CVE Half-Day Watcher is a security tool designed to identify potential "half-day" vulnerabilities, where a CVE is publicly known and potentially exploitable before an official patch is released. It targets security researchers, developers, and maintainers by flagging CVEs with linked GitHub commits or PRs that haven't yet been incorporated into a release.

How It Works

The tool scans the National Vulnerability Database (NVD) for recently published CVEs. For each CVE, it checks for associated GitHub references like commits or pull requests. It then verifies if these fixes have been included in a GitHub release. If a release containing the fix is not found, the CVE is flagged as a potential "half-day" vulnerability. Additionally, it can scan specific GitHub repositories for suspicious PRs and issues using keyword matching and OpenAI for validation, alerting maintainers to potential risks.

Quick Start & Requirements

• Install dependencies: pip install -r requirements.txt
• Requires Python.
• Requires a GitHub token for authentication.
• Optional OpenAI API key for repository scanning validation.
• Official documentation: https://github.com/Aqua-Nautilus/CVE-Half-Day-Watcher

Highlighted Details

• Identifies CVEs with GitHub references (commits, PRs, issues) lacking official releases.
• Scans GitHub repositories for security-vulnerability-related PRs and issues.
• Utilizes keyword matching and OpenAI for enhanced repository scanning.
• Offers both NVD feed scanning and specific repository scanning modes.

Maintenance & Community

• No specific community links (Discord/Slack) or roadmap mentioned in the README.

Licensing & Compatibility

• Licensed under the MIT License.
• Permissive license suitable for commercial use and integration into closed-source projects.

Limitations & Caveats

The tool is described as a proof of concept, indicating it may be experimental and subject to further development. The repository scanning feature's effectiveness relies on the quality of OpenAI's validation and the chosen keywords.