Skip to content

Releases: anmolksachan/ThreatTracer

ThreatTracer_v5

Choose a tag to compare

@anmolksachan anmolksachan released this 10 Jul 17:38
dfe3d91

5.0.1

Changed

  • Lowered requires-python to >=3.9 (was >=3.10). The codebase uses
    from __future__ import annotations throughout and typing.List/Optional
    in models, with no match/case, zip(strict=), or PEP 604 (X | Y) unions
    in evaluated positions, so it runs on 3.9 (e.g. macOS system Python).
    3.10+ is still recommended and is what the test suite is run against.

Changelog

5.0.0

Added

  • Risk-ranked triage engine (core/triage.py) — every scan now produces a
    deterministic 0-100 priority score per CVE, blending CISA KEV membership,
    EPSS probability, CVSS severity, and public exploit-tooling maturity. Shown
    with --summarize as a "Prioritised Findings" table.
  • Optional local-LLM briefing (core/llm_summary.py) — --summarize
    produces a plain-language triage briefing. Talks to a local Ollama or any
    OpenAI-compatible server (llama.cpp, LM Studio, vLLM). No data leaves the
    machine, no cloud key required. Falls back to a deterministic heuristic
    briefing whenever no model is reachable — a scan never fails because of the LLM.
  • Report writer (cli/report.py) — --report out.md / --report out.html
    writes a self-contained report (the HTML prints cleanly to PDF).
  • doctor command — checks API keys, network reachability (NVD/EPSS/KEV/GitHub),
    cache location, and local-LLM availability in one shot.
  • config now stores LLM settings (--llm-provider, --llm-model,
    --llm-ollama-url, --llm-openai-url) and has --show.
  • CVE-ID validation helpers (utils/validate.py).

Changed

  • python-Wappalyzer is now an optional extra (pip install threattracer[asset]);
    the base install is leaner and no longer breaks if Wappalyzer fails to build.
    Header/body fingerprinting still works without it.
  • Nuclei client rewritten with bounded concurrency, config-driven metadata
    fetching, and a lock so concurrent CVEs in the same year hit GitHub once.
  • HTTP client: 404 now means "no results" (returns None) instead of raising;
    added a public raw_get() so the asset scanner no longer pokes private internals.
  • Atomic config writes; robust handling of corrupt config files.

Fixed

  • Malformed CVE IDs (CVE-, NOTACVE, empty) now degrade to empty results
    instead of raising IndexError deep in the network clients.
  • Metasploit reference matching handles both 2021-44228 and CVE-2021-44228
    reference forms.
  • Top-level CLI exceptions are caught and reported cleanly (no raw tracebacks);
    Ctrl-C exits with code 130.

v4.1.0 - Asset Scanning, CISA KEV, Nuclei & Metasploit Intelligence

Choose a tag to compare

@anmolksachan anmolksachan released this 20 Feb 07:20
dfba6ef

What's New in v4.1.0

🌐 Asset Scanning (threattracer asset)

Point ThreatTracer at any live URL — it fingerprints the tech stack automatically
(Wappalyzer + header/body detection) and runs full CVE intelligence for every
detected component. Supports single targets and batch files with concurrency control.

🔥 CISA KEV Integration

Every scan now checks the CISA Known Exploited Vulnerabilities catalog.
KEV entries surface at the top with --sort kev — confirmed real-world exploitation,
no speculation needed.

⚡ Nuclei Template Discovery

Automatically finds ProjectDiscovery Nuclei templates for each CVE and prints
the exact nuclei -id command to run. One step from finding to confirming.

🎯 Metasploit Module Lookup

Searches the Metasploit module index for CVE references and shows the exact
use command in the detail panel.

🐳 Vulhub PoC Environments

Docker-based PoC environments auto-discovered alongside GitHub PoC repos.

🔧 Other Improvements

  • Fixed PoC URL parsing (trickest URL, trailing punctuation stripping, fork filtering)
  • New --sort kev and --sort epss options
  • CSV output now includes Nuclei/MSF/KEV columns
  • weaponised flag distinguishes MSF/KEV hits from generic PoC availability
  • SQLite cache covers all new sources (KEV, Nuclei, MSF indexed once, queried fast)

Full install:

git clone https://github.com/anmolksachan/ThreatTracer.git
cd ThreatTracer && pip install -e .

Original tool by @FR13ND0x7f · @0xCaretaker · @meppohak5

threattracer_v3.0

Choose a tag to compare

@anmolksachan anmolksachan released this 02 May 07:33
6c9ea49

Version 3.0 Updates

[This version is an update behind right now.]

  • Added NVD API key support for authenticated requests
  • New CLI options: --cpe, --cve, --poc, --more for granular control
  • Integrated CVE PoC lookup from GitHub
  • Enhanced Marc Full Disclosure exploit search
  • Configurable API key storage (~/.cve_finder.cfg)
  • Improved retry logic with rate-limit handling
  • Direct CVE/CPE lookup modes added
  • Modularized code structure for maintainability
  • Colored output formatting for readability
  • Added exploit status checks via PyExploitDb
  • Better error handling and user feedback

threattracer_v2.2

Choose a tag to compare

@anmolksachan anmolksachan released this 09 Feb 13:39
125e520

Major changes due to sunset of NIST 1.0 API

threattracer_v2.1

Choose a tag to compare

@anmolksachan anmolksachan released this 14 Sep 05:53
c702ee7

The new release of the code optimizes the previous version by incorporating asynchronous HTTP requests using the aiohttp library and supports reverse POC lookup using pyExploitDb and https://poc-in-github.motikan2010.net API.
More Details available over readme

ThreatTracer Version 1

Pre-release

Choose a tag to compare

@anmolksachan anmolksachan released this 11 Sep 07:07
5f79859

Version 1

threattracer_v2

threattracer_v2 Pre-release
Pre-release

Choose a tag to compare

@anmolksachan anmolksachan released this 11 Sep 07:02
cc5dfb4

Changelog:
Fixed script run time errors.
Add every CVE public exploit availability.