Ashwani Paliwal |
EPSS Browser |
A calculator for fetching EPSS score for a single CVE or bulk CVE with detailed information like available patches, known exploits, vulnerability summary etc. User's can create their prioritzsation score using a combination of CVSS, EPSS and CISA KEV. |
https://secopsolution.com/epss-calculator |
Russ McRee |
EPSScall |
EPSScall is a Shiny app built to provide a convenient way to interact with the Exploit Prediction Scoring System (EPSS) API. Please refer to the HolisticInfoSec.io article for insights and usage. A demo is available via shinyapps.io. |
https://github.com/holisticinfosec/EPSScall |
Roel van der Jagt |
TVE |
Tesorion Vulnerability explorer is an easy-to-use application to support Incident Response teams finding vulnerabilities for a given application, and enriching it with information to score the probability of exploitation with the power of EPSS. |
https://github.com/tesorion/TCERT-Tesorion_Vulnerability_Explorer |
Chris Madden |
PrioritizedRiskRemediation |
Presentation on Risk Based Prioritization using Decision Trees (ala SSVC) and EPSS and other data sources. |
https://github.com/theparanoids/PrioritizedRiskRemediation |
Matt Colman |
|
Kubernetes deployment to create an SQLite database containing the EPSS data with a Python Flask API in front of it to enable vulnerability querying. The code provides APIs to lookup single or multiple CVE items and retrieve details, “get version” of the database for visibility as to whether it needs an update, and “update_epss_data” to ingest a newer version of the dataset. |
Jerry Gamblin |
CVElk, KEV_EPSS |
CVElk allows you to build a local Elastic Stack quickly using docker-compose and import data directly from NVD and EPSS. KEV_EPSS is a Jupyter notebook that downloads the CISA Known Exploited Vulnerabilities and enriches it with the current EPSS and the CVSS V3 Base Score. |
https://github.com/jgamblin/CVElk, https://github.com/jgamblin/KEV_EPSS |
Paolo Di Prodi |
|
A pandas friendly library for the EPSS. |
https://pypi.org/project/epss/ |
Evan Grace |
|
Integrates EPSS into Navi for better vulnerability management. Navi is a Command-line tool that leverages the Tenable.io API to collect vulnerability information. |
https://github.com/packetchaos/navi/wiki |
Buddy Bergman |
|
Displays Sankey chart showcasing CVSS scores and how they align to EPSS thresholds. Given the data, these python scripts generate the data to copy/paste into sankeymatic.com. |
https://github.com/buddybergman/CVSS-EPSS-to-Sankey |
Hoplite-Consulting |
|
The Python EPSS CLI is a python script that uses First.org's EPSS API to parse through CVE's within a CSV and return the EPSS scores and percentiles appended to the last columns of the file. This was tested utilizing CSV output from Tenable.io and Nessus Professional. |
https://github.com/Hoplite-Consulting/EPSS-CLI |
OWASP |
Dependency-Track |
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve. |
https://github.com/OWASP/www-project-dependency-track/blob/master/index.md |