SploitScan is a cybersecurity utility that aggregates vulnerability data, exploit information, and threat intelligence to help security professionals prioritize patching and understand exploitability. It supports multiple exploit databases, vulnerability scanner imports, and offers AI-powered risk assessments and a patching priority system.

How It Works

SploitScan retrieves comprehensive data on CVEs from various sources, including ExploitDB, GitHub, VulnCheck, Packet Storm, and Nuclei templates. It integrates with EPSS for exploitation likelihood and CISA KEV for known exploited vulnerabilities. Users can import scan results from Nessus, Nexpose, OpenVAS, and Docker. The tool offers an AI-powered risk assessment using providers like OpenAI and Google Gemini, and a patching priority system that combines CVSS scores, EPSS data, and exploit availability.

Quick Start & Requirements

• Install via pip: pip install -r requirements.txt then pip install --user sploitscan.
• Requires Python.
• API keys for VulnCheck, OpenAI, Google Gemini, xAI Grok, or DeepSeek are optional but enhance functionality.
• Local CVE database update requires several GB of disk space.
• Official documentation: https://github.com/xaitax/SploitScan

Highlighted Details

• Integrates with multiple AI providers for risk assessment.
• Features a patching priority system based on CVSS, EPSS, and exploit availability.
• Supports importing scan results from Nessus, Nexpose, OpenVAS, and Docker.
• Allows keyword-based CVE searching across local and remote sources.
• Can export results to JSON, CSV, or HTML.

Maintenance & Community

• Active development with contributions from multiple individuals.
• Changelog available for tracking updates.
• Author: Alexander Hagenah.

Licensing & Compatibility

• The repository does not explicitly state a license in the README.

Limitations & Caveats

• The license is not specified, which may impact commercial use or redistribution.
• Some features, like AI integration, require external API keys and may incur costs.