Skip to content

jason-allen-oneal/ExploitRank

BranchesTags

Repository files navigation

ExploitRank banner

ExploitRank - Exploit Intelligence Engine (EIE)

CI CodeQL OpenSSF Scorecard License Security Policy Contributing

ExploitRank is an automated Exploit Intelligence Engine (EIE) designed to ingest, normalize, and score vulnerabilities based on real-world exploit availability. It serves as the data backbone for the ZeroSignal security network, providing high-fidelity intelligence for both automated remediation and adversarial testing.

🛠 Core Capabilities

1. Ingestion Framework

Multi-source adapter architecture for pulling raw vulnerability and exploit data:

  • NVD Adapter: Ingests official CVE data including descriptions, CVSS scores, and timestamps.
  • GitHub Adapter: Scans repositories for Proof-of-Concept (PoC) code and active exploits.
  • Extensible Design: Support for additional sources like Exploit-DB or custom feeds.

2. Normalization Engine

Converts disparate raw data formats into a standardized VulnRecord and ExploitCandidate schema, ensuring consistency across the entire intelligence pipeline.

3. ERS (Exploit Rank Score) calculation

A proprietary scoring engine that calculates the Exploit Rank Score (0-100) by factoring in:

  • CVSS Severity: Base technical impact.
  • Exploit Availability: Weighting for PoCs vs. weaponized exploit modules.
  • Vulnerability Recency: Prioritizing new and emerging threats.

4. Reproduction Recipe (RR) Generation

Automatically generates structured Remediation Recipes in JSON format. These bundles include:

  • Standardized vulnerability assessments.
  • Remediation priority levels based on ERS.
  • Contextual metadata for downstream automation runners.

5. DarkPrompt Integration

Directly bridges with DarkPrompt (AI Adversarial Toolkit), allowing security audits to use real-world exploit data for generating targeted, high-fidelity attack payloads.

🚀 Installation

Prerequisites

  • Python 3.9+
  • SQLAlchemy

Setup

git clone https://github.com/jason-allen-oneal/ExploitRank.git
cd ExploitRank
python3 -m venv venv
source venv/bin/activate
pip install -e .

📖 Usage Examples

Ingest NVD Data

eie ingest --nvd ./nvd_dump.json

Calculate ERS for a CVE

eie score CVE-2024-9999

Generate a Remediation Recipe

eie recipe CVE-2024-9999 --out ./recipes/

⚖️ License

Licensed under the GNU Affero General Public License v3.0 or later (AGPL-3.0-or-later). See LICENSE for details.

“Intelligence without action is overhead; Action without intelligence is risk.” – ExploitRank provides the intelligence required for decisive action.

🌐 Web Interface & API (v1.1.0+)

ExploitRank now includes a high-performance web interface and REST API for public intelligence distribution.

  • FastAPI Backend: Located in api/. Provides standard REST endpoints for exploit discovery.
  • Next.js Frontend: Located in web/. A modern, dark-themed dashboard for visualizing exploit trends and ERS scores.

To start the API:

python -m api.main

To start the web UI (dev):

cd web
npm install
npm run dev

About

Automated Exploit Intelligence Engine (EIE) for vulnerability ingestion, normalization, and scoring.

Resources

Readme

License

AGPL-3.0 license

Contributing

Contributing

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

2 tags

Packages

 
 
 

Contributors

Languages