CVE Half-Day Watcher is a security tool designed to highlight the risk of early exposure of Common Vulnerabilities and Exposures (CVEs) in the public domain. It leverages the National Vulnerability Database (NVD) API to identify recently published CVEs with GitHub references before an official patch is released. By doing so, CVE Half-Day Watcher aims to underscore the window of opportunity for attackers to “harvest” this information and develop exploits. This tool is a proof of concept, ready to be built upon and extended.
More information can be found on our blog
CVE Half-Day Watcher scans the NVD for newly pushed CVEs and checks for any GitHub references such as commits, pull requests (PRs), or issues linked to these CVEs. It then verifies if the commit/PR has been included in a release on GitHub (currently for issue it skips this check). If a release including the fix is not available, it flags the CVE to indicate a possible “half-day” vulnerability scenario, where the vulnerability is known but not yet patched.
Before you begin, ensure you have Python installed on your system. Then, clone the repository and install the dependencies:
git clone https://github.com/Aqua-Nautilus/CVE-Half-Day-Watcher.git
cd CVE-Half-Day-Watcher
pip install -r requirements.txt
To use CVE Half-Day Watcher, you will need a GitHub token (without permissions).
python scan_nvd.py --github_token YOUR_GITHUB_TOKEN [--days DAYS] [--min_stars MIN_STARS]
An example of the results from November 2, 2023.
Nmap (Network Mapper) is a free tool that helps you find devices on a network,…
Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…
While file extensions in Linux are optional and often misleading, the file command helps decode what a…
The touch command is one of the quickest ways to create new empty files or update timestamps…
Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…
Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…