DefroX556/ThreatLens
GitHub: DefroX556/ThreatLens
Stars: 0 | Forks: 0
# ThreatLens 🔍
**Real-time CVE Intelligence + Domain Reconnaissance + AI-Powered Security Analysis**
A production-grade cybersecurity threat intelligence platform built with Python/Flask that combines NVD vulnerability monitoring, domain reconnaissance scanning, and AI-driven security analysis.
## 🚀 Features
### 📊 CVE Intelligence Dashboard
- Real-time NVD/NIST vulnerability feed (last 14 days)
- CISA KEV (Known Exploited Vulnerabilities) cross-referencing
- Severity distribution, timeline, vendor, and attack vector charts
- Keyword search with debounced filtering
- CVE detail modal with CVSS vector breakdown
### 🔍 Domain Scanner
- **Subdomain Enumeration** — subfinder + crt.sh passive recon
- **Port Scanning** — nmap top 50 ports with service detection
- **DNS Records** — A, AAAA, MX, NS, TXT, CNAME, SOA
- **Security Headers** — 9 header checks with A-F grading
- **SSL/TLS Analysis** — Certificate validation, cipher, SANs, expiry
- **Technology Detection** — WhatWeb deep fingerprinting with version extraction
### ⚡ Auto CVE Matching
- WhatWeb detects technologies + versions on target domain
- Each technology is auto-queried against NVD for known vulnerabilities
- Results cross-referenced with CISA KEV for actively exploited CVEs
- Live dashboard with severity stats, CVE cards, per-technology breakdown
### 🤖 AI Security Analysis (GLM 5.1)
- Powered by Ollama local LLM (GLM 5.1)
- Server-Sent Events (SSE) streaming for real-time response
- Context-aware analysis of scan + CVE match results
- Executive summary, critical findings, remediation priorities
## 📸 Screenshots
## 🛠️ Tech Stack
| Component | Technology |
|-----------|-----------|
| Backend | Python 3.10+, Flask |
| Frontend | Vanilla JS, Chart.js, CSS (Glassmorphism) |
| Data | NVD API 2.0, CISA KEV |
| Scanner | subfinder, nmap, dig, WhatWeb |
| AI | Ollama (GLM 5.1 via local API) |
| Caching | In-memory TTL cache (cachetools) |
## ⚙️ Installation
### Prerequisites
# Install scanning tools
sudo apt install nmap whatweb dnsutils
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
# Install Ollama + GLM 5.1
curl -fsSL https://ollama.ai/install.sh | sh
ollama pull glm-5.1:cloud
### Setup
git clone https://github.com/DefroX556/ThreatLens.git
cd ThreatLens
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
python app.py
Open `http://localhost:5000` in your browser.
## 📁 Project Structure
threatlens/
├── app.py # Flask app — 13 API routes
├── config.py # Configuration
├── requirements.txt # Python dependencies
├── services/
│ ├── nvd_service.py # NVD API 2.0 integration
│ ├── kev_service.py # CISA KEV feed
│ ├── scanner_service.py # Domain recon engine
│ ├── cve_matcher.py # WhatWeb + NVD CVE matching
│ ├── ai_service.py # Ollama GLM 5.1 streaming
│ ├── cache_manager.py # TTL cache
│ └── data_processor.py # Chart data aggregation
├── templates/
│ └── index.html # Dashboard + Scanner + AI
└── static/
├── css/ (6 files) # Design system
└── js/ (8 files) # App modules
## 🔌 API Endpoints
| Method | Endpoint | Description |
|--------|----------|-------------|
| GET | `/api/cves` | Fetch CVEs with search/filter |
| GET | `/api/cves/` | CVE detail |
| GET | `/api/stats` | Dashboard statistics |
| GET | `/api/kev` | KEV catalog stats |
| POST | `/api/scan` | Full domain recon scan |
| POST | `/api/scan/match-cves` | WhatWeb → NVD CVE matching |
| POST | `/api/ai/analyze` | AI analysis (SSE stream) |
| GET | `/api/ai/status` | Ollama status check |
| GET | `/api/health` | Health check |
## 👨💻 Author
**Shibam Maity** — Bug Bounty Hunter & Security Researcher
## 📄 License
MIT License