ThreatTracer - CVE Checker, Public Exploit Enumerater and ZeroDay finder against any product and much more
Find CVEs, public exploits, and 0-Day vulnerabilities for any software component.
- π Multi-mode Search: Lookup by:
- Component & Version (-c apache -v 2.4)
- Direct CPE (--cpe cpe:2.3:a:apache:http_server:2.4)
- Specific CVE (--cve CVE-2021-44228)
 
- Component & Version (
- π NVD API Integration with API key support for faster queries
- π¦ Trickest PoC Database integration for GitHub exploit lookup
- π¬ Marc Full Disclosure exploit search integration
- π‘οΈ Exploit-DB lookup is removed with static code for faster results.
- β‘ Rate limiting with automatic retry system
- π API Key Management with persistent storage
- π Detailed Output with color-coded results
git clone https://github.com/anmolksachan/ThreatTracer.gitcd ThreatTracerpip3 install -r requirements.txtpython3 threattracer.py -h$ sudo python3 threattracer.py --apiStore <API KEY> -c 'Peel Shopping' -v '9.3.0'
API key stored in /root/.cve_finder.cfgRequest API Key here: https://nvd.nist.gov/developers/request-an-api-key
python3 threattracer.py --helppython3 threattracer.py -c "Apache" -v "2.4.56"python3 threattracer.py -c 'Peel Shopping' -v '9.3.0' --poc --morepython3 threattracer.py --cpe "cpe:2.3:a:peel:peel_shopping:9.4.0"python3 threattracer.py --cve CVE-2021-27190Component search with PoC lookup
python3 threattracer.py -c 'PEEL SHOPPING' -v "9.4.0" --pocDirect CVE analysis
python3 threattracer.py --cve CVE-2021-27190Store API key for repeated use
python3 threattracer.py --apiStore YOUR_API_KEY_HERE
- 
Configure NIST API Key to avoid getting rate limited [Recommended]  
- 
Lookup for component and version with --more to get detailed description of each CVE and --poc to lookup for POCs/ Exploits.  
- 
Not interested in configuring API, directly use from the threattracer  
- 
Force threattracer to not use NIST API even if its configured in environment  
- 
Updated exploitDB module with detailed output and faster execution  
- 
CVE Detection via NVD API 
- 
Exploit Verification through: - Static mode via ExploitDB
- GitHub PoC database
- Marc Full Disclosure
 
- 
Zero-Day Hunting capabilities 
- 
Rate Limit Handling with automatic retries 
- 
Persistent API Key storage 
pip3 install -r requirements.txtMayur Patil @meppohak5 
Deepak Dhasmana @0xCaretaker 
Contribute to be mentioned here.
Version 1: Enhancing Penetration Testing with CVE Checker Script β ThreatTracer
Version 3: ThreatTracer 3.0: Redefining Vulnerability Intelligence for Modern Defenders
Feel free to enhance, modify, or contribute to this script to suit your needs and explore more security-related projects!
β Star this repository
π£ Follow  @FR13ND0x7F
π€ Contribute through pull requests
This tool is for educational and ethical security testing purposes only. Use only on systems you own or have explicit permission to test.
MIT License - Copyright (c) 2024 Anmol Sachan




