whatisgithub

What is nessus-cve-poc-finder?

e-fin/nessus-cve-poc-finder — explained in plain English

Analysis updated 2026-05-18

0PythonAudience · ops devopsComplexity · 2/5Setup · easy

In one sentence

A Python script that extracts CVE numbers from a Nessus scan file and checks which ones already have a matching public exploit via searchsploit.

Mindmap

mindmap
  root((repo))
    What it does
      Parses Nessus scan files
      Extracts CVE numbers
      Cross-checks searchsploit
    Tech stack
      Python
      Nessus XML format
      searchsploit and ExploitDB
    Use cases
      Prioritize scan findings
      Export CVEs to CSV
      Find matching exploit code
    Audience
      Penetration testers
      Security analysts
      Vulnerability managers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Pull the unique, sorted list of CVE numbers out of a Nessus scan file.

USE CASE 2

Export full scan findings with host and plugin context to a CSV file.

USE CASE 3

Cross-reference scan CVEs against searchsploit to see which already have a public exploit.

USE CASE 4

Prioritize which vulnerabilities from a scan to investigate first based on exploit availability.

What is it built with?

PythonsearchsploitNessus

How does it compare?

e-fin/nessus-cve-poc-finder0xhassaan/nn-from-scratch3ks/embedoc
Stars00
LanguagePythonPythonPython
Last pushed2023-06-08
MaintenanceDormant
Setup difficultyeasymoderatehard
Complexity2/54/51/5
Audienceops devopsdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

Requires searchsploit and a local Exploit Database copy installed for the --exploits option to find matches.

No license information is provided in the README.

So what is it?

This is a small Python script for security professionals who already run vulnerability scans with Nessus, a common vulnerability scanning tool. Nessus produces a .nessus file listing every vulnerability it found, each tagged with CVE numbers, which are the standard reference IDs used to identify known security flaws. This script reads that file and pulls out all the CVE numbers it contains. Once it has the CVE list, the script can do a few things depending on which options are used. It can print just the unique, sorted list of CVE IDs found across a scan. It can write the full results, including which host and which Nessus plugin each CVE came from, out to a CSV file for further review or reporting. Its most useful option cross-references every unique CVE against searchsploit, a tool that searches a local copy of the Exploit Database, and prints out any exploit proof-of-concept code that exactly matches one of those CVEs. The README includes a worked example showing the script run against a sample scan file with the exploit cross-reference option turned on. For each CVE that has a matching exploit, it lists the affected host IP addresses, a short description of the exploit, its Exploit Database ID, and the local file path where the exploit code can be found, covering things like a Java deserialization remote code execution flaw in Oracle WebLogic Server and an Apache Tomcat file read vulnerability known as Ghostcat. The example run also reports summary numbers, such as how many of the total unique CVEs found had an exact-match exploit available. The tool is intended to help a penetration tester or security analyst quickly prioritize which findings from a Nessus scan already have a working, publicly known exploit, rather than having to look up every CVE by hand. It depends on searchsploit and its underlying Exploit Database archive being installed and up to date on the machine running the script.

Copy-paste prompts

Prompt 1
Explain what the --unique, --csv, and --exploits options in this repo's script each do, based on the usage text in the README.
Prompt 2
Using the example output in this repo's README, explain what CVEs with exact-match exploits: 6 / 149 means.
Prompt 3
Walk me through what this script would output if I ran it against a Nessus file with 40 unique CVEs and 5 had exploits.
Prompt 4
Describe what searchsploit is and why this repo depends on it, based on the README.

Frequently asked questions

What is nessus-cve-poc-finder?

A Python script that extracts CVE numbers from a Nessus scan file and checks which ones already have a matching public exploit via searchsploit.

What language is nessus-cve-poc-finder written in?

Mainly Python. The stack also includes Python, searchsploit, Nessus.

What license does nessus-cve-poc-finder use?

No license information is provided in the README.

How hard is nessus-cve-poc-finder to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is nessus-cve-poc-finder for?

Mainly ops devops.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.