Exploit Intelligence Platform — CVE & Vulnerability Scanner

Audit a technology stack for exploitable vulnerabilities. Accepts a comma-separated list of technologies (max 5) and searches for critical/ high severity CVEs with public exploits for each one, sorted by EPSS exploitation probability. Use this when a user describes their infrastructure and wants to know what to patch first. Example: technologies='nginx, postgresql, node.js' returns a risk-sorted list of exploitable CVEs grouped by technology.

Check the EIP API health and data freshness. Returns database status and timestamps for each of the 10 ingestion sources (NVD, KEV, EPSS, ExploitDB, GitHub, Metasploit, etc.).

Generate a pentest report finding in Markdown format for a specific vulnerability. Fetches full detail and formats it as a professional finding with severity, CVSS, description, affected products, exploit availability, and references. Accepts both CVE-IDs and EIP-IDs. Optionally include the target system tested and tester notes. The output is ready to paste into a pentest report. Example: cve_id='CVE-2024-3400', target='fw.corp.example.com', notes='Confirmed RCE via GlobalProtect gateway'.

Get an exploit author's profile with all their exploits. Returns author name, handle, total exploit count, activity start date, and a paginated list of their exploits with CVE context. Use this when asked about a specific researcher like 'show me all exploits by Chocapikk'.

Get details for a specific CWE including full name, description, exploit likelihood, parent CWE, and total vulnerability count. Example: cwe_id='CWE-79' returns details about Cross-Site Scripting.

Retrieve the source code of a specific exploit by its platform ID. IMPORTANT: Use the platform's internal ID shown as [id=XXXXX] in results, NOT the ExploitDB number (EDB-XXXXX). These are different numbering systems. Returns code from the exploit archive. If no file_path is specified, auto-selects the most relevant code file. Use this to analyze exploit mechanics, understand attack techniques, or review PoC code.

Get Nuclei scanner templates and recon dorks for a vulnerability. Returns template metadata, severity, verification status, tags, and ready-to-use Shodan, FOFA, and Google dork queries for target identification. Accepts both CVE-IDs and EIP-IDs. Use this to plan scanning or reconnaissance.

Get platform-wide statistics from the Exploit Intelligence Platform. Returns total counts of vulnerabilities, exploits, KEV entries, Nuclei templates, vendors, and authors, plus the last data update timestamp.

Get a full intelligence brief for a specific vulnerability. Accepts both CVE-IDs (e.g. CVE-2024-3400) and EIP-IDs (e.g. EIP-2026-12345 for pre-CVE entries). Returns detailed information including CVSS score and vector, EPSS exploitation probability, CISA KEV status, description, affected products, ranked exploits (grouped by Metasploit modules, verified ExploitDB, GitHub PoCs, and trojans), Nuclei scanner templates with recon dorks, alternate identifiers, and references. Exploits are ranked by quality: Metasploit modules first (peer-reviewed), then verified ExploitDB, then GitHub by stars. Trojans are flagged at the bottom.

List exploit authors/researchers ranked by exploit count. Returns the top security researchers with their exploit counts and handles. Use this when asked 'who are the top exploit authors?' or 'who writes the most exploits?'

List CWE (Common Weakness Enumeration) categories ranked by vulnerability count. Returns CWE IDs, names, short labels, exploit likelihood, and how many CVEs have that weakness. Use this when asked 'what are the most common vulnerability types?'

List products for a specific vendor with vulnerability counts. Use this to discover exact product names for filtering. Product names in the database use CPE conventions (e.g. 'exchange_server' not 'exchange', 'windows_10' not 'windows 10'). Example: vendor='microsoft' returns products like exchange_server, windows_10, office, edge_chromium.

List software vendors ranked by vulnerability count. Returns the top 200 vendors with their total CVE counts. Use this when asked 'which vendors have the most vulnerabilities?' or to understand the threat landscape by vendor.

Look up a vulnerability by an alternate identifier such as an ExploitDB ID (EDB-XXXXX) or GitHub Security Advisory ID (GHSA-XXXXX). Returns the matching CVE-ID with basic severity info. Use this when you have an EDB number or GHSA ID and need to find the corresponding CVE.

Browse and filter exploits using STRUCTURED FILTERS ONLY (no free-text query). Use this to filter by source (github, metasploit, exploitdb, nomisec), language (python, ruby, etc.), LLM classification (working_poc, trojan, suspicious, scanner, stub, writeup), author, min stars, code availability, CVE ID, vendor, or product. Also filter by AI analysis: attack_type (RCE, SQLi, XSS, DoS, LPE, auth_bypass, info_leak), complexity (trivial/simple/moderate/complex), reliability (reliable/unreliable/untested), requires_auth. NOTE: To search by product name (e.g. 'OpenSSH', 'Apache'), use search_vulnerabilities instead — it has free-text query and get_vulnerability already includes exploits in the response. Examples: source='metasploit' for all Metasploit modules; attack_type='RCE' with reliability='reliable' for weaponizable RCE exploits; cve='CVE-2024-3400' for all exploits targeting a specific CVE; vendor='mitel' for all Mitel exploits.

Search the Exploit Intelligence Platform for vulnerabilities (CVEs). Returns a list of matching CVEs with CVSS scores, EPSS exploitation probability, exploit counts, and CISA KEV status. Supports full-text search, severity/vendor/product/ecosystem/CWE filters, and CVSS/EPSS thresholds. Use this for broad searches like 'apache vulnerabilities' or filtered queries like 'critical Fortinet CVEs with exploits'. Examples: query='apache httpd' with has_exploits=true; vendor='fortinet' with severity='critical' and is_kev=true sorted by epss_desc; cwe='89' with min_cvss=9 for critical SQL injection CVEs.