cve-triage

GitHub

根据侦察获取的服务版本信息,调用cve_lookup工具查询并筛选已知CVE。通过CVSS评分、可利用性及目标暴露面进行优先级排序,验证版本适用性后记录发现,辅助漏洞验证决策。

vulnclaw/skills/specialized/cve-triage/SKILL.md Unclecheng-li/VulnClaw

Trigger Scenarios

从服务Banner或Header中识别出产品名称和版本号 需要评估已发现软件版本的潜在安全风险

Install

npx skills add Unclecheng-li/VulnClaw --skill cve-triage -g -y
More Options

Non-standard path

npx skills add https://github.com/Unclecheng-li/VulnClaw/tree/main/vulnclaw/skills/specialized/cve-triage -g -y

Use without installing

npx skills use Unclecheng-li/VulnClaw@cve-triage

指定 Agent (Claude Code)

npx skills add Unclecheng-li/VulnClaw --skill cve-triage -a claude-code -g -y

安装 repo 全部 skill

npx skills add Unclecheng-li/VulnClaw --all -g -y

预览 repo 内 skill

npx skills add Unclecheng-li/VulnClaw --list

SKILL.md

Frontmatter
{
    "name": "cve-triage",
    "routing": {
        "phases": [
            "vuln_discovery"
        ],
        "task_types": [
            "triage"
        ]
    },
    "description": "CVE lookup and triage — map discovered services\/versions to known CVEs via the cve_lookup tool, score by CVSS\/exploitability, and prioritize what to verify first."
}

CVE Triage

Turn version/banner evidence from recon into a prioritized, exploitability-aware list of CVEs worth verifying. Use this after fingerprinting a service, when a banner or Server: header reveals a product and version, or whenever the target exposes software with a known version.

The cve_lookup tool

VulnClaw ships a read-only cve_lookup tool backed by NVD:

  • Keyword searchcve_lookup(query="Apache httpd 2.4.49", limit=5) returns the top CVEs sorted by CVSS, highest first.
  • CVE-ID detailcve_lookup(query="CVE-2021-44228") returns the full record plus best-effort exploit / PoC repositories discovered on GitHub.

It performs no egress to the target and is safe during recon. Without an NVD_API_KEY it still works (lower rate limit); set one for heavier use.

Workflow

  1. Extract product + version from recon — service banners, Server headers, JS bundles, login footers, package manifests. A precise version string (OpenSSH 8.2p1, nginx 1.18.0) yields far better matches than a bare name.
  2. Query cve_lookup with "<product> <version>". Pull the detail record for any high/critical hit by re-querying its CVE-ID.
  3. Score & prioritize — see references/cve-triage-workflow.md. Rank by CVSS, then by exploit availability, then by exposure (is the vulnerable surface actually reachable on this target?).
  4. Confirm version applicability — match the target's version against the CVE's affected cpe range before claiming it. Banner ≠ proof of vulnerability.
  5. Record findings with the CVE-ID, CVSS, and the evidence that maps this target to it. Mark unconfirmed version-only matches as needs-manual-review, not verified.

Pitfalls

  • A keyword match is a hypothesis, not a finding — version ranges and backported patches mean a banner version can be patched in place.
  • GitHub "PoC" repos are unverified third-party code; treat as leads, never run blindly against a target.
  • Prefer the CVSS base score for triage, but let exploit availability and real exposure override raw score when prioritizing verification effort.

Version History

  • fcad047 Current 2026-07-11 17:52

Same Skill Collection

vulnclaw/skills/specialized/ai-mcp-security/SKILL.md
vulnclaw/skills/specialized/client-reverse/SKILL.md
vulnclaw/skills/specialized/crypto-toolkit/SKILL.md
vulnclaw/skills/specialized/ctf-crypto/SKILL.md
vulnclaw/skills/specialized/ctf-misc/SKILL.md
vulnclaw/skills/specialized/ctf-web/SKILL.md
vulnclaw/skills/specialized/hackerone/SKILL.md
vulnclaw/skills/specialized/intranet-pentest-advanced/SKILL.md
vulnclaw/skills/specialized/osint-recon/SKILL.md
vulnclaw/skills/specialized/pentest-tools/SKILL.md
vulnclaw/skills/specialized/rapid-checklist/SKILL.md
vulnclaw/skills/specialized/web-pentest/SKILL.md
vulnclaw/skills/specialized/web-security-advanced/SKILL.md
vulnclaw/skills/specialized/android-pentest/SKILL.md
vulnclaw/skills/specialized/secknowledge-skill/SKILL.md

Metadata

Files
0
Version
fcad047
Hash
9cf49c8e
Indexed
2026-07-11 17:52

Accueil - Wiki
Copyright © 2011-2026 iteam. Current version is 2.155.2. UTC+08:00, 2026-07-14 15:09
浙ICP备14020137号-1 $Carte des visiteurs$