# CVE-to-PoC Mapper (`huntersreeni/cve-poc-mapper`) Actor Maps CVEs to publicly available Proof-of-Concept code. Scrapes GitHub, ExploitDB, and NVD to answer: is there a working exploit, which versions are affected, and is a patch available? - **URL**: https://apify.com/huntersreeni/cve-poc-mapper.md - **Developed by:** [Sreenivasan S](https://apify.com/huntersreeni) (community) - **Categories:** Other, Developer tools, Open source - **Stats:** 2 total users, 1 monthly users, 100.0% runs succeeded, NaN bookmarks - **User rating**: No ratings yet ## Pricing from $1.00 / 1,000 results This Actor is paid per event. You are not charged for the Apify platform usage, but only a fixed price for specific events. Learn more: https://docs.apify.com/platform/actors/running/actors-in-store#pay-per-event ## What's an Apify Actor? Actors are a software tools running on the Apify platform, for all kinds of web data extraction and automation use cases. In Batch mode, an Actor accepts a well-defined JSON input, performs an action which can take anything from a few seconds to a few hours, and optionally produces a well-defined JSON output, datasets with results, or files in key-value store. In Standby mode, an Actor provides a web server which can be used as a website, API, or an MCP server. Actors are written with capital "A". ## How to integrate an Actor? If asked about integration, you help developers integrate Actors into their projects. You adapt to their stack and deliver integrations that are safe, well-documented, and production-ready. The best way to integrate Actors is as follows. In JavaScript/TypeScript projects, use official [JavaScript/TypeScript client](https://docs.apify.com/api/client/js.md): ```bash npm install apify-client ``` In Python projects, use official [Python client library](https://docs.apify.com/api/client/python.md): ```bash pip install apify-client ``` In shell scripts, use [Apify CLI](https://docs.apify.com/cli/docs.md): ````bash # MacOS / Linux curl -fsSL https://apify.com/install-cli.sh | bash # Windows irm https://apify.com/install-cli.ps1 | iex ```bash In AI frameworks, you might use the [Apify MCP server](https://docs.apify.com/platform/integrations/mcp.md). If your project is in a different language, use the [REST API](https://docs.apify.com/api/v2.md). For usage examples, see the [API](#api) section below. For more details, see Apify documentation as [Markdown index](https://docs.apify.com/llms.txt) and [Markdown full-text](https://docs.apify.com/llms-full.txt). # README ### What does CVE-to-PoC Mapper do? CVE-to-PoC Mapper maps **CVE identifiers to publicly available Proof-of-Concept code** in seconds. Give it a CVE ID (like `CVE-2024-6387`) and it automatically searches **GitHub, ExploitDB, and the NVD (National Vulnerability Database)** to answer three critical questions: - **Is there a working exploit?** - Finds PoC repositories on GitHub and published exploits on ExploitDB - **Which versions are affected?** - Extracts affected product and version ranges from NVD CPE data - **Is a patch available?** - Collects vendor advisories and patch links Built on the Apify platform, you get **API access, scheduling, proxy rotation, and monitoring** without managing infrastructure. Run it once, or schedule it to monitor new CVEs as they're published. ### Why use CVE-to-PoC Mapper? **For security researchers and red teams:** Stop manually searching GitHub and ExploitDB for every CVE. One API call gives you the full picture. **For blue teams and SOC analysts:** When a new critical CVE drops, instantly know if public exploit code exists and which of your systems are in the affected version range. **For threat intelligence platforms:** Integrate CVE enrichment into your pipelines via the Apify API. Enrich alerts with PoC availability and CVSS data automatically. ### How to use CVE-to-PoC Mapper 1. **Create a free Apify account** at [console.apify.com](https://console.apify.com) 2. Open **CVE-to-PoC Mapper** in the Apify Store 3. Go to the **Input** tab and enter your CVE IDs 4. Click **Start** and wait a few seconds 5. Download results from the **Output** tab in JSON, CSV, Excel, or HTML You can also call it programmatically via the [Apify API](https://docs.apify.com/api) for integration into your existing tools. ### Input The actor accepts a JSON object with these fields: | Field | Type | Required | Default | Description | |-------|------|----------|---------|-------------| | `cveIds` | string[] | Yes | - | List of CVE IDs to look up (e.g. `["CVE-2024-6387"]`) | | `maxGitHubResults` | integer | No | 10 | Max GitHub repos to return per CVE (1-100) | | `includeGitHub` | boolean | No | true | Search GitHub for PoC repositories | | `includeExploitDb` | boolean | No | true | Search ExploitDB for published exploits | | `githubToken` | string | No | - | GitHub PAT for higher API rate limits | | `nvdApiKey` | string | No | - | NVD API key for higher rate limits | Example input: ```json { "cveIds": ["CVE-2024-6387", "CVE-2024-3094", "CVE-2021-44228"], "maxGitHubResults": 5, "includeGitHub": true, "includeExploitDb": true } ```` ### Output The actor returns an array of CVE result objects. You can download the dataset in various formats such as **JSON, HTML, CSV, or Excel**. ```json { "cveId": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server...", "cvssScore": 8.1, "severity": "HIGH", "cweIds": ["CWE-364", "CWE-362"], "affectedProducts": [ { "vendor": "openbsd", "product": "openssh", "versionStart": null, "versionEnd": "9.8p1", "versionStartIncluding": false, "versionEndExcluding": true } ], "patchUrls": ["https://www.openssh.com/releasenotes.html"], "nvdUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-6387", "publishedDate": "2024-07-01T13:15:06.467", "lastModifiedDate": "2025-09-30T13:52:23.540", "githubPocUrls": [ { "repoUrl": "https://github.com/xaitax/CVE-2024-6387_Check", "repoName": "xaitax/CVE-2024-6387_Check", "description": "CVE-2024-6387 (regreSSHion) vulnerability checker", "stars": 523, "lastUpdated": "2024-07-15T00:00:00Z", "isArchived": false } ], "exploitDbResults": [ { "edbId": "51234", "title": "OpenSSH 9.8p1 - Remote Code Execution (RCE)", "author": "researcher", "type": "remote", "platform": "Linux", "exploitUrl": "https://www.exploit-db.com/exploits/51234" } ], "scrapedAt": "2026-05-07T16:00:00.000Z", "errors": [] } ``` ### Data table | Field | Description | |-------|-------------| | `cveId` | The CVE identifier | | `cvssScore` | CVSS v3.1 base score (0-10, null if unavailable) | | `severity` | Severity level (CRITICAL, HIGH, MEDIUM, LOW, or null) | | `description` | English vulnerability description from NVD | | `cweIds` | CWE weakness identifiers (e.g. CWE-362) | | `affectedProducts` | Array of affected vendor/product/version ranges (from CPE) | | `patchUrls` | Vendor advisory and patch URLs | | `nvdUrl` | Direct link to NVD detail page | | `githubPocUrls` | GitHub repositories matching the CVE (name, URL, stars, description) | | `exploitDbResults` | ExploitDB entries matching the CVE (EDB-ID, title, type, platform, author) | | `publishedDate` | CVE publication date | | `lastModifiedDate` | CVE last modification date | | `scrapedAt` | Timestamp when this lookup was performed | | `errors` | Non-fatal errors encountered during lookup (empty array = clean run) | ### Pricing / Cost estimation CVE-to-PoC Mapper uses Apify's **pay-per-event** pricing model. **$3 per 1,000 results.** A single CVE lookup typically generates 3-10 results (NVD base + GitHub repos + ExploitDB entries), costing approximately **$0.01-0.03 per CVE**. Apify offers a **free tier** for low-volume usage. Check the Apify Console for your current usage and billing details. ### Tips - **Speed up runs:** Set `includeExploitDb: false` if you only need GitHub PoCs. This skips browser automation and cuts runtime by ~50%. - **Batch efficiently:** Process up to 10 CVEs per run. Each CVE takes ~5s with ExploitDB enabled or ~2s with NVD + GitHub only. - **Rate limits:** Add a `githubToken` (free personal access token from GitHub) to increase GitHub search API limits from 10/min to 30/min. - **NVD API key:** Request a free key from [nvd.nist.gov](https://nvd.nist.gov/developers/request-an-api-key) for higher NVD API rate limits on large batches. - **Automate monitoring:** Use Apify Schedules to re-scan CVEs daily and catch newly published PoCs. ### FAQ, disclaimers, and support **Is this legal?** Yes. The actor only scrapes publicly available data from NVD (US government database), GitHub (public repositories), and ExploitDB (public exploit database). It respects rate limits and does not access private or authentication-walled content. **What CVEs are supported?** Any CVE published in the NVD. The actor validates CVE ID format (`CVE-YYYY-NNNNN`) automatically and skips invalid IDs. **Are the exploits safe to use?** The actor maps CVEs to PoC URLs only. It does not execute, validate, or endorse any exploit code. Always exercise caution when running third-party exploit code. **ExploitDB returned 0 results for my CVE - why?** Not all CVEs have ExploitDB entries. ExploitDB contains a curated set of published exploits, not a complete mapping of all CVEs. **Getting help:** For bugs, feature requests, or questions, open an issue on the [GitHub repository](https://github.com/sreeni-user/cve-poc-mapper) or use the Issues tab in Apify Console. **Custom solutions:** Need a custom version with additional data sources (Metasploit, Shodan, Censys) or batch processing of hundreds of CVEs? Contact the developer through the Apify Store. *** Built with [Crawlee](https://crawlee.dev) + [Playwright](https://playwright.dev) by **Sreeniverse**. # Actor input Schema ## `cveIds` (type: `array`): List of CVE IDs to look up (e.g. CVE-2024-6387, CVE-2021-44228). Valid format: CVE-YYYY-NNNNN. ## `maxGitHubResults` (type: `integer`): Maximum number of GitHub repositories to return per CVE. ## `includeGitHub` (type: `boolean`): Search GitHub for PoC repositories. ## `includeExploitDb` (type: `boolean`): Search ExploitDB for published exploits. Uses browser automation (slower). ## `githubToken` (type: `string`): Optional. GitHub PAT for higher search API rate limits (30 req/min vs 10 req/min). No scopes needed. ## `nvdApiKey` (type: `string`): Optional. Free API key from nvd.nist.gov for higher rate limits. ## Actor input object example ```json { "cveIds": [ "CVE-2024-6387", "CVE-2024-3094", "CVE-2021-44228" ], "maxGitHubResults": 10, "includeGitHub": true, "includeExploitDb": true } ``` # Actor output Schema ## `dataset` (type: `string`): No description # API You can run this Actor programmatically using our API. Below are code examples in JavaScript, Python, and CLI, as well as the OpenAPI specification and MCP server setup. ## JavaScript example ```javascript import { ApifyClient } from 'apify-client'; // Initialize the ApifyClient with your Apify API token // Replace the '' with your token const client = new ApifyClient({ token: '', }); // Prepare Actor input const input = { "cveIds": [ "CVE-2024-6387", "CVE-2024-3094", "CVE-2021-44228" ] }; // Run the Actor and wait for it to finish const run = await client.actor("huntersreeni/cve-poc-mapper").call(input); // Fetch and print Actor results from the run's dataset (if any) console.log('Results from dataset'); console.log(`💾 Check your data here: https://console.apify.com/storage/datasets/${run.defaultDatasetId}`); const { items } = await client.dataset(run.defaultDatasetId).listItems(); items.forEach((item) => { console.dir(item); }); // 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/js/docs ``` ## Python example ```python from apify_client import ApifyClient # Initialize the ApifyClient with your Apify API token # Replace '' with your token. client = ApifyClient("") # Prepare the Actor input run_input = { "cveIds": [ "CVE-2024-6387", "CVE-2024-3094", "CVE-2021-44228", ] } # Run the Actor and wait for it to finish run = client.actor("huntersreeni/cve-poc-mapper").call(run_input=run_input) # Fetch and print Actor results from the run's dataset (if there are any) print("💾 Check your data here: https://console.apify.com/storage/datasets/" + run["defaultDatasetId"]) for item in client.dataset(run["defaultDatasetId"]).iterate_items(): print(item) # 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/python/docs/quick-start ``` ## CLI example ```bash echo '{ "cveIds": [ "CVE-2024-6387", "CVE-2024-3094", "CVE-2021-44228" ] }' | apify call huntersreeni/cve-poc-mapper --silent --output-dataset ``` ## MCP server setup ```json { "mcpServers": { "apify": { "command": "npx", "args": [ "mcp-remote", "https://mcp.apify.com/?tools=huntersreeni/cve-poc-mapper", "--header", "Authorization: Bearer " ] } } } ``` ## OpenAPI specification ```json { "openapi": "3.0.1", "info": { "title": "CVE-to-PoC Mapper", "description": "Maps CVEs to publicly available Proof-of-Concept code. Scrapes GitHub, ExploitDB, and NVD to answer: is there a working exploit, which versions are affected, and is a patch available?", "version": "1.0", "x-build-id": "VahYUZYVsGGD4bic7" }, "servers": [ { "url": "https://api.apify.com/v2" } ], "paths": { "/acts/huntersreeni~cve-poc-mapper/run-sync-get-dataset-items": { "post": { "operationId": "run-sync-get-dataset-items-huntersreeni-cve-poc-mapper", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for its completion, and returns Actor's dataset items in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } }, "/acts/huntersreeni~cve-poc-mapper/runs": { "post": { "operationId": "runs-sync-huntersreeni-cve-poc-mapper", "x-openai-isConsequential": false, "summary": "Executes an Actor and returns information about the initiated run in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/runsResponseSchema" } } } } } } }, "/acts/huntersreeni~cve-poc-mapper/run-sync": { "post": { "operationId": "run-sync-huntersreeni-cve-poc-mapper", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for completion, and returns the OUTPUT from Key-value store in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } } }, "components": { "schemas": { "inputSchema": { "type": "object", "required": [ "cveIds" ], "properties": { "cveIds": { "title": "CVE IDs", "type": "array", "description": "List of CVE IDs to look up (e.g. CVE-2024-6387, CVE-2021-44228). Valid format: CVE-YYYY-NNNNN.", "items": { "type": "string", "pattern": "^CVE-\\d{4}-\\d{4,}$" } }, "maxGitHubResults": { "title": "Max GitHub Results per CVE", "minimum": 1, "maximum": 100, "type": "integer", "description": "Maximum number of GitHub repositories to return per CVE.", "default": 10 }, "includeGitHub": { "title": "Include GitHub results", "type": "boolean", "description": "Search GitHub for PoC repositories.", "default": true }, "includeExploitDb": { "title": "Include ExploitDB results", "type": "boolean", "description": "Search ExploitDB for published exploits. Uses browser automation (slower).", "default": true }, "githubToken": { "title": "GitHub Personal Access Token", "type": "string", "description": "Optional. GitHub PAT for higher search API rate limits (30 req/min vs 10 req/min). No scopes needed." }, "nvdApiKey": { "title": "NVD API Key", "type": "string", "description": "Optional. Free API key from nvd.nist.gov for higher rate limits." } } }, "runsResponseSchema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "id": { "type": "string" }, "actId": { "type": "string" }, "userId": { "type": "string" }, "startedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "finishedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "status": { "type": "string", "example": "READY" }, "meta": { "type": "object", "properties": { "origin": { "type": "string", "example": "API" }, "userAgent": { "type": "string" } } }, "stats": { "type": "object", "properties": { "inputBodyLen": { "type": "integer", "example": 2000 }, "rebootCount": { "type": "integer", "example": 0 }, "restartCount": { "type": "integer", "example": 0 }, "resurrectCount": { "type": "integer", "example": 0 }, "computeUnits": { "type": "integer", "example": 0 } } }, "options": { "type": "object", "properties": { "build": { "type": "string", "example": "latest" }, "timeoutSecs": { "type": "integer", "example": 300 }, "memoryMbytes": { "type": "integer", "example": 1024 }, "diskMbytes": { "type": "integer", "example": 2048 } } }, "buildId": { "type": "string" }, "defaultKeyValueStoreId": { "type": "string" }, "defaultDatasetId": { "type": "string" }, "defaultRequestQueueId": { "type": "string" }, "buildNumber": { "type": "string", "example": "1.0.0" }, "containerUrl": { "type": "string" }, "usage": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "integer", "example": 1 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } }, "usageTotalUsd": { "type": "number", "example": 0.00005 }, "usageUsd": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "number", "example": 0.00005 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } } } } } } } } } ```