Skip to content

Releases: xaitax/SploitScan

v0.12.0

26 Jan 11:27
@xaitax xaitax
v.0.12.0
39cd751
Compare
Choose a tag to compare
v0.12.0 Latest
Latest

  • CVSS Parsing Enhancements
    Updated the extract_cvss_info() function to handle a broader range of CVSS fields: checks for CVSSv4.0, v3.1, v3.0, and v3 in that order, and then falls back to ADP entries if necessary.

  • Date Parsing Unification
    Introduced a new parse_iso_date() helper. Replaced direct datetime.fromisoformat() calls throughout the code with this function for consistent date formatting, including error handling for trailing Z characters.

  • VulnCheck Key Handling
    Improved error handling for the VulnCheck API key check—now returns a clearer error message if no VulnCheck key is configured.

  • HTML Report Template Overhaul
    Updated and reformatted the HTML export template for improved readability and consistency. Enhanced the layout for displaying references, exploit details, and the AI-powered risk assessment. Moved to a more standardized code style.

  • Refined Public Exploits Display
    Enhanced how exploit PoCs are sorted and displayed.

  • Dependency Upgrades
    Updated requests (2.32.2 → 2.32.3), jinja2 (3.1.4 → 3.1.5), and openai (1.30.2 → 1.60.1) in requirements.txt.

  • General Code Cleanup

    • Organized imports and method parameters for clarity (e.g., specifying params= in all relevant requests).
    • Tweaked debug output for loading the configuration file, making it more verbose and consistent.
    • Adjusted logic for selecting public exploits to be clearer and more maintainable.
Assets 2
Loading

v0.11.0

05 Sep 18:07
@xaitax xaitax
v.0.11.0
a40bd91
Compare
Choose a tag to compare
v0.11.0
  • Method Selection Added: Introduced a new -m argument to allow users to selectively run specific methods (e.g., cisa, epss, hackerone, ai, prio, references). This enables more granular control over which data sources and assessments are retrieved for each CVE.
  • Import List Auto-Detection: Added functionality to automatically detect and handle plain text CVE lists when using the -i option without specifying an import type (-t). If the file is detected as a plain text CVE list, it will import the CVE IDs directly without requiring a specific type.
  • CSV Export Fix: Fixed an issue where CISA data was not properly exported to CSV. Now, all relevant CISA information is included in the exported CSV file.
  • HTML Export Fix: Resolved an issue where NoneType errors caused the HTML export to fail. Improved error handling to ensure that missing or empty data does not interrupt the export process.
Assets 2
Loading

v0.10.5

13 Aug 10:54
@xaitax xaitax
v0.10.5
4fae4a2
Compare
Choose a tag to compare
v0.10.5

[13. August 2024] - Version 0.10.5

  • General Improvements: Prevent IndexError by checking for non-empty lists before accessing elements.
Assets 2
Loading

v0.10.4

18 Jul 10:00
@xaitax xaitax
v0.10.4
7e1e234
Compare
Choose a tag to compare
v0.10.4

[18. July 2024] - Version 0.10.4

  • CVE ID Export: Fixed the display of the CVE ID not exporting in HTML.
  • Enhanced CVE Retrieval: Fixed the retrieval of missing CVE information if nested differently.
Assets 2
Loading

v0.10.3

30 Jun 14:25
@xaitax xaitax
v0.10.3
49f157a
Compare
Choose a tag to compare
v0.10.3
  • Main Function Refactoring: Refactored the main function into smaller, modular functions to improve maintainability and readability.
  • Public Exploit Display Enhancements: Reworked the public exploit display to include the total number of exploits and better error handling.
  • Improved Error Handling: Enhanced error handling for API key configurations and data fetching, especially for VulnCheck.
Assets 2
Loading

v0.10.2

30 Jun 09:17
@xaitax xaitax
v0.10.2
fb0aaa5
Compare
Choose a tag to compare
v0.10.2

[30. June 2024] - Version 0.10.2

  • Custom Configuration Path: Added support for specifying a custom configuration file path using the --config or -c command-line argument.
  • Platform-Specific Directories: Added support for platform-specific (*nix, macOS, Windows) configuration directories.
  • Debug Mode: Improved debug output for configuration file loading.
Assets 2
Loading

v0.10.1

27 Jun 14:43
@xaitax xaitax
v0.10.1
3a0abef
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.10.1

[27. June 2024] - Version 0.10.1

  • HackerOne Integration: Added support for searching through HackerOne and displays if the CVE was used in any Bug Bounty program including its rank.
  • General Improvements: Various bug fixes.
Assets 2
Loading

v0.10.0

26 Jun 19:56
@xaitax xaitax
v0.10.0
d0d9e73
Compare
Choose a tag to compare
v0.10.0

[26. June 2024] - Version 0.10

  • HackerOne Integration: Added support for searching through HackerOne and displays if the CVE was used in any Bug Bounty program including its rank.
  • General Improvements: Various bug fixes.
Assets 2
Loading

v0.9.1

24 May 20:00
@xaitax xaitax
v0.9.1
1936e65
Compare
Choose a tag to compare
v0.9.1
  • AI-Powered Risk Assessment: Integrated OpenAI for detailed risk assessments, potential attack scenarios, mitigation recommendations, and executive summaries (needs OpenAI API key).
  • CVE Information Retrieval: Due to API rate limits and instabilities replaced NIST NVD with CVE Program.
  • General Improvements: Various bug fixes and performance improvements.
Assets 2
Loading

v0.9

24 May 19:55
@xaitax xaitax
v0.9
488e2d2
Compare
Choose a tag to compare
v0.9
  • AI-Powered Risk Assessment: Integrated OpenAI for detailed risk assessments, potential attack scenarios, mitigation recommendations, and executive summaries (needs OpenAI API key).
  • CVE Information Retrieval: Due to API rate limits and instabilities replaced NIST NVD with CVE Program.
  • General Improvements: Various bug fixes and performance improvements.
Assets 2
Loading