Dashy476/recon-cve-cli

# RECON-CVE-CLI ## A Python CLI that Secure Shells into Linux and Windows hosts, fingerprints running services, installed packages, and open ports, queries VulnCheck NVD2 for relevant CVEs, enriches results with Exploit-DB proof-of-concept code, and generates difficulty-scaled Red Team attack chains and Blue Team detection and remediation playbooks via a local Ollama LLM. This project was inspired by and built upon the original work of Luke Farchione: https://github.com/LukeFarch/cve-cli ## Tools ### HARBNGR The entry point of the platform. Secure Shells into one or more target Linux or Windows hosts, auto-detects the OS and distro, and collects running services, installed packages, open ports, and running processes. Supports single IP, CIDR range, IP range, and file-based target input. Scans multiple hosts in parallel using threading and feeds collected system data into CVINFERNO or CVBASTION for analysis. ### CVINFERNO Red Team analysis tool. Takes system data from HARBNGR or a natural-language query, searches VulnCheck NVD2 for relevant CVEs, enriches them with Exploit-DB proof-of-concept code, and generates a difficulty-scaled attack path showing how an attacker could compromise the system and pivot through the network. ### CVBASTION ## Blue Team analysis tool. Takes the same input as CVINFERNO but generates detection strategies, containment actions, and remediation steps tailored to the difficulty level and available tooling. ## Requirements - Python 3.10+ - [Ollama](https://ollama.com) installed and running locally - NVD API key (free — register at [nvd.nist.gov](https://nvd.nist.gov/developers/request-an-api-key)) - VulnCheck API token (free community tier — register at [vulncheck.com](https://vulncheck.com)) - The following Python packages: - `ollama` - `requests` - `rich` - `paramiko` - `pyexploitdb` - `ipaddress` (built-in) ## Installation **1. Clone the repository** git clone https://github.com/Dashy476/recon-cve-cli.git cd recon-cve-cli **2. Create and activate a virtual environment** python -m venv venv venv\Scripts\activate # Windows source venv/bin/activate # Linux/Mac **3. Install dependencies** pip install ollama requests rich paramiko pyexploitdb **4. Pull the Ollama models** ollama pull qwen2.5:3b # Entity extraction ollama pull qwen2.5:14b # Analysis **5. Set your environment variables** # Windows PowerShell $env:NVD_API_KEY="your-nvd-key-here" $env:VULNCHECK_API_TOKEN="your-vulncheck-token-here" # Permanent (Windows) [System.Environment]::SetEnvironmentVariable("NVD_API_KEY","your-nvd-key-here","User") [System.Environment]::SetEnvironmentVariable("VULNCHECK_API_TOKEN","your-vulncheck-token-here","User") # Linux/Mac export NVD_API_KEY="your-nvd-key-here" export VULNCHECK_API_TOKEN="your-vulncheck-token-here" **6. Optional — improve Ollama GPU performance** # Windows PowerShell (set permanently) [System.Environment]::SetEnvironmentVariable("OLLAMA_GPU_LAYERS","999","User") [System.Environment]::SetEnvironmentVariable("OLLAMA_KEEP_ALIVE","30m","User") ## How to Run ### HARBNGR — SSH Recon + Analysis python HARBNGR.py You will be prompted for: - Target mode (Single IP, CIDR range, IP range, or file) - SSH port (default 22) - Username - Authentication method (password or SSH key) - Key mode if using SSH key (same key for all hosts or per-host keys) - Analysis mode (Red Team or Blue Team) After scanning, HARBNGR displays system information panels for all hosts then lets you select which host(s) to analyze. The "Analyze all hosts" option only appears when more than one host is scanned. ### CVINFERNO — Red Team Analysis (standalone) python CVINFERNO.py Enter a natural-language security query at the prompt. Example: >> Any critical Apache vulnerabilities on my internal web server since 2022? ### CVBASTION — Blue Team Analysis (standalone) python CVBASTION.py Enter a natural-language security query at the prompt. Example: >> What are the detection strategies for log4j vulnerabilities on a public-facing server? ## Example Usage **HARBNGR scanning a CIDR range:** Target Mode : 2 (CIDR Range) CIDR Range : 20.150.210.0/24 Port : 22 Username : azureuser Auth Method : 2 (SSH Key) Key Mode : 1 (Same key for all hosts) Key Path : C:\ssh\key.pem ✓ 20.150.210.61 — linux ubuntu 24.04 ✓ 20.150.211.136 — windows windows 10.0.20348 ✗ 20.150.210.62 — Failed to connect Select host to analyze: 1 - 20.150.210.61 (linux ubuntu 24.04) 2 - 20.150.211.136 (windows windows 10.0.20348) 3 - Analyze all hosts ## Features - **Multi-target scanning** — scan single IPs, CIDR ranges, IP ranges, or a file of IPs - **Parallel scanning** — threaded scanning with thread-safe logging - **Per-host SSH keys** — assign different SSH keys to different hosts - **OS auto-detection** — automatically detects Linux distro or Windows version - **VulnCheck NVD2** — reliable CVE data via VulnCheck as a replacement for the unreliable NIST NVD API - **Exploit-DB integration** — enriches CVE analysis with real proof-of-concept code - **CVSS-based prioritization** — CVEs sorted by CVSS score so highest severity drives the attack path - **Generic service filtering** — blacklist filters out irrelevant OS services for cleaner CVE results - **Difficulty scaling** — analysis adjusts complexity for Novice/Easy/Medium/Hard/Master - **Red Team + Blue Team** — separate tools for attack path generation and defense strategy - **Local LLM** — all analysis via Ollama running locally, no data sent to external AI APIs ## Logs Each tool writes to its own log file in the `logs/` directory: - `logs/cve_red.log` — CVINFERNO - `logs/cve_blue.log` — CVBASTION - `logs/ssh_collector.log` — HARBNGR ## Notes - HARBRINGER.py is meant to be used with context that you already know each hosts login information (This tool is not a credential stuffer) - Ollama must be running before using any tool (`ollama serve`) - All analysis happens locally — no data is sent to external AI APIs - Connecting to Windows targets over SSH requires OpenSSH Server to be installed and running - NIST NVD API has ongoing reliability issues as of 2026 — VulnCheck NVD2 is used as a stable alternative - This tool is intended for use on systems you own or have explicit permission to test