Skip to content

shuvonsec/cve-hunter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 
cve_hunter.py
cve_hunter.py
 
 

Repository files navigation

CVE Hunter — Automated CVE Discovery Tool for Bug Bounty & Penetration Testing

Automatically detect technologies, search CVE databases, and confirm vulnerabilities with Nuclei — all in one command.

Python License: MIT nuclei

CVE Hunter is an open-source automated CVE discovery tool designed for bug bounty hunters and penetration testers. It fingerprints technologies running on a target, queries public CVE databases (NVD/NIST and circl.lu), and confirms exploitability with rate-limited Nuclei templates — producing structured JSON output with CVSS scores and severity ratings.

Table of Contents

Features

Feature Description
Technology Detection Fingerprints via httpx, HTTP headers (Server, X-Powered-By), and CMS paths
CVE Database Search Queries NVD 2.0 API and circl.lu for CVE IDs, CVSS scores, and descriptions
Nuclei CVE Scanning Runs rate-limited CVE templates at medium/high/critical severity
Exposed Config Detection Probes for leaked .env, env.js, and similar sensitive config files
JSON Output Saves findings with CVSS scores and severity ratings for easy triage

How It Works

  1. Detect technologies — probes HTTP headers, runs httpx tech detection, and checks CMS fingerprint paths (/wp-login.php, /administrator/, etc.)
    1. Search CVE databases — queries the NVD 2.0 API and circl.lu for each detected technology, returning CVE IDs, CVSS scores, and descriptions
      1. Run Nuclei CVE templates — scans the target with nuclei's cve tag at medium+ severity

        1. Check exposed configs — probes for common config file paths (/.env, /env.js, etc.)

        2. Results are saved to a findings/<domain>/cves/ directory as JSON and text files.

        4. Requirements

  • Python 3.6+
    • httpx
      • nuclei

        • curl

        • No Python dependencies beyond the standard library.

          Installation

          git clone https://github.com/shuvonsec/cve-hunter.git
cd cve-hunter

          Usage

          # Scan a single domain
python3 cve_hunter.py example.com

# Use existing recon data
python3 cve_hunter.py example.com --recon-dir /path/to/recon/example.com

          Output

          ==================================================
CVE Hunt Summary — example.com
==================================================
Technologies detected:  5
CVEs from databases:    12
Confirmed by nuclei:    1

HIGH/CRITICAL CVEs (3):
  - CVE-2024-XXXXX (CVSS 9.8) [nginx/1.18.0]
  ...
==================================================

          Findings are organized under findings/<domain>/cves/ as JSON and .txt files.

          License

          MIT — made with love for the bug bounty community.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

5 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages