CVEThreatScan: a new, simple threat intelligence tool

This weekend I spent my free time developing a simple threat intelligence tool based on OSINT in Python to run on Windows PCs. You can find the script, named CVEThreatScan.py, in my GitHub repository (https://github.com/rdillon73/CVEThreatScan)

The script will first look into local registry keys for installed programs (either HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE), making a list that will be checked against known vulnerabilities by querying the National Vulnerability Database (NVD) API provided by NIST.

This is a sample run of the program:

CVEThreatScan runs in interactive mode as the user has to specify some simple options.

Once the check on the NVD is completed, the findings are reported in a CSV file for verification and further analysis:

Two possible vulnerabilities were found in the previous scan.

Note that false positives or negatives are possible.

For example, including the version number in the search may miss a reported CVE that spans multiple versions (i.e. from v1.0 to v.3.0 and our program is v2.0), i.e. a false negative. On the other hand, searching without the version number may return CVE for older versions, i.e. a false positive, like in the screenshot above where the CVE found for MS Teams and Zoom were affecting older versions than the ones installed on the tested PC.
In the end, it is recommended to do both tests and check for returned CVEs to see whether they are still valid for our specific installed versions.

Upcoming features should include an option for the user to specify their own NIST API key (to speed up the database search) and versions for Linux and Mac computers.

Let me know if you find this small tool of any use. Cheers!