🛡️ CVE Intelligence & Security Analysis Toolkit

A comprehensive collection of tools and resources for vulnerability management, CVSS scoring, and security analysis. Built for security professionals, researchers, and students preparing for vulnerability management assessments.

📋 Overview

This repository contains:

• CVE Aggregator: Automated tool to fetch and analyze recent CVEs from NVD
• CVSS Calculator: Interactive web-based calculator for CVSS v3.1 scoring
• Educational Guides: Comprehensive documentation on CVE, CVSS, CWE, and OWASP
• Practice Materials: Real-world case studies and assessment preparation resources

🚀 Quick Start

CVE Aggregator

Automatically fetch and generate reports of recent vulnerabilities from the National Vulnerability Database.

# Install dependencies
pip install -r cve-aggregator/requirements.txt

# Run the aggregator
python cve-aggregator/main.py

Configuration (config.json):

{
  "api_url": "https://services.nvd.nist.gov/rest/json/cves/2.0",
  "days_back": 7,        // Look back 7 days
  "min_cvss": 7.0,       // Minimum severity threshold
  "output_dir": "output" // Report destination
}

Output: Generates markdown reports in output/ directory with:

• CVE summaries sorted by severity
• CVSS scores and vectors
• CWE classifications
• Reference links

CVSS Calculator

Browser-based calculator for computing CVSS v3.1 scores with real-time feedback.

# Open in browser
open cvss-calculator/index.html

Features:

• Interactive metric selection (Attack Vector, Complexity, etc.)
• Real-time score calculation
• Vector string generation and parsing
• Copy/export functionality
• No server required - runs entirely client-side

📚 Documentation

CVE/CVSS/CWE/OWASP Guide

Complete reference covering:

• CVE: Unique vulnerability identifiers and lifecycle
• CVSS: Scoring system with base, temporal, and environmental metrics
• CWE: Weakness classification and pattern recognition
• OWASP: Top 10 web application security risks

Use Case: Study material for vulnerability management Level 2 assessments

CIA Triad & PoC Analysis

Deep dive into:

• Confidentiality: Protecting data from unauthorized access
• Integrity: Ensuring data accuracy and preventing tampering
• Availability: Maintaining system uptime and accessibility
• Likelihood Assessment: Risk calculation methodologies
• Proof of Concept: Analyzing exploit code and attack feasibility

Use Case: Understanding security fundamentals and risk assessment

🔧 Repository Structure

.
├── cve-aggregator/
│   ├── main.py              # Core CVE fetching logic
│   ├── config.json          # Configuration parameters
│   ├── requirements.txt     # Python dependencies
│   └── output/              # Generated reports
│
├── cvss-calculator/
│   └── index.html           # Standalone CVSS calculator
│
├── cve-readme.md            # Comprehensive study guide
├── poc-standard-triad.md    # CIA Triad deep dive
└── README.md                # This file

💡 Use Cases

Security Operations

• Daily Monitoring: Aggregate critical CVEs affecting your stack
• Patch Prioritization: Use CVSS scores to prioritize remediation
• Threat Intelligence: Track exploit availability and severity trends

Security Research

• Vulnerability Analysis: Study recent CVEs and attack patterns
• Risk Assessment: Calculate environmental CVSS scores for your context
• Pattern Recognition: Identify recurring CWE weaknesses in products

Education & Training

• Exam Preparation: Study guides for vulnerability management certifications
• Hands-on Practice: Interactive calculator for CVSS scoring exercises
• Case Studies: Real-world examples of security incidents and responses

🎯 Key Features

CVE Aggregator

• ✅ Automated NVD API integration
• ✅ Configurable severity filtering
• ✅ Markdown report generation
• ✅ Date range customization
• ✅ Error handling and rate limiting

CVSS Calculator

• ✅ Full CVSS v3.1 implementation
• ✅ Real-time score calculation
• ✅ Vector string parsing
• ✅ Export and copy functionality
• ✅ Mobile-responsive design

Documentation

• ✅ 250+ pages of technical content
• ✅ Real-world case studies
• ✅ Practice questions
• ✅ Quick reference cards
• ✅ Step-by-step walkthroughs

🛠️ Technical Details

CVE Aggregator

Language: Python 3.8+
Dependencies: requests
API: NVD REST API v2.0
Output Format: Markdown

Key Functions:

• fetch_cves(): Retrieves vulnerabilities from NVD
• parse_cves(): Filters and structures CVE data
• generate_markdown(): Creates formatted reports
• save_report(): Writes output with timestamps

CVSS Calculator

Stack: React 18 + Tailwind CSS
Mode: Client-side only (no backend)
Algorithm: CVSS v3.1 specification
Format: Single HTML file (portable)

Calculation Engine:

• Base score computation
• Impact subscore calculation
• Exploitability subscore calculation
• Severity rating classification

📊 Sample Output

CVE Report Example

# CVE Intelligence Report
**Generated:** 2025-11-18 08:52:40
**Period:** Last 7 days
**Minimum CVSS:** 7.0
**Total CVEs Found:** 307

## Summary
- 🔴 Critical (≥9.0): 41
- 🟠 High (7.0-8.9): 266

## Detailed CVE List

### 1. CVE-2025-42890 - 🔴 CRITICAL
**CVSS Score:** 10.0
**Vector:** CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
**CWE:** CWE-798
**Description:** Hardcoded credentials in SQL Anywhere...

CVSS Calculator Output

Base Score: 9.8 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL
Priority: Emergency (24-48 hours)

🔗 Resources

• NVD Database
• CVSS v3.1 Specification
• MITRE CWE
• OWASP Top 10

📝 License

This project is licensed under the MIT License - see MIT License for details.

🤝 Contributing

Contributions welcome! Feel free to:

• Report bugs or issues
• Suggest new features
• Submit pull requests
• Improve documentation

📧 Contact

For questions or feedback, open an issue on GitHub.

---

Last Updated: November 2025
Maintained by: Security Bay