{"id":47997314,"url":"https://github.com/projectdiscovery/vulnx","last_synced_at":"2026-04-05T16:00:40.008Z","repository":{"id":218732481,"uuid":"699502691","full_name":"projectdiscovery/vulnx","owner":"projectdiscovery","description":"Modern CLI for exploring vulnerability data with powerful search, filtering, and analysis capabilities.","archived":false,"fork":false,"pushed_at":"2026-04-02T21:27:40.000Z","size":40770,"stargazers_count":2405,"open_issues_count":12,"forks_count":177,"subscribers_count":28,"default_branch":"main","last_synced_at":"2026-04-03T08:07:58.096Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/projectdiscovery.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-10-02T19:02:02.000Z","updated_at":"2026-04-02T21:27:44.000Z","dependencies_parsed_at":"2024-11-18T12:38:30.008Z","dependency_job_id":"a3f3ddff-ab4c-4787-a2a6-a6b6b987d8e7","html_url":"https://github.com/projectdiscovery/vulnx","commit_stats":{"total_commits":248,"total_committers":4,"mean_commits":62.0,"dds":0.08467741935483875,"last_synced_commit":"472513fd05dc9817e29a82d055e6e39ce94a8f2c"},"previous_names":["projectdiscovery/cvemap","projectdiscovery/vulnx"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/projectdiscovery/vulnx","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Fvulnx","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Fvulnx/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Fvulnx/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Fvulnx/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/projectdiscovery","download_url":"https://codeload.github.com/projectdiscovery/vulnx/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Fvulnx/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31441057,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-05T15:22:31.103Z","status":"ssl_error","status_checked_at":"2026-04-05T15:22:00.205Z","response_time":75,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-04-04T12:00:32.857Z","updated_at":"2026-04-05T16:00:40.002Z","avatar_url":"https://github.com/projectdiscovery.png","language":"Go","funding_links":[],"categories":["Go","others"],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e vulnx \u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://opensource.org/licenses/MIT\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-MIT-_red.svg\" alt=\"MIT License\"\u003e\u003c/a\u003e\n\u003ca href=\"https://goreportcard.com/badge/github.com/projectdiscovery/vulnx\"\u003e\u003cimg src=\"https://goreportcard.com/badge/github.com/projectdiscovery/vulnx\" alt=\"Go Report Card\"\u003e\u003c/a\u003e\n\u003ca href=\"https://pkg.go.dev/github.com/projectdiscovery/vulnx/pkg/vulnx\"\u003e\u003cimg src=\"https://img.shields.io/badge/go-reference-blue\" alt=\"Go Reference\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/projectdiscovery/vulnx/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/release/projectdiscovery/vulnx\" alt=\"GitHub Release\"\u003e\u003c/a\u003e\n\u003ca href=\"https://twitter.com/pdiscoveryio\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/pdiscoveryio.svg?logo=twitter\" alt=\"Twitter Follow\"\u003e\u003c/a\u003e\n\u003ca href=\"https://discord.gg/projectdiscovery\"\u003e\u003cimg src=\"https://img.shields.io/discord/695645237418131507.svg?logo=discord\" alt=\"Discord\"\u003e\u003c/a\u003e\n\u003ca href=\"https://starlog.is/articles/cybersecurity/projectdiscovery-vulnx\"\u003e\n \u003cimg src=\"https://img.shields.io/badge/Starlog-Deep_Dive-00e5ff?style=flat\u0026logo=data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0id2hpdGUiPjxwYXRoIGQ9Ik0xMiAyTDkgOUgyTDcgMTRMNSAyMkwxMiAxN0wxOSAyMkwxNyAxNEwyMiA5SDE1TDEyIDJaIi8+PC9zdmc+\" alt=\"Starlog Deep Dive\"\u003e\n\u003c/a\u003e\n\u003c/p\u003e\n\n\u003ch4 align=\"center\"\u003e Modern CLI for exploring vulnerability data with powerful search, filtering, and analysis capabilities \u003c/h4\u003e\n\n![image](https://github.com/user-attachments/assets/d60a1d43-27d8-4874-9459-046b7d8c633a)\n\n## Quick Start\n\n```bash\n# 1. Get vulnx\ngo install github.com/projectdiscovery/vulnx/v2/cmd/vulnx@latest\n\n# 2. Explore commands\nvulnx --help\nvulnx search --help\n\n# 3. Start exploring vulnerabilities (no API key required)\nvulnx filters # See all available search fields\nvulnx search apache # Basic search (subject to rate limits)\n\n# 4. Set up your API key (recommended to avoid rate limits)\nvulnx auth # Get free API key at https://cloud.projectdiscovery.io\n\n# 5. Enhanced exploration with higher limits\nvulnx search apache # No rate limits\nvulnx id CVE-2021-44228 # Faster responses\n```\n\n## What vulnx Does\n\n**Search vulnerabilities with precision:**\n```bash\nvulnx search \"severity:critical \u0026\u0026 is_remote:true\"\nvulnx search \"apache || nginx\" --limit 20\nvulnx search \"cvss_score:\u003e8.0 \u0026\u0026 cve_created_at:2024\"\n```\n\n**Get detailed vulnerability info:**\n```bash\nvulnx id CVE-2021-44228\nvulnx id CVE-2024-1234 --json\n```\n\n**Analyze vulnerability patterns:**\n```bash\nvulnx analyze --fields severity\nvulnx analyze --fields affected_products.vendor\n```\n\n## Core Commands\n\n| Command | Purpose | Example |\n|---------|---------|---------|\n| `search` | Find vulnerabilities with advanced filters | `vulnx search \"apache \u0026\u0026 severity:high\"` |\n| `id` | Get details for specific CVE | `vulnx id CVE-2021-44228` |\n| `filters` | List all available search fields and filters | `vulnx filters` |\n| `analyze` | Aggregate data by fields | `vulnx analyze -f severity` |\n| `auth` | Configure API access | `vulnx auth` |\n| `version` | Show version info and check for updates | `vulnx version` |\n| `update` | Update vulnx to latest version | `vulnx update` |\n| `healthcheck` | Test connectivity | `vulnx healthcheck` |\n\n## Essential Options\n\n**Output formats:**\n```bash\nvulnx search \"apache\" --json # Machine-readable JSON\nvulnx search \"apache\" --output results.json # Save to file\nvulnx search \"apache\" --silent # Quiet output\n```\n\n**Search control:**\n```bash\nvulnx search \"apache\" --limit 50 # Get 50 results\nvulnx search \"apache\" --sort-desc cvss_score # Sort by CVSS score\nvulnx search \"apache\" --fields cve_id,severity # Specific fields only\n```\n\n**Advanced search:**\n```bash\nvulnx search --term-facets severity=5,tags=10 \"apache\"\nvulnx search --range-facets numeric:cvss_score:high:8:10 \"remote\"\nvulnx search --highlight \"apache\" # Enable search highlighting\nvulnx search --facet-size 20 \"nginx\" # More facet buckets\nvulnx search --detailed \"xss\" # Detailed output like 'id' command\n```\n\n## Discovering Available Fields\n\n**Explore what you can search on:**\n```bash\nvulnx filters # Show all available search fields\nvulnx filters --json # Machine-readable field list\nvulnx filters --output fields.json # Save field info to file\n```\n\nThe `filters` command shows detailed information about all searchable fields including:\n- Field names and data types\n- Descriptions and examples\n- Whether fields support sorting and faceting\n- Available enum values for specific fields\n- Search analyzer types\n\n**Example output:**\n```\nField: severity\nData Type: string\nDescription: Vulnerability severity level (e.g., critical, high, medium, low, info)\nCan Sort: Yes\nFacet Possible: Yes\nSearch Analyzer: keyword-lower\nExamples: severity:critical, severity:high\nEnum Values: critical, high, medium, low, info, unknown\n\nTotal: 69 filters available\n```\n\nUse this command to discover new search possibilities and understand field syntax before building complex queries.\n\n## Common Search Patterns\n\n**Find high-risk vulnerabilities:**\n```bash\nvulnx search \"severity:critical \u0026\u0026 is_remote:true \u0026\u0026 is_kev:true\"\nvulnx search \"cvss_score:\u003e8.0 \u0026\u0026 cve_created_at:\u003e=2024\" # High CVSS from 2024\nvulnx search \"is_kev:true \u0026\u0026 age_in_days:\u003c90\" # Recent KEV exploits\n```\n\n**Search by technology:**\n```bash\nvulnx search \"apache\" # Apache vulnerabilities\nvulnx search \"apache || nginx\" # Multiple technologies\nvulnx search \"affected_products.vendor:microsoft\" # By vendor\n```\n\n**Filter by severity and scores:**\n```bash\nvulnx search \"severity:high\" # High severity\nvulnx search \"cvss_score:\u003e7.0\" # CVSS score above 7\nvulnx search \"epss_score:\u003e0.8\" # High EPSS score\n```\n\n**Time-based searches:**\n```bash\nvulnx search \"cve_created_at:\u003e=2024\" # Published in 2024 or later\nvulnx search \"cve_created_at:\u003e=2024-01-01 \u0026\u0026 cve_created_at:\u003c2024-07-01\" # First half of 2024\nvulnx search \"age_in_days:\u003c30\" # Recent vulnerabilities (last 30 days)\n```\n\n**Find exploitable vulnerabilities:**\n```bash\nvulnx search \"is_poc:true\" # Has proof of concept\nvulnx search \"is_kev:true\" # Known exploited vulns\nvulnx search \"is_template:true\" # Has Nuclei templates\nvulnx search --detailed \"log4j\" # Detailed analysis of specific vuln\n```\n\n## Filter Flags\n\n### Filter Flags Reference\n\n| Flag | Short | Description | Example |\n|------|-------|-------------|---------|\n| `--product` | `-p` | Filter by products | `--product apache,nginx` |\n| `--vendor` | | Filter by vendors | `--vendor microsoft,oracle` |\n| `--severity` | `-s` | Filter by severity | `--severity critical,high` |\n| `--tags` | | Filter by tags | `--tags rce,injection` |\n| `--cvss-score` | | Filter by CVSS score | `--cvss-score \"\u003e8.0\"` |\n| `--epss-score` | | Filter by EPSS score | `--epss-score \"\u003e0.8\"` |\n| `--vuln-age` | `-a` | Filter by age | `--vuln-age \"\u003c30\"` |\n| `--vuln-type` | | Filter by vulnerability type | `--vuln-type sql_injection` |\n| `--kev` | | KEV vulnerabilities only | `--kev` |\n| `--template` | `-t` | Has Nuclei templates | `--template` |\n| `--poc` | | Has proof of concept | `--poc` |\n| `--hackerone` | | HackerOne reported | `--hackerone` |\n| `--remote-exploit` | | Remotely exploitable | `--remote-exploit` |\n| `--vuln-status` | | Filter by vuln status | `--vuln-status confirmed` |\n\n\n### Search Control Flags\n\n| Flag | Short | Description | Example |\n|------|-------|-------------|---------|\n| `--detailed` | | Detailed output like 'id' | `--detailed` |\n| `--highlight` | | Enable search highlighting | `--highlight` |\n| `--limit` | `-n` | Number of results | `--limit 50` |\n| `--offset` | | Pagination offset | `--offset 100` |\n| `--sort-asc` | | Sort ascending | `--sort-asc cvss_score` |\n| `--sort-desc` | | Sort descending | `--sort-desc cve_created_at` |\n| `--fields` | | Select specific fields | `--fields cve_id,severity` |\n| `--term-facets` | | Calculate term facets | `--term-facets severity=5` |\n| `--range-facets` | | Calculate range facets | `--range-facets numeric:cvss_score:high:8:10` |\n| `--facet-size` | | Facet bucket count | `--facet-size 20` |\n\n**Product and vendor filtering:**\n```bash\nvulnx search --product apache,nginx # Filter by products (searches both vendor and product fields)\nvulnx search --vendor microsoft,oracle # Filter by vendors only\nvulnx search \"NOT apache\" # Exclude products using query syntax\nvulnx search \"NOT affected_products.vendor:microsoft\" # Exclude vendors using query syntax\n```\n\n**Severity and scoring:**\n```bash\nvulnx search --severity critical,high # Filter by severity\nvulnx search \"NOT severity:low\" # Exclude severities using query syntax\nvulnx search --cvss-score \"\u003e8.0\" # Filter by CVSS score\nvulnx search --epss-score \"\u003e0.8\" # Filter by EPSS score\nvulnx search --vuln-status confirmed # Filter by status\nvulnx search --vuln-age \"\u003c30\" # Recent vulnerabilities\n```\n\n**Exploit characteristics:**\n```bash\nvulnx search --kev # KEV vulnerabilities only\nvulnx search --template # Has Nuclei templates\nvulnx search --poc # Has proof of concept\nvulnx search --hackerone # HackerOne reported\nvulnx search --remote-exploit # Remotely exploitable\n```\n\n## Vulnerability ID Lookup\n\n**Multiple input methods:**\n```bash\n# Single ID lookup\nvulnx id CVE-2024-1234\n\n# Multiple IDs (comma-separated)\nvulnx id CVE-2024-1234,CVE-2024-5678,CVE-2023-9999\n\n# Auto-detection from stdin (no 'id' command needed!)\necho \"CVE-2024-1234\" | vulnx\necho -e \"CVE-2024-1234\\nCVE-2024-5678\" | vulnx\n\n# File input\nvulnx id --file ids.txt\n```\n\n**Batch processing:**\n```bash\n# JSON output for automation\nvulnx id --json CVE-2024-1234 CVE-2024-5678\n\n# Save to file\nvulnx id --output vulns.json --file ids.txt\n\n# Pipeline integration\ncat report.txt | grep -o 'CVE-[0-9]\\{4\\}-[0-9]\\+' | vulnx id --json\n```\n\n## Useful Field Names\n\n| Field | Description | Example Values |\n|-------|-------------|----------------|\n| `severity` | Vulnerability severity | `low`, `medium`, `high`, `critical` |\n| `cvss_score` | CVSS score (0-10) | `7.5`, `\u003e8.0`, `\u003c9.0` |\n| `cve_id` | CVE identifier | `CVE-2021-44228` |\n| `is_remote` | Remotely exploitable | `true`, `false` |\n| `is_kev` | Known exploited vuln | `true`, `false` |\n| `is_poc` | Has proof of concept | `true`, `false` |\n| `affected_products.vendor` | Vendor name | `apache`, `microsoft` |\n| `affected_products.product` | Product name | `tomcat`, `windows` |\n| `cve_created_at` | Publication date | `\u003e=2024`, `\u003e2024-01-01`, `\u003c2023` |\n| `age_in_days` | Days since publication | `\u003c30`, `\u003e365`, `\u003c=90` |\n\n## Query Syntax\n\n**Basic searches:**\n```bash\nvulnx search \"apache\" # Simple term\nvulnx search \"remote code execution\" # Phrase search\nvulnx search \"severity:critical\" # Field search\n```\n\n**Boolean logic:**\n```bash\nvulnx search \"apache \u0026\u0026 nginx\" # Both terms\nvulnx search \"apache || nginx\" # Either term\nvulnx search \"apache NOT tomcat\" # Exclude term\nvulnx search \"(apache || nginx) \u0026\u0026 severity:high\" # Grouped\n```\n\n**Ranges and wildcards:**\n```bash\nvulnx search \"cvss_score:\u003e8.0\" # Greater than\nvulnx search \"cvss_score:\u003c9.0\" # Less than\nvulnx search \"cve_created_at:\u003e=2024-01-01\" # Date comparison\nvulnx search \"age_in_days:\u003c30\" # Recent vulnerabilities\nvulnx search \"apache*\" # Wildcard\n```\n\n## Date Queries\n\n**Important**: Date fields require comparison operators (`\u003e=`, `\u003e`, `\u003c`, `\u003c=`).\n\n**Single date comparisons:**\n```bash\nvulnx search \"cve_created_at:\u003e=2024\" # CVEs from 2024 onward\nvulnx search \"cve_created_at:\u003c2024\" # CVEs before 2024\nvulnx search \"cve_created_at:\u003e2024-06-01\" # CVEs after June 1, 2024\n```\n\n**Date ranges:**\n```bash\n# CVEs from January 2024 only\nvulnx search \"cve_created_at:\u003e=2024-01-01 \u0026\u0026 cve_created_at:\u003c2024-02-01\"\n\n# High CVSS CVEs from 2024\nvulnx search \"cvss_score:\u003e8.0 \u0026\u0026 cve_created_at:\u003e=2024\"\n\n# Recent vulnerabilities (age-based)\nvulnx search \"age_in_days:\u003c30\" # Last 30 days\nvulnx search \"age_in_days:\u003e365\" # Older than 1 year\n```\n\n**Supported formats:**\n- `2024` (year)\n- `2024-01` (year-month)\n- `2024-01-15` (full date)\n\n## Configuration\n\n### Authentication (Optional)\n\n**vulnx works without an API key**, but authentication provides significant benefits:\n\n**⚠️ Without API key:**\n- Limited to 10 requests per minutes\n- Subject to strict rate limits\n- May encounter \"429 Too Many Requests\" errors\n\n**✅ With API key:**\n- Much higher rate limits\n- Access to all the filters\n\n**Set up authentication:**\n```bash\nvulnx auth # Interactive setup\nvulnx auth --api-key YOUR_API_KEY # Non-interactive (automation)\nvulnx auth --test # Test current API key\nexport PDCP_API_KEY=\"your-key-here\" # Environment variable\n```\n\n**Authentication modes:**\n- **Interactive**: `vulnx auth` - Guided setup with prompts\n- **Non-interactive**: `vulnx auth --api-key KEY` - Perfect for automation/CI/CD\n- **Test only**: `vulnx auth --test` - Validate current configuration\n\n**Version management:**\n```bash\nvulnx version # Show version and check for updates\nvulnx version --disable-update-check # Show version without update check\nvulnx update # Update to latest version\nvulnx --update # Alternative update command\n```\n\n**Global options:**\n```bash\nvulnx --json search \"apache\" # JSON output\nvulnx --silent search \"apache\" # No banner\nvulnx --timeout 60s search \"apache\" # Custom timeout\nvulnx --disable-update-check search \"apache\" # Disable automatic update checks\n```\n\n## Troubleshooting\n\n**Rate limit issues:**\n```\nRate limit exceeded! API key required for higher limits.\n→ Run: vulnx auth to configure API key and get higher limits\n```\n\n**Automation/CI/CD setup:**\n```bash\n# Docker containers\nvulnx auth --api-key \"$SECRET_API_KEY\"\n\n# CI/CD pipelines\nvulnx auth --api-key \"${PDCP_API_KEY}\"\n\n# Kubernetes init containers\nvulnx auth --api-key \"$(cat /secrets/api-key)\"\n\n# Test authentication in scripts\nvulnx auth --test \u0026\u0026 echo \"Auth OK\" || echo \"Auth failed\"\n```\n\n**Rate limit suggestions:**\n```\nConfigure API key with 'vulnx auth' to avoid rate limits\n→ This appears when no API key is configured. To remove:\n 1. Set up API key: vulnx auth\n 2. Or use --silent flag to suppress informational messages\n```\n\n**No results:**\n```bash\nvulnx search \"is_kev:true\" --limit 1 # Test with known results\nvulnx healthcheck # Check connectivity\n```\n\n**Large result sets:**\n```bash\nvulnx search \"apache\" --limit 100 # Increase limit\nvulnx search \"apache\" --offset 100 # Pagination\nvulnx search --fields cve_id,severity \"apache\" # Fewer fields\n```\n\n**Connection issues:**\n```bash\nvulnx --timeout 60s search \"apache\" # Increase timeout\nvulnx --proxy http://localhost:8080 search \"apache\" # Use proxy\nvulnx --debug search \"apache\" # Debug mode\n```\n\n## Getting Help\n\n**Help commands (no API key required):**\n```bash\nvulnx --help # All commands overview\nvulnx search --help # Search command help\nvulnx id --help # ID command help\nvulnx filters --help # Filters command help\nvulnx analyze --help # Analyze command help\nvulnx version # Version info with update check\nvulnx version --disable-update-check # Version info without update check\n```\n\n**Data exploration (subject to rate limits without API key):**\n```bash\nvulnx filters # Show all searchable fields\nvulnx search help # Detailed search fields\nvulnx analyze help # Available analyze fields\n```\n\n\u003e ⚠️ **Note** All commands work without an API key, but are subject to rate limits. Configure an API key with `vulnx auth` for higher limits and better performance.\n\n## Tips\n\n- **Start immediately**: vulnx works without an API key - just run `vulnx search apache`\n- **Avoid rate limits**: Configure API key with `vulnx auth` for heavy usage\n- **Stay updated**: vulnx automatically checks for updates; use `--disable-update-check` to disable\n- Use `vulnx filters` to discover all available search fields and their syntax\n- Start with broad searches, then narrow down with filters\n- Use `--json` for scripting and automation\n- Combine multiple filters for precise results\n- Use `analyze` to understand data patterns\n- Save frequently used queries as shell aliases\n\nFor advanced usage patterns and examples, see [USAGE.md](USAGE.md).\n\n## Development\n\nFor development setup, code quality checks, and contribution guidelines, see [DEVELOPMENT.md](DEVELOPMENT.md).\n\n## License\n\nvulnx is distributed under [MIT License](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprojectdiscovery%2Fvulnx","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprojectdiscovery%2Fvulnx","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprojectdiscovery%2Fvulnx/lists"}