NeCr00
CVE-Mapper
Python✨ New

CVE Finder and Mapper

Last updated Jun 28, 2026
11
Stars
0
Forks
0
Issues
0
Stars/day
Attention Score
30
Language breakdown
Python 100.0%
β–Έ Files click to expand
README

CVE Mapper

CVE-Mapper

Turn an Nmap scan into the CVEs that actually affect the versions you found β€”
not every CVE that merely mentions the product.

MIT Python 3.9+ tests Vulners conservative

image

Install Β· Quick start Β· How it works Β· Confidence Β·

Most "Nmap β†’ CVE" tools search by product name and dump everything. **CVE-Mapper is version-aware**: for each discovered service it asks Vulners which CVEs match the exact product and version, then **independently re-validates every affected range** with its own comparator before reporting it. Every result carries a confidence level and a plain-English reason β€” including why something was rejected.

Why

  • Version-accurate. Understands semantic, partial, OpenSSH 7.2p2, Debian/Ubuntu,
RHEL, epoch, pre-release and Tomcat-milestone versions.
  • Conservative by design. Apache httpd β‰  Apache Tomcat; backported distro
packages and coarse versions are downgraded, never blindly confirmed.
  • Evidence-backed. Each finding states the affected range and the reason for its
verdict.
  • Vulners-only intel, via the official SDK (clears Cloudflare) with a raw-HTTP
fallback β€” plus caching, retries and rate-limit handling.
  • Outputs to terminal, JSON, CSV and self-contained HTML.

Install

pip install -e .            # installs the cve-mapper command + the vulners SDK
#OR
pipx install git+https://github.com/NeCr00/CVE-Mapper.git
Python 3.9+. The official vulners SDK is installed automatically and is
required for live queries β€” Vulners' API is behind Cloudflare, which blocks plain
HTTP clients. requests powers the raw-HTTP fallback (and degrades to the stdlib if
absent).

Quick start

# 1 β€” scan with service/version detection
nmap -sV -sC -oX scan.xml <target>

2 β€” map the discovered versions to CVEs

cve-mapper --input scan.xml --min-cvss 7.0 --only-exploitable

Usage

cve-mapper --input scan.xml [options]

| Flag | Purpose | | --- | --- | | --input / --input-dir | A single Nmap report, or a directory to scan recursively | | --json-output / --csv-output / --html-output | Write machine-readable / spreadsheet / shareable reports | | --min-cvss 7.0 | Keep CVEs at or above a CVSS score | | --only-exploitable | Keep only CVEs with a public exploit per Vulners | | --severity Β· --year-from Β· --year-to | Filter by severity or CVE year | | --confidence Confirmed,Likely | Keep only chosen confidence levels | | --strict | Require CPE-grade evidence to mark a finding Confirmed | | --confidence-threshold high | Cap low-trust Nmap detections at Needs manual verification | | --vulners-api-key Β· --no-cache Β· --debug | Auth, cache and diagnostics |

Run cve-mapper --help for the full list.

How it works

Nmap XML ─▢ normalize service ─▢ query Vulners (CPE + version) ─▢ re-validate range ─▢ grade

For every (service, CVE) pair CVE-Mapper checks product identity (rejecting look-alikes and unrelated vendors), version (is the detected version provably in the affected range?) and platform (OS compatibility) before assigning a verdict.

Confidence levels

| Level | Meaning | | --- | --- | | Confirmed | Strong identity, specific version provably in range, compatible platform | | Likely | In range, but a caveat applies (e.g. a backported distro package) | | Possible | In range, but identity is weaker or the sub-version is ambiguous | | Needs manual verification | Identity matches but the range can't be compared reliably | | Rejected | Product mismatch, version out of range, or platform conflict |

Output formats

--json-output (full structured schema), --csv-output (one row per finding, spreadsheet-safe), --html-output (self-contained, escaped) and a coloured terminal report by default.

Testing

pip install pytest && pytest        # 127 offline tests β€” Vulners is fully mocked
VULNERSAPIKEY=… pytest            # also runs an opt-in live smoke test

Troubleshooting

HTTP 403 / β€œVulners rejected the request” β€” this is almost always Cloudflare bot protection, not a bad API key. It means the vulners SDK isn't available, so the tool fell back to the raw-HTTP backend. Fix it with:

pip install vulners

The SDK clears Vulners' Cloudflare challenge; the raw-HTTP backend cannot.

πŸ”— More in this category

Β© 2026 GitRepoTrend Β· NeCr00/CVE-Mapper Β· Updated daily from GitHub