Analyze CVEs and assess system security using AI.
This command-line tool integrates with OpenAI (GPT-4o) and the National Vulnerability Database (NVD) to provide insightful security analysis based on your natural language questions about vulnerabilities and software components.
Created by: Luke Farch
- 🗣️ Natural Language Queries: Ask questions about CVEs just like you normally would.
- 🔍 NVD Integration: Queries the official NVD for up-to-date vulnerability information.
- 🧠 AI-Powered Analysis: Leverages OpenAI (GPT-4o) for Red Team vs. Blue Team perspectives.
- 📊 Difficulty Levels: Tailor the analysis depth (
novice,easy,medium,hard,master). - 🎨 Rich Output: Uses the
richlibrary for beautifully formatted terminal output, including Markdown rendering. - 🧩 Entity Extraction: Intelligently identifies CVE IDs, components, versions, severity, dates, and difficulty from your query.
Follow these steps to get the CVE Analysis CLI up and running:
-
Clone the Repository:
git clone https://github.com/LukeFarch/cve-cli # Navigate into the correct project directory -
Create & Activate Virtual Environment:
# Create (using venv) python -m venv env # Activate # Windows (PowerShell/Git Bash) source env/Scripts/activate # macOS/Linux # source env/bin/activate
-
Install Dependencies:
pip install -r requirements.txt
-
Set Environment Variables: 🔑 You need API keys for OpenAI and NVD.
- OpenAI Key: Get from platform.openai.com/account/api-keys
- NVD Key: Get from nvd.nist.gov/developers/request-an-api-key
Set them in your terminal session:
# === Windows (PowerShell) === $env:OPENAI_API_KEY="YOUR_OPENAI_KEY" $env:NVD_API_KEY="YOUR_NVD_KEY" # === Windows (Command Prompt) === # set OPENAI_API_KEY=YOUR_OPENAI_KEY # set NVD_API_KEY=YOUR_NVD_KEY # === macOS/Linux === # export OPENAI_API_KEY='YOUR_OPENAI_KEY' # export NVD_API_KEY='YOUR_NVD_KEY'
💡 Tip: For persistence, add these to your shell's profile (
.bashrc,.zshrc, etc.) or use a.envfile manager.
Launch the interactive CLI:
python cve_cli.pyThe script will greet you with:
>> Type your security question or '/exit' to quit.
❓ Example Queries:
What are the critical vulnerabilities in Apache Struts reported last year? mediumTell me about CVE-2021-44228 (Log4Shell). hardFind easy exploits for Windows Server 2019 published since 2023-01-01.How can I exploit log4j? noviceWhat CVE lets me upload a shell to an outdated Apache 2.2 server? master
➡️ Remember to append the desired difficulty level to your query!
➡️ Type /exit to quit.
This project is licensed under the MIT License. See the LICENSE file for full details.
- Add more API's to pull from
- /tabletop mode
- /attackpath mode
- hasid from a py lib?
- Support for any HF model for NLP or chatbot
- Support for any LLM provider