Idea : Add a "monitoring mode"

[tigre-bleu]

This is an enhancement idea.

Sometimes for demo purposes, I set up an infrastructure to demonstrate some recent vulnerability exploitation. When I need to do that I check for the latests CVE if there is a public exploit in order to set up the right software. This is very time consuming.

SploitScan kind of cover the second part: when I find an interesting CVE I check for known exploits. It works but this is a one time check, and for recent CVEs an exploit may be published the day after and I don't find out.

What could be done is add a "monitoring mode" where we feed a list of CVEs and Sploitscan regularly checks for exploits on them (maybe once a day). A callback could be configured when new results pop up (for instance a MS Teams Webhook).

One example implementation might be:

To add a CVE to monitoring mode, specifying a timeout when CVE will cease to be monitored (default may be 60 days):

sploitscan monitor add CVE-XXXX-XXXX --timeout 30

To list currently monitored CVE:

sploitscan monitor list
- CVE-XXXX-XXXX : x Exploits, added to monitoring list on XX/XX/XXXX, end of monitoring: XX/XX/XXXX
- CVE-YYYY-YYYY : y Exploits, added to monitoring list on YY/YY/YYYY, end of monitoring: YY/YY/YYYY

To remove a CVE from monitoring:

sploitscan monitor remove CVE-XXXX-XXXX

To launch a refresh (from cron for instance):

sploitscan monitor update

The callback could be configured in a configuration file. It could be a script call with a json object as a parameter (like the current json output but with something that indicated that an exploit is "new")

I know that this is kind of a lot of work as it would require some kind of database to cache the already known exploits for a given CVE and a lot of stuff to be added. Anyway I figured I could drop the idea here for what it worth :)