🔍 Exploit Seek

A client-server application for comprehensive CVE analysis, exploit detection and vulnerability assessment. The system provides a modern web interface with powerful features to aggregate data from multiple trusted sources, helping security professionals evaluate risks, detect available exploits and determine patching priorities through detailed analysis and reporting capabilities.

Installation Guide • Features • Examples • Roadmap

📋 Table of Contents

Click to expand

• 🔍 Exploit Seek
  • 📋 Table of Contents
  • 🎯 Overview
  • ✨ Features
    • Web Interface Features
    • CVE Analysis & Exploit Detection
    • Input Processing
    • Report Generation
    • Performance Optimization
  • 📊 Examples
  • 🚀 Installation
    • Option 1: Quick Start with Docker Hub (Recommended)
    • Option 2: Build from Source
    • Option 3: Manual Installation
  • 🔄 Updates
    • Option 1: Using Watchtower (Automatic)
    • Option 2: Manual Update
  • 📁 Project Structure
  • ⚙️ Configuration
    • Service Configuration
    • API Keys
    • Proxy Configuration
  • 📱 Usage
  • 🔍 Analysis Results
  • 🌐 Resources Used
  • 🛠️ Built With
    • Frontend
    • Backend
    • Infrastructure
  • 🗺️ Roadmap
    • Intelligence Enhancement
    • Scanner Integration
    • Report Improvements
    • Analysis Capabilities
  • 📧 Contact

🎯 Overview

Exploit Seek is a comprehensive client-server application designed to analyze CVE vulnerabilities and detect available exploits. The system features an intuitive web interface with bilingual support, customizable themes, and real-time analysis tracking. It collects and processes data from multiple trusted sources, including exploit databases, security research repositories, and vulnerability intelligence platforms, helping security professionals assess exploitation risks, identify public exploits, and generate detailed analytical reports.

✨ Features

Web Interface Features

• Dark/Light theme support for comfortable work at any time
• Bilingual interface (English/Russian)
• Real-time analysis progress tracking
• File history with quick access to previous reports
• User-friendly settings management:
  • Server configuration
  • API keys management
  • Proxy configuration (HTTP/HTTPS support with authentication)
  • Language selection
  • Theme preferences
• Secure authentication system

CVE Analysis & Exploit Detection

• Comprehensive vulnerability assessment using CVSS scoring system
• Exploitation probability evaluation through EPSS
• Public exploit detection from multiple sources:
  • ExploitDB repository scanning
  • GitHub security research monitoring
  • VulnCheck intelligence integration
• Integration with CISA Known Exploited Vulnerabilities (KEV) catalog
• Nuclei template matching for vulnerability verification
• Advanced patching priority assessment (A+ to D rating) based on:
  • CVSS base scores
  • EPSS probability
  • Public exploit availability
  • Presence in CISA KEV catalog

Input Processing

• Multiple vulnerability scanner format support:
  • REDCheck reports
  • Nmap Vulners output
  • Custom XML formats
• Direct CVE list input
• PDF report analysis
• Plain text file processing

Report Generation

• Detailed Excel reports with:
  • Summary statistics
  • Color-coded priority indicators
  • Data filtering capabilities
  • Multiple sheets for exploits and references
• HTML report generation with interactive elements
• Bilingual report support (English/Russian)

Performance Optimization

• Intelligent caching system for external API responses:
  • Reduces API calls and improves response time
  • Handles rate limits and service outages
  • Caches EPSS scores, exploit data, KEV catalog, and more
  • 24-hour cache duration with automatic invalidation
  • Works offline for previously analyzed CVEs

📊 Examples

View sample reports and outputs in our examples directory:

Excel Report Example

Download sample Excel report: Exploit Seek Report.xlsx

HTML Report Example

View sample HTML report: Exploit Seek Report.html

Application Screenshot

🚀 Installation

Option 1: Quick Start with Docker Hub (Recommended)

# Pull and run the container
docker run -d \
  -p 5000:5000 -p 8080:8080 \
  -v exploit_seek_data:/app/exploit_seek_data \
  --name exploit-seek \
  --restart unless-stopped \
  canso/exploit-seek:latest

# The application will be available at:
# - API Server: http://0.0.0.0:5000 (all interfaces)
# - Web Interface: http://0.0.0.0:8080 (all interfaces)
#
# You can also access it via:
# - http://localhost:5000 and http://localhost:8080
# - http://your-ip:5000 and http://your-ip:8080
# - http://your-hostname:5000 and http://your-hostname:8080

Option 2: Build from Source

# Clone repository
git clone /~https://github.com/cansolele/exploit-seek.git
cd exploit-seek

# Build the image
docker build -t exploit-seek .

# Run the container
docker run -d \
  -p 5000:5000 -p 8080:8080 \
  -v exploit_seek_data:/app/exploit_seek_data \
  --name exploit-seek \
  --restart unless-stopped \
  exploit-seek

Option 3: Manual Installation

Click to expand manual installation steps

1. Clone repository and install dependencies:

# Clone repository
git clone /~https://github.com/cansolele/exploit-seek.git
cd exploit-seek

# Install system dependencies (Ubuntu/Debian)
sudo apt update
sudo apt install -y python3 python3-pip python3-venv nodejs npm

# Create and activate Python virtual environment
python3 -m venv venv
source venv/bin/activate

# Install Python dependencies
cd server
pip install -r requirements.txt

2. Build and start the client:

# Build client
cd ../client
npm install
npm run build

# Start client (available on all interfaces)
npx serve -s dist -l tcp://0.0.0.0:8080

3. Start the server (in a new terminal):

# Activate virtual environment
cd exploit-seek
source venv/bin/activate

# Start server (available on all interfaces)
cd server
gunicorn --worker-class geventwebsocket.gunicorn.workers.GeventWebSocketWorker \
         --workers 1 --bind 0.0.0.0:5000 server:app

The application will be available at:

• API Server: http://0.0.0.0:5000 (all interfaces)
• Web Interface: http://0.0.0.0:8080 (all interfaces)

You can access it using localhost, your IP address, or hostname.

🔄 Updates

Option 1: Using Watchtower (Automatic)

Watchtower can automatically update your container when a new version is available:

# One-time update check
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower --run-once exploit-seek

# Or run Watchtower in the background for automatic updates
docker run -d \
  --name watchtower \
  -v /var/run/docker.sock:/var/run/docker.sock \
  containrrr/watchtower \
  --interval 86400 \
  exploit-seek

Option 2: Manual Update

# Pull the latest image
docker pull canso/exploit-seek:latest

# Stop and remove the old container
docker stop exploit-seek
docker rm exploit-seek

# Run the new container
docker run -d \
  -p 5000:5000 -p 8080:8080 \
  -v exploit_seek_data:/app/exploit_seek_data \
  --name exploit-seek \
  --restart unless-stopped \
  canso/exploit-seek:latest

Your data will be preserved in the exploit_seek_data volume.

📁 Project Structure

exploit-seek/
├─ client/                    # Frontend application
│  ├─ Dockerfile
│  ├─ src/
│  │  ├─ components/         # React components
│  │  │  ├─ Auth/           # Authentication components
│  │  │  ├─ ExploitsTable/  # Main analysis interface
│  │  │  ├─ Footer/         # Footer components
│  │  │  └─ Header/         # Header and settings
│  │  ├─ hooks/             # Custom React hooks
│  │  └─ App.jsx            # Main application component
│  └─ vite.config.js        # Vite configuration
├─ server/                   # Backend application
│  ├─ Dockerfile
│  ├─ config/               # Configuration files
│  │  └─ service_config.py  # Service settings
│  ├─ constants/            # Application constants
│  │  ├─ api_endpoints.py   # API endpoints
│  │  ├─ directories.py     # Directory paths
│  │  ├─ messages.py        # Message strings
│  │  └─ thresholds.py      # Threshold values
│  ├─ models/               # Database models
│  ├─ parsers/              # Input data parsers
│  │  ├─ base_parser.py     # Base parser class
│  │  ├─ manual_parser.py   # Manual input parser
│  │  ├─ nmap_parser.py     # Nmap XML parser
│  │  └─ redcheck_parser.py # RedCheck parser
│  ├─ routes/               # API routes
│  │  ├─ exploits_routes.py # Exploit analysis routes
│  │  └─ settings_routes.py # Settings management
│  ├─ services/             # Business logic services
│  │  ├─ api/              # External API services
│  │  │  ├─ nvd_service.py      # NVD API integration
│  │  │  ├─ epss_service.py     # EPSS API integration
│  │  │  ├─ exploitdb_service.py # ExploitDB integration
│  │  │  ├─ github_service.py    # GitHub API integration
│  │  │  ├─ kev_service.py       # KEV API integration
│  │  │  ├─ nuclei_service.py    # Nuclei integration
│  │  │  └─ vulncheck_service.py # VulnCheck integration
│  │  ├─ base/             # Base service classes
│  │  │  ├─ api_service.py    # Base API service
│  │  │  └─ cache_service.py  # Caching service
│  │  ├─ exploits_service.py # Exploit analysis service
│  │  ├─ file_service.py    # File operations service
│  │  └─ report_service.py  # Report generation service
│  ├─ server.py            # Main server file
│  └─ requirements.txt     # Python dependencies
├─ exploit_seek_data/      # Application data
│  ├─ cache/              # API response cache
│  ├─ databases/          # Local databases
│  ├─ logs/              # Application logs
│  ├─ reports/           # Generated reports
│  └─ uploads/           # Uploaded files
└─ docker-compose.yml     # Docker configuration

⚙️ Configuration

Service Configuration

The application uses a centralized configuration system located in server/config/service_config.py that controls various aspects of API services. When running in Docker, the configuration directory is mounted as a volume, allowing you to edit settings without rebuilding the container:

1. Edit server/config/service_config.py on your host machine
2. Changes will be immediately available to the application
3. No container restart required for most configuration changes

The configuration includes:

• Cache Settings:
  • CACHE_TTL: Time-to-live for cached responses (default: 24 hours)
  • CACHE_SIZE_LIMIT: Maximum number of items in cache
  • CACHE_CLEANUP_INTERVAL: Interval for automatic cache cleanup
  • Empty results are also cached to prevent unnecessary API calls

API Keys

The application requires API keys for full functionality:

• NVD API key: Register at NVD Portal
• VulnCheck API key: Available at VulnCheck

Configure these in the application settings after installation.

Proxy Configuration

The application supports HTTP/HTTPS proxy configuration that can be set up either globally through the web interface or individually for specific services in server/config/service_config.py. This allows you to control which services use proxy and which connect directly.

Configure proxy settings in the application settings after installation.

📱 Usage

1. Initial Setup
   • Server address is automatically detected when client and server are on the same host
   • If needed, configure server address manually in settings
   • Set up API keys (NVD, VulnCheck)
   • Choose interface language (English/Russian)
   • Select theme mode (Dark/Light)
   • Configure other interface preferences
2. Data Input
   • Choose input method (manual/file upload)
   • Select vulnerability scanner type
   • Upload or enter CVE data
3. Analysis Configuration
   • Select data sources
   • Configure output settings
   • Choose sorting options
4. Report Generation
   • Select report format (HTML/Excel)
   • Configure report details
   • Download and view results

🔍 Analysis Results

Reports include:

• Detailed CVE information with CVSS scores
• Exploitation probability assessments
• Available public exploits from multiple sources
• Patching priority recommendations
• References and additional resources

Excel reports feature:

• Color-coded priority indicators
• Custom data filtering
• Multiple data sheets
• Summary statistics

HTML reports provide:

• Interactive elements
• Comprehensive data presentation
• Easy navigation
• Export capabilities

🌐 Resources Used

• NVD - CVE information and CVSS scores
• FIRST.org - EPSS scoring
• CISA - Known Exploited Vulnerabilities Catalog
• Offensive Security - Exploit Database
• Project Discovery - Nuclei Templates
• VulnCheck - Vulnerability Intelligence

🛠️ Built With

Frontend

• React + Vite
• Material-UI
• Socket.IO Client
• Recharts

Backend

• Flask
• SQLAlchemy
• Flask-SocketIO
• OpenPyXL
• Jinja2

Infrastructure

• Docker
• Docker Compose
• Gunicorn
• Gevent

🗺️ Roadmap

Upcoming features and improvements:

Intelligence Enhancement

• 🧠 Neural analysis integration with Ollama
• 🤖 AI-powered vulnerability assessment
• 📈 Advanced risk prediction models

Scanner Integration

• 🔍 Additional vulnerability scanner support
• 🔄 Automated scan result import

Report Improvements

• 📊 Enhanced interactive HTML reports
• 🎨 Customizable report templates
• 📈 Advanced data visualization options

Analysis Capabilities

• 🔍 Deep learning-based exploit detection
• 🎯 Enhanced risk scoring algorithms
• 🔄 Real-time threat intelligence integration

📧 Contact

For questions, bug reports, and suggestions, please contact: shvs@cbi-info.ru

---