Vulnerability

Vulnerability Assessment System

Analyzes PCAP files or Nmap XML scan output to identify potential vulnerabilities. Matches network traffic and discovered services against known vulnerabilities from NVD, ExploitDB, and RouterSploit framework.

What It Does

1. PCAP Analysis using vulnerability-focused tshark filters
2. XML Parsing with NSE script analysis and CVE extraction
3. Vulnerability Matching against:
   • NVD vulnerability database
   • ExploitDB metadata (safe download - no exploit code)
   • RouterSploit framework modules
4. Risk Assessment with severity-based recommendations

---

Directory Structure

Path	Purpose
main.py	Entry point: processes PCAP or XML input
core/	Python modules for extraction, matching, and DB handling
data/input/	Drop .pcap and .xml files here
data/output/	Outputs from extraction and matching
data/db/	Flattened NVD, merged exploit CSVs, etc.
exploit_db/	Source CVE and exploit data from ExploitDB and NVD
tools/	Optional scripts like pyVIP visualization
docs/	Setup guide and internal documentation

---

Quick Start

1. Drop your .pcap or .xml file in data/input/
2. Run the pipeline:

python main.py

3. You'll be prompted to enter the input file path (or press Enter for the default)

4. Results will be saved to:

• data/output/pcap_matches.csv — for PCAP inputs
• data/output/nmap_matches.csv — for Nmap XML inputs

---

Visualize in 3D (Optional)

To launch a 3D scatter plot in Virtualitics Explore:

python tools/pyvip_exploit_scatter.py

You’ll be prompted for:

• Your pyVIP API token
• The path to the match results CSV

Explore matches by IP, CVE ID, and exploit metadata.

---

Data Sources & Repositories

This vulnerability assessment system leverages multiple open-source repositories and data sources:

Vulnerability Databases

• National Vulnerability Database (NVD): https://services.nvd.nist.gov/rest/json/cves/2.0

  • Official U.S. government repository of standards-based vulnerability management data
  • Provides comprehensive CVE details, CVSS scores, and technical descriptions

• ExploitDB: https://gitlab.com/exploit-database/exploitdb

  • Comprehensive archive of public exploits and corresponding vulnerable software
  • Uses safe CSV metadata approach (no exploit code downloaded)

Security Frameworks

• RouterSploit Framework: https://github.com/threat9/routersploit
  • Exploitation framework for embedded devices
  • Provides authentic module data for router, IoT, and embedded device vulnerabilities

Network Analysis Tools

• Wireshark/tshark: Built-in network packet analyzer
  • Command-line packet analysis for PCAP processing
  • Enables programmatic network traffic dissection

Optional Visualization

• Virtualitics Explore: 3D data visualization platform
  • For interactive vulnerability scatter plot analysis
  • Requires separate pyVIP API token for 3D visualization features

---

Requirements

• Python 3.8+
• tshark must be installed and available in your PATH
• Install dependencies via:

pip install -r requirements.txt

---

Update Vulnerability Database

To regenerate the merged exploit dataset:

python core/nvd_flattener.py
python core/exploitdb_merger.py
python core/exploitdb_indexer.py

---

Extend It

• Add your own proprietary indicators under:

  exploit_db/custom/
  

• Modify the matching logic in core/vulnerability_matcher.py as needed.

---

Ideal For

• Packet forensics (live or post-incident)
• Air-gapped network defense
• Embedded threat intel into analyst workflows
• Integration with 3D visual analytics