Show HN: Feedback Wanted: Viper – My AI-Powered Open-Source CTI Tool
I'm excited to share VIPER (Vulnerability Intelligence, Prioritization, and Exploitation Reporter), an open-source project I've been developing to help tackle the challenge of vulnerability overload in cybersecurity.
What VIPER currently does: Gathers Intel: It pulls data from NVD (CVEs), EPSS (exploit probability), the CISA KEV catalog (confirmed exploited vulns), and Microsoft MSRC (Patch Tuesday updates). AI-Powered Analysis: Uses Google Gemini AI to analyze each CVE with this enriched context (EPSS, KEV, MSRC data) and assign a priority (High, Medium, Low). Risk Scoring: Calculates a weighted risk score based on CVSS, EPSS, KEV status, and the Gemini AI assessment. Alert Generation: Flags critical vulnerabilities based on configurable rules. Interactive Dashboard: Presents all this information via a Streamlit dashboard, which now also includes a real-time CVE lookup feature! The project is built with Python and aims to make CTI more accessible and actionable.
You can check out the project, code, and a more detailed README on GitHub: https://github.com/ozanunal0/viper
I'm at a point where I'd love to get your feedback and ideas to shape VIPER's future! We have a roadmap that includes adding more data sources (like MalwareBazaar), integrating semantic web search (e.g., with EXA AI) for deeper threat context, enhancing IOC extraction, and even exploring social media trend analysis for emerging threats. (You can see the full roadmap in the GitHub README).
No comments yet