rafabd1
diff --git a/‎LICENSE
Lines changed: 21 additions & 0 deletions b/‎LICENSE
Lines changed: 21 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 107 additions & 0 deletions b/‎README.md
Lines changed: 107 additions & 0 deletions
diff --git a/‎assets/image.png
82.1 KB b/‎assets/image.png
82.1 KB
diff --git a/‎example/all_report.md
Lines changed: 62 additions & 0 deletions b/‎example/all_report.md
Lines changed: 62 additions & 0 deletions
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Rafael-BD
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
@@ -0,0 +1,107 @@
+# theWatcher
+
+<!-- <h1 align="center">
+  <img src="#" alt="theWatcher" width="150px">
+</h1> -->
+
+theWatcher is a security vulnerability collection and analysis tool. It retrieves data from multiple sources, applies AI-based classification and summarization when possible, and generates concise reports.
+
+## Features
+
+- Collect vulnerabilities from:
+  - Full Disclosure
+  - Exploit-DB
+  - NIST
+- Summarize vulnerabilities using AI (OpenAI's Gemini-based model), grouping them by technology and highlighting trends
+- Filter vulnerabilities by severity
+- Limit the number of items collected from each source
+
+## Prerequisites
+
+- Python 3.7+  
+- An optional Google Generative AI API key (placed in a .env file as GEMINI_API_KEY) for AI-based classification and summarization.
+  - You can request access to the API [here](https://aistudio.google.com). The tool does not need the paid version of the API; the free tier is sufficient and does not require a credit card.
+
+## Installation
+
+1. Clone the repository.  
+2. (Optional) Create a virtual environment and activate it.  
+3. Install dependencies:  
+   pip install -r requirements.txt
+
+4. (Optional) Create a .env file in the project root with the following content:
+   GEMINI_API_KEY=YOUR_KEY_HERE
+
+## Usage
+
+Run the main script from the command line:
+python main.py [options]
+
+Some useful options:
+- -c, --collect  
+  Collect vulnerabilities from the specified sources.
+- -s, --summarize  
+  Generate a summary report from collected vulnerabilities.
+- -F, --full-scan  
+  Collect from all sources (including NIST) over the last 30 days (implies --collect and --summarize).
+- -Q, --quick-scan  
+  Collect from all sources over the last 7 days, limiting each source to 50 items (implies --collect and --summarize).
+- -m, --max-items  
+  Maximum number of vulnerabilities to retrieve per source.
+- -t, --type [all|sources|nist]  
+  Overall scope (all sources or just NIST or custom sources).
+- -S, --sources [fulldisclosure exploitdb nist]  
+  Specify which sources to query.
+- -N, --no-ai  
+  Disable AI-based classification and summarization.
+- -o, --output-dir  
+  Select output directory for saved JSON and report files.
+
+## Quick Demo
+
+![Terminal Demo](./assets/image.png)
+
+Here’s a quick command to collect data from all sources for the last 15 days and generate a report:
+
+```console
+python main.py -c -s -d 15 --type all --max-items 50
+```
+
+## Additional Usage Examples
+
+```console
+# Collect vulnerabilities from multiple sources without AI
+python main.py --collect --sources fulldisclosure exploitdb --no-ai
+
+# Run a comprehensive scan and summarization in headless mode
+python main.py -F --output-dir ./reports
+```
+
+### Examples
+
+1) Full scan of all sources, storing 100 items per source:
+   python main.py --full-scan
+
+2) Quick scan:
+   python main.py --quick-scan
+
+3) Custom scan (only Full Disclosure and Exploit-DB for the last 15 days without AI):
+   python main.py -c -d 15 -S fulldisclosure exploitdb --no-ai
+
+## Example Report
+
+Here is an example of a generated report:
+
+[Example Report](./example/all_report.md)
+
+## Contributing
+
+Feel free to open a pull request or submit an issue if you find any bugs or want to request new features.
+
+## Development
+
+This tool is under active development. New sources, AI APIs, and features will be added continuously.
+
+## License
+
+This project is licensed under the [MIT License](LICENSE).
@@ -0,0 +1,62 @@
+# Vulnerability Analysis Report
+Generated: 2025-01-24 01:33:06
+Total Vulnerabilities Analyzed: 7
+
+## Vulnerabilities by Technology
+
+### Palo Alto Networks GlobalProtect
+
+- [SEC Consult SA-20241009-0 :: Local Privilege Escalation via MSI installer in Palo Alto Networks GlobalProtect (CVE-2024-9473)](https://seclists.org/fulldisclosure/2024/Oct/2) ((Oct 09)) [Full Disclosure]
+    - Local privilege escalation via a vulnerable MSI installer.
+
+### Paxton Net2
+
+- [CVE-2024-48939: Unauthorized enabling of API in Paxton Net2	software](https://seclists.org/fulldisclosure/2024/Oct/3) ((Oct 20)) [Full Disclosure]
+    - Unauthorized enabling of API functionality.
+
+### Rittal IoT Interface & CMC III Processing Unit
+
+- [SEC Consult SA-20241015-0 :: Multiple Vulnerabilities in Rittal IoT Interface & CMC III Processing Unit (CVE-2024-47943, CVE-2024-47944, CVE-2024-47945)](https://seclists.org/fulldisclosure/2024/Oct/4) ((Oct 20)) [Full Disclosure]
+    - Multiple vulnerabilities including improper signature verification of firmware upgrade files.
+
+### SOPlanning
+
+- [[webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)](https://www.exploit-db.com/exploits/52082) (Fri, 15 Nov 2024 00:00:00 +0000) [Exploit-DB]
+    - Authenticated Remote Code Execution (RCE).
+
+### IBM Tivoli Application Dependency Discovery Manager
+
+- [CVE-2025-23227](https://nvd.nist.gov/vuln/detail/CVE-2025-23227) (January 23, 2025) [NIST]
+    - Stored cross-site scripting (XSS) allowing arbitrary JavaScript execution.
+
+### IBM Security Verify Bridge
+
+- [CVE-2024-45672](https://nvd.nist.gov/vuln/detail/CVE-2024-45672) (January 23, 2025) [NIST]
+    - Local privileged user can overwrite files due to excessive agent privileges, leading to potential DoS.
+
+### Uyumsoft ERP
+
+- [CVE-2024-10539](https://nvd.nist.gov/vuln/detail/CVE-2024-10539) (January 23, 2025) [NIST]
+    - Reflected cross-site scripting (XSS) vulnerability using invalid characters.
+
+
+## Security Trends Analysis
+
+### Privilege Escalation via Installer Vulnerabilities
+**Impact**: Allows attackers to gain elevated system access.
+
+### Increase in Cross-Site Scripting (XSS) Vulnerabilities
+**Impact**: Allows attackers to execute malicious scripts within trusted web applications, potentially leading to data theft and account compromise
+
+### API security vulnerabilities
+**Impact**: Unauthorized access and control over system functionalities
+
+### Remote Code Execution (RCE)
+**Impact**: Allows attackers to execute arbitrary code on a vulnerable system
+
+### Local File Manipulation
+**Impact**: Leads to DoS and system instability
+
+### Firmware Update Vulnerabilities
+**Impact**: Allows execution of unsigned code by bypassing signature verification
+