v0.14.2

Author: xaitax

.gitignore

@@ -1,4 +1,3 @@
 
 sploitscan/config.json
 *.pyc
-sploitscan/config.json

CHANGELOG.md

@@ -1,5 +1,18 @@
 # 📆 Changelog
 
+## [18. October 2025] - Version 0.14.2
+
+- **Directory Import Feature**
+  Added support for importing CVE IDs from entire directories containing vulnerability reports. Use `--input-dir` to recursively scan directories and extract CVE IDs from all files. This complements the existing file import functionality and supports batch processing of multiple scanner reports.
+
+- **Docker Improvements**
+  Updated Dockerfile to Python 3.13, added virtual environment setup, installed git for repository operations, and created a dedicated `/results` directory for exports.
+
+- **Export Path Enhancement**
+  Modified export file generation to save results in `/results` directory when available.
+
+*Special thanks to [diwskx](https://github.com/diwskx) for the directory import feature and Docker improvements.*
+
 ## [07. October 2025] - Version 0.14.0
 
 - **Modern modular refactor**

Dockerfile

@@ -1,7 +1,38 @@
-FROM python:3.9-slim-buster
+FROM python:3.13-slim-trixie
 
-WORKDIR /app
-COPY . /app
-RUN pip install --no-cache-dir -r requirements.txt
+LABEL version="0.14.2"
+LABEL description="SploitScan is a powerful and user-friendly tool designed to streamline the process of identifying exploits for known vulnerabilities and their respective exploitation probability"
 
+ARG DEBIAN_FRONTEND=noninteractive
+
+# Setting up venv
+ENV VENV=/venv
+ENV PATH=${VENV}/bin:${PATH}
+
+# Installing packages including git
+RUN apt-get update && \
+    apt-get install --yes --no-install-recommends git && \
+    rm -rf /var/lib/apt/lists/*
+
+# Downloading and installing dependencies
+COPY ./requirements.txt .
+
+RUN python -m venv ${VENV} && \
+    pip install --upgrade pip setuptools && \
+    pip install --no-cache-dir -r requirements.txt
+
+ENV APP_HOME=/app
+
+# Copy application files
+WORKDIR $APP_HOME
+COPY ./sploitscan ./sploitscan
+COPY ./sploitscan.py .
+COPY ./LICENSE .
+COPY ./CHANGELOG.md .
+
+# Make a directory for scan results
+RUN mkdir /results
+
+# Start the application
 ENTRYPOINT ["python", "sploitscan.py"]
+CMD ["-h"]

README.md

@@ -50,8 +50,8 @@ SploitScan is a powerful and user-friendly tool designed to streamline the proce
 - **Multi-CVE Support and Export Options**  
   Work with multiple CVEs at once and export the results to HTML, JSON, or CSV formats.
 
-- **Vulnerability Scanner Import**  
-  Import scan results from popular vulnerability scanners (Nessus, Nexpose, OpenVAS, Docker) to directly search for known exploits.
+- **Vulnerability Scanner Import**
+  Import scan results from popular vulnerability scanners (Nessus, Nexpose, OpenVAS, Docker) to directly search for known exploits. Now supports directory-based import with `--input-dir` for batch processing multiple reports.
 
 - **Granular Method Selection**  
   Choose which specific data retrieval methods to run (such as CISA, EPSS, HackerOne, AI, etc.) so you only get the information you need.
@@ -180,9 +180,10 @@ options:
   -m METHODS, --methods METHODS
                         Specify which methods to run, separated by commas (e.g., 'cisa,epss,hackerone,ai,prio,references').
   -i IMPORT_FILE, --import-file IMPORT_FILE
-                        Path to an import file. When provided, positional CVE IDs can be omitted. The file should be a plain text list with one CVE per line.
+                         Path to an import file. When provided, positional CVE IDs can be omitted. The file should be a plain text list with one CVE per line.
+  --input-dir INPUT_DIR  Path to a directory containing vulnerability reports to scan for CVE IDs.
   -c CONFIG, --config CONFIG
-                        Path to a custom configuration file.
+                         Path to a custom configuration file.
   -d, --debug           Enable debug output.
 ```
 
@@ -277,6 +278,14 @@ Specify the type: 'nessus', 'nexpose', 'openvas', or 'docker' and provide the fi
 sploitscan --import-file path/to/yourfile.nessus --type nessus
 ```
 
+### Import from Directory
+
+Scan an entire directory recursively for vulnerability reports and extract CVE IDs from all files.
+
+```bash
+sploitscan --input-dir path/to/reports/directory
+```
+
 ### Select Specific Methods
 
 To run only specific data retrieval methods (e.g., CISA, EPSS, AI risk assessment), use the `-m` argument:
@@ -413,6 +422,7 @@ Special thanks to:
 - [davidfortytwo](https://github.com/davidfortytwo) for enhancements (Updated CVE retrieval and PacketStorm addition).
 - [con-f-use](https://github.com/con-f-use) for support and fixes with setuptools/PyPi.
 - [Martijn Russchen](https://github.com/martijnrusschen) for his feedback and idea on HackerOne GraphQL.
+- [diwskx](https://github.com/diwskx) for the directory import feature and Docker improvements.
 
 ## 📌 Author
 

sploitscan/cli.py

@@ -35,7 +35,7 @@
 from .ai import get_risk_assessment
 from .repo import clone_cvelistV5_repo
 from .search import search_cve_by_keywords
-from .importers import import_vulnerability_data
+from .importers import import_vulnerability_data, import_vulnerability_data_from_dir
 from .exporters.html_exporter import export_to_html
 from .exporters.json_exporter import export_to_json
 from .exporters.csv_exporter import export_to_csv
@@ -145,6 +145,7 @@ def main(
     methods: Optional[str] = None,
     debug: bool = False,
     fast_mode: bool = False,
+    input_dir: Optional[str] = None,
 ) -> None:
     """
     Orchestrate SploitScan workflow for one or more CVE IDs.
@@ -166,6 +167,13 @@ def main(
             return
         cve_ids = imported_ids
 
+    if input_dir:
+        imported_ids_from_dir = import_vulnerability_data_from_dir(input_dir)
+        if not imported_ids_from_dir:
+            print("❌ No valid CVE IDs found in the provided directory.")
+            return
+        cve_ids = imported_ids_from_dir
+
     if not cve_ids:
         print("❌ No CVE IDs provided. Please provide CVE IDs or an import file.")
         return
@@ -352,6 +360,11 @@ def cli() -> None:
         type=str,
         help="Path to an import file. When provided, positional CVE IDs can be omitted. The file should be a plain text list with one CVE per line.",
     )
+    parser.add_argument(
+        "--input-dir",
+        type=str,
+        help="Path to a directory containing vulnerability reports to scan for CVE IDs.",
+    )
     parser.add_argument("-c", "--config", type=str, help="Path to a custom configuration file.")
     parser.add_argument("-d", "--debug", action="store_true", help="Enable debug output.")
 
@@ -378,4 +391,5 @@ def cli() -> None:
         methods=args.methods,
         debug=args.debug,
         fast_mode=args.fast_mode,
+        input_dir=args.input_dir,
     )

sploitscan/constants.py

@@ -5,7 +5,7 @@
 from typing import Dict
 
 # Version
-VERSION: str = "0.14.0"
+VERSION: str = "0.14.2"
 
 # ANSI Colors
 BLUE: str = "\033[94m"

sploitscan/importers/__init__.py

@@ -111,4 +111,36 @@ def import_vulnerability_data(file_path: str, file_type: Optional[str] = None) -
         return import_file(file_path, parse_docker_file)
 
     print(f"❌ Unsupported file type: {file_type}")
-    return []
+    return []
+
+
+def import_vulnerability_data_from_dir(dir_path: str) -> List[str]:
+    if not os.path.exists(dir_path):
+        print(f"❌ Error: The directory '{dir_path}' does not exist.")
+        return []
+    if not os.path.isdir(dir_path):
+        print(f"❌ Error: '{dir_path}' is not a directory. Use --input-dir with a directory path.")
+        return []
+
+    p = pathlib.Path(dir_path, encoding='utf-8').glob('**/*')
+    reports_list = [str(x) for x in p if x.is_file()]
+
+    cve_ids_list = []
+
+    for report_path in reports_list:
+        cve_ids_list.extend(import_file(report_path, parse_cve_in_report))
+
+    unique_cve_ids = list(set(cve_ids_list))
+    print(f"📥 Successfully imported {len(unique_cve_ids)} CVE(s) from '{dir_path}'\n")
+    return unique_cve_ids
+
+
+def parse_cve_in_report(file):
+    cve_pattern = r'CVE-\d{4}-\d{4,7}'
+    try:
+        content = file.read()
+        return [cve.upper() for cve in re.findall(cve_pattern, content, re.IGNORECASE)]
+
+    except Exception as e:
+        print(f"❌ Error reading file '{file}': {e}")
+        return []

sploitscan/templates/report_template.html

@@ -229,7 +229,7 @@
             <h1 class="text-lg font-semibold tracking-tight">SploitScan</h1>
             <p class="text-xs muted">Modern CVE & Exploit Aggregation Report</p>
           </div>
-          <span class="badge bg-gray-100 text-gray-700 dark:bg-gray-700 dark:text-gray-200">{{ "v" }}{{ 0 }}{{ "." }}{{ 14 }}{{ "." }}{{ 0 }}</span>
+          <span class="badge bg-gray-100 text-gray-700 dark:bg-gray-700 dark:text-gray-200">{{ "v" }}{{ 0 }}{{ "." }}{{ 14 }}{{ "." }}{{ 2 }}</span>
         </div>
         <div class="flex items-center gap-2 no-print">
           <button id="themeToggle" class="inline-flex items-center gap-2 rounded-md border border-gray-300 bg-white px-3 py-1.5 text-sm font-medium hover:bg-gray-50 dark:border-gray-700 dark:bg-gray-800 dark:hover:bg-gray-700">

sploitscan/utils.py

@@ -45,4 +45,6 @@ def generate_filename(cve_ids: Iterable[str], extension: str) -> str:
     ids: List[str] = list(cve_ids)
     cve_part = "_".join(ids[:3]) + ("_and_more" if len(ids) > 3 else "")
     cve_part = cve_part or "report"
-    return f"{ts}_{cve_part}_export.{extension.lower()}"
+    base_dir = "/results" if os.path.exists('/results') else "."
+    filename = os.path.join(base_dir, f"{ts}_{cve_part}_export.{extension.lower()}")
+    return filename