot by PatchVex — Vulnerability Prioritization
|
|
150
|
+
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
151
|
+
Total findings : 5,482
|
|
152
|
+
Unique hosts : 47
|
|
153
|
+
Critical : 142
|
|
154
|
+
KEV matches : 19
|
|
155
|
+
EPSS >= 90% : 31
|
|
156
|
+
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
157
|
+
|
|
158
|
+
# Score Priority Host CVE Finding
|
|
159
|
+
───────────────────────────────────────────────────────────────────────
|
|
160
|
+
1 100.0 CRITICAL NOW 192.168.1.10 CVE-2021-44228 Log4Shell ★KEV
|
|
161
|
+
2 100.0 CRITICAL NOW 192.168.1.25 CVE-2023-34362 MOVEit SQL Injection ★KEV
|
|
162
|
+
3 99.8 CRITICAL NOW 192.168.1.15 CVE-2020-1472 Zerologon ★KEV
|
|
163
|
+
4 99.7 CRITICAL NOW 192.168.1.11 CVE-2021-26084 Confluence RCE ★KEV
|
|
164
|
+
5 11.5 LOW 192.168.1.10 N/A SSH Weak Ciphers
|
|
165
|
+
|
|
166
|
+
★ KEV = CISA Known Exploited Vulnerability — highest remediation priority
|
|
167
|
+
based on active exploitation in the wild.
|
|
168
|
+
|
|
169
|
+
TOP 10 HOSTS BY AGGREGATE RISK
|
|
170
|
+
1. 192.168.1.10 score=122.0 [1 KEV] [1 critical]
|
|
171
|
+
2. 192.168.1.25 score=100.0 [1 KEV] [1 critical]
|
|
172
|
+
3. 192.168.1.15 score=99.8 [1 KEV] [1 critical]
|
|
173
|
+
```
|
|
174
|
+
|
|
175
|
+
---
|
|
176
|
+
|
|
177
|
+
## How scoring works
|
|
178
|
+
|
|
179
|
+
The scoring algorithm is deterministic, transparent, and fully documented.
|
|
180
|
+
|
|
181
|
+
VulnPilot uses a composite risk score that combines four signals:
|
|
182
|
+
|
|
183
|
+
| Signal | Weight | Source |
|
|
184
|
+
|---|---|---|
|
|
185
|
+
| CISA KEV match | 40% | Known exploited in the wild |
|
|
186
|
+
| FIRST EPSS score | 35% | Exploitation probability |
|
|
187
|
+
| CVSS base score | 15% | Severity context |
|
|
188
|
+
| Scanner risk rating | 10% | Nessus severity label |
|
|
189
|
+
|
|
190
|
+
The composite score is intentionally opinionated. Known exploited vulnerabilities receive the greatest weight because active exploitation is a stronger predictor of remediation priority than severity alone. EPSS estimates exploitation likelihood in the next 30 days, while CVSS and scanner severity provide additional context for findings without EPSS data.
|
|
191
|
+
|
|
192
|
+
Any finding confirmed in the CISA KEV catalog scores a minimum of 75 regardless of other factors. The weighting model is intentionally transparent and may evolve based on community feedback and real-world usage.
|
|
193
|
+
|
|
194
|
+
> **Note**
|
|
195
|
+
>
|
|
196
|
+
> VulnPilot provides prioritization guidance to assist remediation workflows.
|
|
197
|
+
> Final remediation decisions should always consider asset criticality, business context,
|
|
198
|
+
> exploit mitigations, and organizational risk tolerance.
|
|
199
|
+
|
|
200
|
+
---
|
|
201
|
+
|
|
202
|
+
## Privacy by design
|
|
203
|
+
|
|
204
|
+
- Scan data processed entirely on your local machine
|
|
205
|
+
- No account required
|
|
206
|
+
- No cloud upload, ever
|
|
207
|
+
- No telemetry or analytics
|
|
208
|
+
- No API keys required
|
|
209
|
+
- Works air-gapped after initial feed download
|
|
210
|
+
- Open source — inspect every line of code
|
|
211
|
+
|
|
212
|
+
---
|
|
213
|
+
|
|
214
|
+
## Feed updates
|
|
215
|
+
|
|
216
|
+
VulnPilot pulls two public datasets:
|
|
217
|
+
|
|
218
|
+
- **CISA KEV** — Known Exploited Vulnerabilities catalog (maintained by CISA)
|
|
219
|
+
- **FIRST EPSS** — Exploit Prediction Scoring System (updated daily by FIRST.org)
|
|
220
|
+
|
|
221
|
+
Feeds are cached at `~/.vulnpilot/feeds/` on your machine. No API keys required.
|
|
222
|
+
|
|
223
|
+
```bash
|
|
224
|
+
vulnpilot update-feeds
|
|
225
|
+
```
|
|
226
|
+
|
|
227
|
+
The GitHub repository also runs an automated daily feed sync via GitHub Actions, publishing optimized feed files for the CLI to consume.
|
|
228
|
+
|
|
229
|
+
---
|
|
230
|
+
|
|
231
|
+
## Supported scanners
|
|
232
|
+
|
|
233
|
+
| Scanner | Status |
|
|
234
|
+
|---|---|
|
|
235
|
+
| Nessus (.csv export) | ✅ Supported |
|
|
236
|
+
| Qualys | Planned |
|
|
237
|
+
| Rapid7 | Planned |
|
|
238
|
+
| OpenVAS | Planned |
|
|
239
|
+
| Microsoft Defender | Planned |
|
|
240
|
+
| AWS Inspector | Planned |
|
|
241
|
+
|
|
242
|
+
---
|
|
243
|
+
|
|
244
|
+
## Roadmap
|
|
245
|
+
|
|
246
|
+
**Current — v0.1.0 (Developer Preview)**
|
|
247
|
+
- [x] Nessus CSV parser
|
|
248
|
+
- [x] CISA KEV enrichment
|
|
249
|
+
- [x] FIRST EPSS enrichment
|
|
250
|
+
- [x] Composite risk scoring
|
|
251
|
+
- [x] Prioritized terminal output
|
|
252
|
+
- [x] Top hosts by aggregate risk
|
|
253
|
+
- [x] Free tier — top 20 findings
|
|
254
|
+
- [x] GitHub Actions daily feed automation
|
|
255
|
+
|
|
256
|
+
**v0.2.0**
|
|
257
|
+
- [ ] HTML report export
|
|
258
|
+
- [ ] PDF report export
|
|
259
|
+
|
|
260
|
+
**v0.3.0**
|
|
261
|
+
- [ ] Jira integration
|
|
262
|
+
- [ ] Slack notifications
|
|
263
|
+
- [ ] Scheduled scans
|
|
264
|
+
|
|
265
|
+
**v0.4.0**
|
|
266
|
+
- [ ] Qualys CSV support
|
|
267
|
+
- [ ] REST API
|
|
268
|
+
|
|
269
|
+
**v1.0.0**
|
|
270
|
+
- [ ] Rapid7 and OpenVAS support
|
|
271
|
+
- [ ] Self-hosted Docker edition
|
|
272
|
+
- [ ] Team features
|
|
273
|
+
|
|
274
|
+
Future development priorities will be driven by community feedback and real-world usage.
|
|
275
|
+
|
|
276
|
+
---
|
|
277
|
+
|
|
278
|
+
## Requirements
|
|
279
|
+
|
|
280
|
+
- Python 3.10, 3.11, or 3.12
|
|
281
|
+
- pip
|
|
282
|
+
- Internet connection for feed updates (air-gapped use supported after initial download)
|
|
283
|
+
- Nessus .csv export file
|
|
284
|
+
|
|
285
|
+
---
|
|
286
|
+
|
|
287
|
+
## Contributing
|
|
288
|
+
|
|
289
|
+
Issues, bug reports, and pull requests are welcome.
|
|
290
|
+
|
|
291
|
+
- **Bug reports and feature requests:** [github.com/PatchVex/vulnpilot/issues](https://github.com/PatchVex/vulnpilot/issues)
|
|
292
|
+
- **Security disclosures:** security@patchvex.com
|
|
293
|
+
|
|
294
|
+
Good first issues are labelled `good first issue` in the issue tracker. Please search existing issues before opening a new one.
|
|
295
|
+
|
|
296
|
+
---
|
|
297
|
+
|
|
298
|
+
## Acknowledgements
|
|
299
|
+
|
|
300
|
+
VulnPilot uses publicly available threat intelligence published by:
|
|
301
|
+
|
|
302
|
+
- [CISA Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
|
|
303
|
+
- [FIRST Exploit Prediction Scoring System (EPSS)](https://www.first.org/epss/)
|
|
304
|
+
|
|
305
|
+
Thank you to both organizations for maintaining these community resources.
|
|
306
|
+
|
|
307
|
+
---
|
|
308
|
+
|
|
309
|
+
## License
|
|
310
|
+
|
|
311
|
+
MIT License — see [LICENSE](LICENSE) for details.
|
|
312
|
+
|
|
313
|
+
Free to use, modify, and distribute. Commercial use permitted.
|
|
314
|
+
|
|
315
|
+
---
|
|
316
|
+
|
|
317
|
+
## About PatchVex
|
|
318
|
+
|
|
319
|
+
VulnPilot is built and maintained by [PatchVex](https://patchvex.com).
|
|
320
|
+
|
|
321
|
+
PatchVex builds privacy-first workflow tools for security and DevSecOps teams. Our products help engineers spend less time managing vulnerability data and more time fixing the issues that matter.
|
|
322
|
+
|
|
323
|
+
- Website: [patchvex.com](https://patchvex.com)
|
|
324
|
+
- Email: hello@patchvex.com
|
|
325
|
+
- GitHub: [github.com/PatchVex](https://github.com/PatchVex)
|
|
@@ -0,0 +1,302 @@
|
|
|
1
|
+
# VulnPilot
|
|
2
|
+
|
|
3
|
+
**Prioritize vulnerabilities using real-world exploit intelligence — not just severity scores.**
|
|
4
|
+
|
|
5
|
+
Runs locally. Your data never leaves your machine.
|
|
6
|
+
|
|
7
|
+
[](LICENSE)
|
|
8
|
+
[](https://python.org)
|
|
9
|
+
[]()
|
|
10
|
+
[]()
|
|
11
|
+
|
|
12
|
+
---
|
|
13
|
+
|
|
14
|
+
## Quick Start
|
|
15
|
+
|
|
16
|
+
```bash
|
|
17
|
+
pip install vulnpilot
|
|
18
|
+
vulnpilot update-feeds
|
|
19
|
+
vulnpilot analyze scan.csv
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
VulnPilot downloads the latest public threat intelligence, analyzes your Nessus scan locally, and shows what should be remediated first. No API keys required.
|
|
23
|
+
|
|
24
|
+
---
|
|
25
|
+
|
|
26
|
+
## Features
|
|
27
|
+
|
|
28
|
+
- Local-first vulnerability prioritization — scan data never leaves your machine
|
|
29
|
+
- CISA KEV enrichment — flags findings confirmed exploited in the wild
|
|
30
|
+
- FIRST EPSS enrichment — exploitation probability scoring
|
|
31
|
+
- Composite risk scoring — KEV + EPSS + CVSS combined
|
|
32
|
+
- Top vulnerable hosts ranked by aggregate risk
|
|
33
|
+
- Zero cloud upload, zero telemetry, zero account required
|
|
34
|
+
- GitHub Actions daily feed automation
|
|
35
|
+
- Open source Community Edition — MIT licensed
|
|
36
|
+
|
|
37
|
+
---
|
|
38
|
+
|
|
39
|
+
## The problem
|
|
40
|
+
|
|
41
|
+
Security teams often spend hours manually triaging scan results. Your Nessus export contains thousands of findings. CVSS says hundreds are Critical. The real question — which ones are actively being exploited right now?
|
|
42
|
+
|
|
43
|
+
VulnPilot automates this process in seconds on typical scan files.
|
|
44
|
+
|
|
45
|
+
---
|
|
46
|
+
|
|
47
|
+
## Why VulnPilot?
|
|
48
|
+
|
|
49
|
+
| Instead of | VulnPilot |
|
|
50
|
+
|---|---|
|
|
51
|
+
| Sorting by CVSS score alone | Uses KEV + EPSS + CVSS composite scoring |
|
|
52
|
+
| Manual triage taking hours | Automated prioritization in seconds |
|
|
53
|
+
| Uploading scans to cloud services | Local-first — data never leaves your machine |
|
|
54
|
+
| Enterprise-only platforms | Developer Preview — free and open source |
|
|
55
|
+
|
|
56
|
+
---
|
|
57
|
+
|
|
58
|
+
## Why local-first?
|
|
59
|
+
|
|
60
|
+
Many organizations prohibit uploading vulnerability scan data to third-party cloud services. VulnPilot performs all analysis locally on your machine.
|
|
61
|
+
|
|
62
|
+
No customer vulnerability data is transmitted outside your environment.
|
|
63
|
+
|
|
64
|
+
---
|
|
65
|
+
|
|
66
|
+
## Architecture
|
|
67
|
+
|
|
68
|
+
```
|
|
69
|
+
Public Threat Intelligence
|
|
70
|
+
+-------------------------------+
|
|
71
|
+
| CISA KEV FIRST EPSS |
|
|
72
|
+
+---------------+---------------+
|
|
73
|
+
|
|
|
74
|
+
vulnpilot update-feeds
|
|
75
|
+
|
|
|
76
|
+
~/.vulnpilot/feeds/ (local cache)
|
|
77
|
+
|
|
|
78
|
+
vulnpilot analyze
|
|
79
|
+
|
|
|
80
|
+
Nessus CSV (Local Machine Only)
|
|
81
|
+
|
|
|
82
|
+
Composite Risk Engine
|
|
83
|
+
|
|
|
84
|
+
Prioritized Findings
|
|
85
|
+
```
|
|
86
|
+
|
|
87
|
+
Only public threat intelligence feeds are downloaded. No API keys required. Your scan data never leaves your machine.
|
|
88
|
+
|
|
89
|
+
---
|
|
90
|
+
|
|
91
|
+
## Install
|
|
92
|
+
|
|
93
|
+
```bash
|
|
94
|
+
pip install vulnpilot
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
Tested on Python 3.10, 3.11, and 3.12.
|
|
98
|
+
|
|
99
|
+
---
|
|
100
|
+
|
|
101
|
+
## Usage
|
|
102
|
+
|
|
103
|
+
```bash
|
|
104
|
+
# Download latest KEV and EPSS feeds
|
|
105
|
+
vulnpilot update-feeds
|
|
106
|
+
|
|
107
|
+
# Analyze a Nessus CSV export
|
|
108
|
+
vulnpilot analyze scan.csv
|
|
109
|
+
|
|
110
|
+
# Show top N hosts by aggregate risk
|
|
111
|
+
vulnpilot analyze scan.csv --top-hosts 5
|
|
112
|
+
|
|
113
|
+
# Use local feed files
|
|
114
|
+
vulnpilot analyze scan.csv --kev ./kev.json --epss ./epss.csv.gz
|
|
115
|
+
|
|
116
|
+
# Disable colour output (for CI pipelines)
|
|
117
|
+
vulnpilot analyze scan.csv --no-colour
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
---
|
|
121
|
+
|
|
122
|
+
## Example output
|
|
123
|
+
|
|
124
|
+
```
|
|
125
|
+
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
126
|
+
VulnPilot by PatchVex — Vulnerability Prioritization
|
|
127
|
+
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
128
|
+
Total findings : 5,482
|
|
129
|
+
Unique hosts : 47
|
|
130
|
+
Critical : 142
|
|
131
|
+
KEV matches : 19
|
|
132
|
+
EPSS >= 90% : 31
|
|
133
|
+
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
134
|
+
|
|
135
|
+
# Score Priority Host CVE Finding
|
|
136
|
+
───────────────────────────────────────────────────────────────────────
|
|
137
|
+
1 100.0 CRITICAL NOW 192.168.1.10 CVE-2021-44228 Log4Shell ★KEV
|
|
138
|
+
2 100.0 CRITICAL NOW 192.168.1.25 CVE-2023-34362 MOVEit SQL Injection ★KEV
|
|
139
|
+
3 99.8 CRITICAL NOW 192.168.1.15 CVE-2020-1472 Zerologon ★KEV
|
|
140
|
+
4 99.7 CRITICAL NOW 192.168.1.11 CVE-2021-26084 Confluence RCE ★KEV
|
|
141
|
+
5 11.5 LOW 192.168.1.10 N/A SSH Weak Ciphers
|
|
142
|
+
|
|
143
|
+
★ KEV = CISA Known Exploited Vulnerability — highest remediation priority
|
|
144
|
+
based on active exploitation in the wild.
|
|
145
|
+
|
|
146
|
+
TOP 10 HOSTS BY AGGREGATE RISK
|
|
147
|
+
1. 192.168.1.10 score=122.0 [1 KEV] [1 critical]
|
|
148
|
+
2. 192.168.1.25 score=100.0 [1 KEV] [1 critical]
|
|
149
|
+
3. 192.168.1.15 score=99.8 [1 KEV] [1 critical]
|
|
150
|
+
```
|
|
151
|
+
|
|
152
|
+
---
|
|
153
|
+
|
|
154
|
+
## How scoring works
|
|
155
|
+
|
|
156
|
+
The scoring algorithm is deterministic, transparent, and fully documented.
|
|
157
|
+
|
|
158
|
+
VulnPilot uses a composite risk score that combines four signals:
|
|
159
|
+
|
|
160
|
+
| Signal | Weight | Source |
|
|
161
|
+
|---|---|---|
|
|
162
|
+
| CISA KEV match | 40% | Known exploited in the wild |
|
|
163
|
+
| FIRST EPSS score | 35% | Exploitation probability |
|
|
164
|
+
| CVSS base score | 15% | Severity context |
|
|
165
|
+
| Scanner risk rating | 10% | Nessus severity label |
|
|
166
|
+
|
|
167
|
+
The composite score is intentionally opinionated. Known exploited vulnerabilities receive the greatest weight because active exploitation is a stronger predictor of remediation priority than severity alone. EPSS estimates exploitation likelihood in the next 30 days, while CVSS and scanner severity provide additional context for findings without EPSS data.
|
|
168
|
+
|
|
169
|
+
Any finding confirmed in the CISA KEV catalog scores a minimum of 75 regardless of other factors. The weighting model is intentionally transparent and may evolve based on community feedback and real-world usage.
|
|
170
|
+
|
|
171
|
+
> **Note**
|
|
172
|
+
>
|
|
173
|
+
> VulnPilot provides prioritization guidance to assist remediation workflows.
|
|
174
|
+
> Final remediation decisions should always consider asset criticality, business context,
|
|
175
|
+
> exploit mitigations, and organizational risk tolerance.
|
|
176
|
+
|
|
177
|
+
---
|
|
178
|
+
|
|
179
|
+
## Privacy by design
|
|
180
|
+
|
|
181
|
+
- Scan data processed entirely on your local machine
|
|
182
|
+
- No account required
|
|
183
|
+
- No cloud upload, ever
|
|
184
|
+
- No telemetry or analytics
|
|
185
|
+
- No API keys required
|
|
186
|
+
- Works air-gapped after initial feed download
|
|
187
|
+
- Open source — inspect every line of code
|
|
188
|
+
|
|
189
|
+
---
|
|
190
|
+
|
|
191
|
+
## Feed updates
|
|
192
|
+
|
|
193
|
+
VulnPilot pulls two public datasets:
|
|
194
|
+
|
|
195
|
+
- **CISA KEV** — Known Exploited Vulnerabilities catalog (maintained by CISA)
|
|
196
|
+
- **FIRST EPSS** — Exploit Prediction Scoring System (updated daily by FIRST.org)
|
|
197
|
+
|
|
198
|
+
Feeds are cached at `~/.vulnpilot/feeds/` on your machine. No API keys required.
|
|
199
|
+
|
|
200
|
+
```bash
|
|
201
|
+
vulnpilot update-feeds
|
|
202
|
+
```
|
|
203
|
+
|
|
204
|
+
The GitHub repository also runs an automated daily feed sync via GitHub Actions, publishing optimized feed files for the CLI to consume.
|
|
205
|
+
|
|
206
|
+
---
|
|
207
|
+
|
|
208
|
+
## Supported scanners
|
|
209
|
+
|
|
210
|
+
| Scanner | Status |
|
|
211
|
+
|---|---|
|
|
212
|
+
| Nessus (.csv export) | ✅ Supported |
|
|
213
|
+
| Qualys | Planned |
|
|
214
|
+
| Rapid7 | Planned |
|
|
215
|
+
| OpenVAS | Planned |
|
|
216
|
+
| Microsoft Defender | Planned |
|
|
217
|
+
| AWS Inspector | Planned |
|
|
218
|
+
|
|
219
|
+
---
|
|
220
|
+
|
|
221
|
+
## Roadmap
|
|
222
|
+
|
|
223
|
+
**Current — v0.1.0 (Developer Preview)**
|
|
224
|
+
- [x] Nessus CSV parser
|
|
225
|
+
- [x] CISA KEV enrichment
|
|
226
|
+
- [x] FIRST EPSS enrichment
|
|
227
|
+
- [x] Composite risk scoring
|
|
228
|
+
- [x] Prioritized terminal output
|
|
229
|
+
- [x] Top hosts by aggregate risk
|
|
230
|
+
- [x] Free tier — top 20 findings
|
|
231
|
+
- [x] GitHub Actions daily feed automation
|
|
232
|
+
|
|
233
|
+
**v0.2.0**
|
|
234
|
+
- [ ] HTML report export
|
|
235
|
+
- [ ] PDF report export
|
|
236
|
+
|
|
237
|
+
**v0.3.0**
|
|
238
|
+
- [ ] Jira integration
|
|
239
|
+
- [ ] Slack notifications
|
|
240
|
+
- [ ] Scheduled scans
|
|
241
|
+
|
|
242
|
+
**v0.4.0**
|
|
243
|
+
- [ ] Qualys CSV support
|
|
244
|
+
- [ ] REST API
|
|
245
|
+
|
|
246
|
+
**v1.0.0**
|
|
247
|
+
- [ ] Rapid7 and OpenVAS support
|
|
248
|
+
- [ ] Self-hosted Docker edition
|
|
249
|
+
- [ ] Team features
|
|
250
|
+
|
|
251
|
+
Future development priorities will be driven by community feedback and real-world usage.
|
|
252
|
+
|
|
253
|
+
---
|
|
254
|
+
|
|
255
|
+
## Requirements
|
|
256
|
+
|
|
257
|
+
- Python 3.10, 3.11, or 3.12
|
|
258
|
+
- pip
|
|
259
|
+
- Internet connection for feed updates (air-gapped use supported after initial download)
|
|
260
|
+
- Nessus .csv export file
|
|
261
|
+
|
|
262
|
+
---
|
|
263
|
+
|
|
264
|
+
## Contributing
|
|
265
|
+
|
|
266
|
+
Issues, bug reports, and pull requests are welcome.
|
|
267
|
+
|
|
268
|
+
- **Bug reports and feature requests:** [github.com/PatchVex/vulnpilot/issues](https://github.com/PatchVex/vulnpilot/issues)
|
|
269
|
+
- **Security disclosures:** security@patchvex.com
|
|
270
|
+
|
|
271
|
+
Good first issues are labelled `good first issue` in the issue tracker. Please search existing issues before opening a new one.
|
|
272
|
+
|
|
273
|
+
---
|
|
274
|
+
|
|
275
|
+
## Acknowledgements
|
|
276
|
+
|
|
277
|
+
VulnPilot uses publicly available threat intelligence published by:
|
|
278
|
+
|
|
279
|
+
- [CISA Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
|
|
280
|
+
- [FIRST Exploit Prediction Scoring System (EPSS)](https://www.first.org/epss/)
|
|
281
|
+
|
|
282
|
+
Thank you to both organizations for maintaining these community resources.
|
|
283
|
+
|
|
284
|
+
---
|
|
285
|
+
|
|
286
|
+
## License
|
|
287
|
+
|
|
288
|
+
MIT License — see [LICENSE](LICENSE) for details.
|
|
289
|
+
|
|
290
|
+
Free to use, modify, and distribute. Commercial use permitted.
|
|
291
|
+
|
|
292
|
+
---
|
|
293
|
+
|
|
294
|
+
## About PatchVex
|
|
295
|
+
|
|
296
|
+
VulnPilot is built and maintained by [PatchVex](https://patchvex.com).
|
|
297
|
+
|
|
298
|
+
PatchVex builds privacy-first workflow tools for security and DevSecOps teams. Our products help engineers spend less time managing vulnerability data and more time fixing the issues that matter.
|
|
299
|
+
|
|
300
|
+
- Website: [patchvex.com](https://patchvex.com)
|
|
301
|
+
- Email: hello@patchvex.com
|
|
302
|
+
- GitHub: [github.com/PatchVex](https://github.com/PatchVex)
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
[build-system]
|
|
2
|
+
requires = ["setuptools>=68,<72", "wheel"]
|
|
3
|
+
build-backend = "setuptools.build_meta"
|
|
4
|
+
|
|
5
|
+
[project]
|
|
6
|
+
name = "vulnpilot"
|
|
7
|
+
version = "0.1.0"
|
|
8
|
+
description = "Turn vulnerability scan data into prioritized action. Runs locally. Your data never leaves your machine."
|
|
9
|
+
readme = "README.md"
|
|
10
|
+
requires-python = ">=3.10"
|
|
11
|
+
keywords = ["security", "vulnerability", "nessus", "cve", "kev", "epss", "devsecops"]
|
|
12
|
+
classifiers = [
|
|
13
|
+
"Development Status :: 3 - Alpha",
|
|
14
|
+
"Environment :: Console",
|
|
15
|
+
"Intended Audience :: Information Technology",
|
|
16
|
+
"Topic :: Security",
|
|
17
|
+
"Programming Language :: Python :: 3",
|
|
18
|
+
"Programming Language :: Python :: 3.10",
|
|
19
|
+
"Programming Language :: Python :: 3.11",
|
|
20
|
+
"Programming Language :: Python :: 3.12",
|
|
21
|
+
]
|
|
22
|
+
dependencies = []
|
|
23
|
+
|
|
24
|
+
[project.optional-dependencies]
|
|
25
|
+
dev = ["pytest>=7", "pytest-cov"]
|
|
26
|
+
|
|
27
|
+
[project.scripts]
|
|
28
|
+
vulnpilot = "vulnpilot.cli:main"
|
|
29
|
+
|
|
30
|
+
[project.urls]
|
|
31
|
+
Homepage = "https://patchvex.com"
|
|
32
|
+
Repository = "https://github.com/PatchVex/vulnpilot"
|
|
33
|
+
"Bug Tracker" = "https://github.com/PatchVex/vulnpilot/issues"
|
|
34
|
+
|
|
35
|
+
[tool.setuptools.packages.find]
|
|
36
|
+
where = ["."]
|
|
37
|
+
include = ["vulnpilot*"]
|
|
38
|
+
|
|
39
|
+
[tool.pytest.ini_options]
|
|
40
|
+
testpaths = ["tests"]
|