Curated vulnerability intelligence aggregating data from CISA KEV, Metasploit, Nuclei templates, and EPSS scores.
Part of the RogoLabs network | Originally created by Jerry Gamblin
Live Dashboard: https://patchthis.app
PatchThisApp aggregates vulnerability data from four trusted intelligence sources and presents it as a filterable, sortable dataset. The platform focuses exclusively on vulnerabilities with active exploits, public proof-of-concepts, or high EPSS scores (>0.90), filtering out noise from the ~25,000+ CVEs published annually.
- Aggregates data from CISA KEV, Metasploit modules, Nuclei templates, and EPSS predictions
- Client-side data processing - 100% static HTML/JS/CSS
- CSV export functionality for integration with existing workflows
- Interactive analytics dashboard with Chart.js visualizations
- Sortable/filterable table view with 6-month historical data
- Updates every 6 hours via automated GitHub Actions
| Source | Type | Update Frequency | Filter Criteria |
|---|---|---|---|
| CISA KEV | Known exploited vulnerabilities | Daily | Active exploitation confirmed |
| Rapid7 Metasploit | Exploit modules | Continuous | Public exploit module exists |
| Project Discovery Nuclei | Detection templates | Continuous | Detection template available |
| EPSS | Exploit prediction | Daily | EPSS score > 0.90 |
- Python script (
patchthisapp.py) fetches data from all four sources - CVE data enriched with NVD information (CVSS scores, vectors, CPEs)
- Duplicate CVEs across sources are merged with source attribution preserved
- Dataset filtered to last 6 months of published vulnerabilities
- Output generated as CSV for web interface consumption
- Python 3.8+
- Dependencies:
requests,pandas
# Clone repository
git clone https://github.com/RogoLabs/patchthisapp.git
cd patchthisapp
# Install dependencies
pip install -r requirements.txt
# Generate data
python patchthisapp.py
# Serve locally
cd web && python -m http.server 8000
# Access at http://localhost:8000patchthisapp/
├── patchthisapp.py # Data aggregation script
├── requirements.txt # Python dependencies
├── web/ # Static site files
│ ├── index.html # Homepage
│ ├── dashboard.html # Analytics dashboard
│ ├── viewer.html # Data table explorer
│ ├── modern.css # Site styling
│ └── data.csv # Generated dataset
├── data/ # Output directory
│ └── data.csv # Processed dataset
└── scripts/ # Helper utilities
├── local_data.py # Local data fetcher
└── column_summary.py # Column statistics
Primary data aggregation script that:
- Fetches data from CISA KEV, Metasploit, Nuclei, and EPSS APIs
- Queries NVD API for CVE enrichment (CVSS, vectors, CPE data)
- Normalizes and deduplicates entries
- Extracts vendor and product information from CPE strings
- Generates CSV output with merged source attribution
The generated data.csv contains:
| Column | Type | Description | Example |
|---|---|---|---|
| CVE | string | CVE identifier | CVE-2024-1234 |
| CVSS Score | float | Base score 0.0-10.0 | 9.8 |
| CVSS_Vector | string | Attack vector | NETWORK, ADJACENT, LOCAL |
| EPSS | float | Exploit probability 0.0-1.0 | 0.96 |
| Description | string | Vulnerability description | Remote code execution... |
| Published | date | Publication date | 2024-01-15 |
| Source | string | Source attribution | CISA/Metasploit/Nuclei/EPSS |
| CPE | string | Common Platform Enumeration | cpe:2.3:a:vendor:product... |
| CWE | string | Common Weakness Enumeration | CWE-79 |
# Standard run
python patchthisapp.py
# Custom output directory
python patchthisapp.py --output-dir /path/to/output
# Verbose logging
python patchthisapp.py --verboseindex.html - Landing page with project overview and data source information
dashboard.html - Interactive analytics dashboard featuring:
- Vulnerability timeline (6-month trend)
- Intelligence feed overlap analysis
- CVSS score distribution
- Attack vector breakdown
- EPSS risk level categorization
- Top affected products
viewer.html - Sortable/filterable data table with:
- Client-side search across all fields
- Column sorting (CVE, CVSS, EPSS, Published, Source)
- CSV download functionality
- Overview statistics section
Downloads latest data from all sources for local testing:
python scripts/local_data.pyFetches NVD, CISA KEV, Metasploit, Nuclei, and EPSS data. Supports macOS and Linux.
Prints statistics for dataset columns:
python scripts/column_summary.pyOutputs counts, unique values, and top entries for data/data.csv.
Configured for automatic deployment via GitHub Actions. Updates run every 6 hours.
FROM nginx:alpine
COPY web/ /usr/share/nginx/html/
EXPOSE 80Compatible with any static hosting platform:
- GitHub Pages
- Netlify
- Cloudflare Pages
- AWS S3 + CloudFront
- Vercel
- Frontend: Pure HTML/CSS/JS (no build process required)
- Charts: Chart.js 4.4.0 (loaded via CDN)
- Data Parsing: PapaParse 5.4.1 (client-side CSV parsing)
- Backend: Python 3.8+ data aggregation script
- Hosting: Static files only, no server-side processing
- Updates: Automated via GitHub Actions (every 6 hours)
Contributions welcome. Submit pull requests to the main branch.
- Fork repository
- Create feature branch
- Make changes
- Submit pull request
- Python: PEP 8 compliance
- JavaScript: Standard ES6+
- Commits: Descriptive commit messages
- Documentation: Update README for new features
MIT License - see LICENSE file.
- Jerry Gamblin - Original creator
- RogoLabs - Current maintainer
Part of the RogoLabs vulnerability intelligence network alongside cve.icu and cnascorecard.