Live Dashboard — KEV × EPSS
Data sources: CISA KEV (GitHub mirror) | FIRST EPSS API
Loading…
| CVE | Vendor / Product | Title | Date Added | Due | EPSS | Links |
|---|
Prioritisation Model
1) Confirm “exploited-in-the-wild”
Treat items in CISA KEV as highest priority for triage and remediation.
Reference: CISA KEV
2) Likelihood × Impact
Use EPSS (probability of exploitation) alongside impact metrics (CVSS from NVD/vendor) to rank where to focus first.
3) Exploitability & Context
Check availability and quality of PoCs (e.g., Exploit-DB) and community context (e.g., AttackerKB). Validate only in a sandboxed lab.
Reference: Exploit-DB, AttackerKB
OSINT Sources & Tooling
Feeds & Databases
- CISA KEV (GitHub mirror) — JSON/CSV with CC0 license.
- NVD CVE Search — CVSS, references, CPEs. (Browser calls are rate-limited.)
- CVE.org — canonical CVE records.
- OSV — OSS advisories (aggregated).
- GitHub Advisory Database (requires token for API).
- Exploit-DB &
searchsploit(Kali).
Recon & Validation
- Nmap (NPSL license)
- OpenVAS / Greenbone CE
- OWASP ZAP
- theHarvester
- SpiderFoot (self-hosted)
- Social-Analyzer (self-hosted)
- Ahmia • OnionScan • TorBot
Quick Lookups
Opens tabs for NVD, CVE.org, Exploit-DB, AttackerKB, OSV for the CVE ID.
Doctrine & Compliance (UK Gov)
Built from two research reports: (1) Top Free OSINT Tools (multi-category survey) and (2) UK Gov OSINT Tools Research (licensing, OPSEC, doctrine). Key tenets:
- Passive → Active progression. Start with passive OSINT (KEV, EPSS, theHarvester, SpiderFoot). Move to active scanning (ZAP, Nmap, OpenVAS) only with written authorization.
- Exploit relevance. Confirm exposure and versions; prioritise KEV; weigh EPSS probability; verify exploit maturity; validate only in sandbox/lab.
- Self-hosting & data minimisation. Prefer self-hosted tools (SpiderFoot, Social-Analyzer). Avoid leaking targets/queries to third parties.
- Legal anchors (UK). Adhere to the Computer Misuse Act 1990 and Investigatory Powers Act 2016; operational activity requires proper warrants/authorisations.
Operational notes
- Use isolated VMs, non-attributable egress, strict API-key handling, and evidence chain-of-custody.
- Prefer vendor PSIRTs and official guidance for patching context; handle PoCs in a sandbox only.
- Beware malicious PoCs in public repos; vet before execution.