cve-search

CVE Search 🔍💰

Search the National Vulnerability Database for known vulnerabilities. Every CVE you find in your target's stack is potential bounty money.

Why CVE Hunting Matters

You: "They're running jQuery 3.4.1"
NVD: "CVE-2020-11023 - XSS in jQuery < 3.5.0"
You: "That's a free $500-$2,000 finding"

Quick Start

# Search by keyword (e.g., software name)
cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --keyword "jquery"

# Search by specific CVE ID
cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --cve "CVE-2021-44228"

# Search by CWE (find all XSS CVEs)
cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --cwe "CWE-79"

# Search by severity
cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --keyword "apache" --severity "CRITICAL"

# Recent CVEs (last 30 days)
cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --keyword "wordpress" --days 30

# JSON output
cd ${CLAUDE_PLUGIN_ROOT}/skills/cve-search && npx cve-search --keyword "react" --json

API Parameters

Parameter	Description	Example
--keyword	Search term (software, vendor)	--keyword "react"
--cve	Specific CVE ID	--cve "CVE-2023-12345"
--cwe	CWE ID filter	--cwe "CWE-89"
--severity	CVSS v3 severity	--severity "HIGH"
--days	Published in last N days	--days 90
--limit	Max results (default 10)	--limit 20

Severity Levels

Severity	CVSS Score	Bounty Potential
CRITICAL	9.0 - 10.0	$5,000 - $50,000+
HIGH	7.0 - 8.9	$2,000 - $10,000
MEDIUM	4.0 - 6.9	$500 - $3,000
LOW	0.1 - 3.9	$100 - $500

Response Format

### CVE-2021-44228 (Log4Shell) 💰💰💰

**Severity**: CRITICAL (10.0)
**Bounty Estimate**: $10,000 - $50,000+

**Summary**:
Apache Log4j2 allows RCE via JNDI lookup in log messages...

**Affected Versions**:
- Apache Log4j 2.0-beta9 to 2.14.1

**CWE**: CWE-502 (Deserialization of Untrusted Data)

**Attack Vector**:
- Network exploitable
- No authentication required
- User interaction: None

**References**:
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
- https://logging.apache.org/log4j/2.x/security.html

**Exploit Available**: Yes (public exploits exist)

Hunting Workflow

1. Identify Stack: What software/versions is the target using?
2. Search NVD: Look for CVEs affecting those versions
3. Assess Impact: Can you actually exploit it on the target?
4. Document: Include CVE reference in your report

Rate Limiting

• Public API: 5 requests per 30 seconds
• With API Key: 50 requests per 30 seconds

The script automatically handles rate limiting with delays.

Pro Tips

Stack Fingerprinting

# Check JavaScript libraries
curl -s target.com | grep -oE '(jquery|react|angular|vue)[^"]*\.js'

# Check response headers
curl -I target.com | grep -i 'x-powered-by\|server'

# Then search for CVEs
npx cve-search --keyword "nginx 1.18"

High-Value Targets

# Log4j (still paying out)
npx cve-search --cve "CVE-2021-44228"

# Spring4Shell
npx cve-search --cve "CVE-2022-22965"

# Recent critical CVEs
npx cve-search --severity "CRITICAL" --days 90

CWE-based Hunting

# Find all SQL injection CVEs
npx cve-search --cwe "CWE-89" --keyword "wordpress"

# Find all XSS CVEs for jQuery
npx cve-search --cwe "CWE-79" --keyword "jquery"

Output Fields

Field	Description
id	CVE identifier
description	Vulnerability summary
severity	CRITICAL/HIGH/MEDIUM/LOW
score	CVSS v3 base score
cwes	Related CWE identifiers
affected	Affected software/versions
references	Links to advisories/patches
published	Publication date
exploitAvailable	Whether public exploit exists

External Resources

• NVD Search
• NVD API Documentation
• Exploit Database
• CVE Details