secator icon indicating copy to clipboard operation
secator copied to clipboard
verified publisher icon freelabz

Improve exploit naming for vulners

Open Copilot opened this issue 1 month ago • 3 comments

Improve exploit naming for vulners

Current Issue:

Exploits from vulners.com are currently named after their ID (e.g., F7F6E599-CEF4-5E03-8E10-FE18C4101E38) instead of using the actual exploit title from the vulners website.

Solution:

Modified lookup_cve_from_vulners_exploit in _categories.py to:

  1. Extract exploit title from the vulners.com page (h1 or page title)
  2. Find ALL CVE IDs mentioned in the page content
  3. Return a dict with exploit metadata (NAME, CVES list) merged with vulnerability data if available
  4. Falls back to exploit ID if title is unavailable

Modified _parse_vulners_output in nmap.py to:

  1. Use the exploit metadata to update the exploit name
  2. Add all found CVE IDs to the exploit's cves list field
  3. Still yield vulnerability data if found for the first CVE

Changes Made:

  • The function now directly updates the vulnerability data dict with exploit metadata (NAME, CVES) instead of returning a tuple
  • Extracts all CVE IDs from the page and links them to the exploit via the cves list field
  • Uses the page title/h1 for the exploit name instead of the UUID
  • Uses constants (NAME, CVES) instead of magic strings for consistency with the codebase

Result:

Exploits will now display their actual titles (e.g., "Apache Struts RCE Exploit") instead of UUIDs, and all related CVE IDs found on the page are linked to the exploit.

  • Fixes freelabz/secator#300
Original prompt

This section details on the original issue you should resolve

<issue_title>feat: improve exploit naming for vulners</issue_title> <issue_description>Currently exploits are named after their ID on vulners.com:

⍼  [F7F6E599-CEF4-5E03-8E10-FE18C4101E38 🡕] <TARGET> [script:vulners, service_name:apache httpd/2.4.56] [nmap]

we can improve this by using the title in the vulners page:

⍼  [Exploit for Uncontrolled Resource Consumption in Ietf Http 🡕] develop.pgi.ochinfo.fr:443 [script:vulners, service_name:apache httpd/2.4.56] [nmap]
```</issue_description>

## Comments on the Issue (you are @copilot in this section)

<comments>
</comments>
  • Fixes freelabz/secator#300

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot avatar Nov 22 '25 14:11 Copilot

[!IMPORTANT]

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot] avatar Nov 22 '25 14:11 coderabbitai[bot]

@copilot Don't return a tuple, simple update the vuln title if it was found in the page. Also, tey to find a CVE id in the page and link it with the exploit using the cves list field.

ocervell avatar Nov 22 '25 17:11 ocervell

@copilot Don't return a tuple, simple update the vuln title if it was found in the page. Also, tey to find a CVE id in the page and link it with the exploit using the cves list field.

Done in commit 0de5c5f. The function now returns a dict with exploit metadata (name, cves list) instead of a tuple. When a CVE is found, the exploit metadata is merged into the vulnerability data. All CVE IDs found in the page are extracted and added to the exploit's cves list field.

Copilot avatar Nov 22 '25 17:11 Copilot