Idea : Add a "monitoring mode" #34
Description
This is an enhancement idea.
Sometimes for demo purposes, I set up an infrastructure to demonstrate some recent vulnerability exploitation. When I need to do that I check for the latests CVE if there is a public exploit in order to set up the right software. This is very time consuming.
SploitScan kind of cover the second part: when I find an interesting CVE I check for known exploits. It works but this is a one time check, and for recent CVEs an exploit may be published the day after and I don't find out.
What could be done is add a "monitoring mode" where we feed a list of CVEs and Sploitscan regularly checks for exploits on them (maybe once a day). A callback could be configured when new results pop up (for instance a MS Teams Webhook).
One example implementation might be:
To add a CVE to monitoring mode, specifying a timeout when CVE will cease to be monitored (default may be 60 days):
sploitscan monitor add CVE-XXXX-XXXX --timeout 30
To list currently monitored CVE:
sploitscan monitor list
- CVE-XXXX-XXXX : x Exploits, added to monitoring list on XX/XX/XXXX, end of monitoring: XX/XX/XXXX
- CVE-YYYY-YYYY : y Exploits, added to monitoring list on YY/YY/YYYY, end of monitoring: YY/YY/YYYY
To remove a CVE from monitoring:
sploitscan monitor remove CVE-XXXX-XXXX
To launch a refresh (from cron for instance):
sploitscan monitor update
The callback could be configured in a configuration file. It could be a script call with a json object as a parameter (like the current json output but with something that indicated that an exploit is "new")
I know that this is kind of a lot of work as it would require some kind of database to cache the already known exploits for a given CVE and a lot of stuff to be added. Anyway I figured I could drop the idea here for what it worth :)