Zero-Day Intelligence Integration

NEW in v3.5: Free Zero-Day Intelligence

Automatically enrich your scan results with real-time zero-day intelligence from CISA KEV, Exploit-DB, PoC-in-GitHub, and more - completely free with no authentication required.

CodePhreak now integrates with multiple authoritative sources to identify actively exploited vulnerabilities (zero-days) in your codebase. This feature provides enterprise-grade threat intelligence at 99.7% cost savings compared to proprietary intelligence feeds.

Quick Start

Basic Usage

# Scan with zero-day enrichment (FREE - no auth required)
codephreak-audit --target ./my-app --zero-day-check

# Combine with other workflows
codephreak-audit --workflow full-audit --zero-day-check --format sarif

Example Output

🔍 Enriching findings with zero-day intelligence...

🚨 ZERO-DAY ALERT: 2 vulnerabilities with active exploits detected!
   └─ 2 in CISA Known Exploited Vulnerabilities catalog

CVE-2024-12345 (CVSS 9.8) - Apache Log4j RCE
├─ Status: ACTIVELY EXPLOITED (CISA KEV)
├─ PoC Available: https://github.com/attacker/exploit
├─ Affected: backend/pom.xml (log4j-core 2.17.0)
└─ Action: Upgrade to 2.17.1+ immediately

📊 Zero-day intelligence: 1,493 CVEs tracked, cache age: 1.3h

Data Sources

CodePhreak aggregates intelligence from 6+ authoritative free sources:

1. CISA KEV Catalog

U.S. government authoritative source for actively exploited vulnerabilities

  • Coverage: 1,000+ CVEs
  • Update: Daily
  • Authority: CISA

2. Exploit-DB

50K+ proof-of-concept exploits from Offensive Security

  • Coverage: 50,000+ PoCs
  • Update: Real-time
  • Authority: Offensive Security

3. PoC-in-GitHub

Real-time GitHub repository monitoring for exploit code

  • Coverage: GitHub repos
  • Update: Hourly
  • Authority: Community

4. Vulners.com

Aggregated data from 190+ vulnerability sources

  • Coverage: 190+ sources
  • Update: Real-time
  • Authority: Aggregator

Key Features

Automatic Severity Upgrade

Vulnerabilities found in CISA KEV are automatically upgraded to CRITICAL severity, ensuring they receive immediate attention.

Intelligent Caching

Local cache with 4-hour refresh interval and 7-day TTL. Initial fetch takes 10-30 seconds, subsequent scans use cached data (<100ms).

Exploit Links & Remediation

Enriched findings include direct links to exploit code, CISA required actions, remediation due dates, and PoC repositories.

Privacy-First Design

All intelligence is fetched and cached locally. No source code is transmitted. Only CVE IDs are matched against the local database.

Python API

from codephreak.security_auditor.tools.zeroday import (
    ZeroDayFeedAggregator,
    fetch_zero_day_intelligence,
)

# Fetch zero-day intelligence
zero_day_vulns = fetch_zero_day_intelligence(force_refresh=True)

# Check specific CVE
aggregator = ZeroDayFeedAggregator()
if aggregator.is_zero_day("CVE-2024-12345"):
    print("⚠️ This CVE is actively exploited!")

# Enrich a finding
vuln = aggregator.enrich_finding("CVE-2024-12345")
if vuln:
    print(f"CVSS Score: {vuln.cvss_score}")
    print(f"In CISA KEV: {vuln.in_cisa_kev}")
    print(f"Exploit URLs: {vuln.exploit_urls}")

# Get statistics
stats = aggregator.get_statistics()
print(f"Total CVEs tracked: {stats['total_vulnerabilities']}")
print(f"CISA KEV count: {stats['cisa_kev_count']}")

Cost Advantage

99.7% Cost Savings vs. Enterprise Tools

ActivityCompetitorsCodePhreakSavings
Zero-day research team$1M-3M/year$0100%
Intelligence feeds$50K-200K/year$0100%
PoC testing infrastructure$100K-500K/year$10K/year98%
Total$1.15M-3.7M/year$10K/year99.7%

Configuration

Environment Variables

# Custom cache directory
export CODEPHREAK_ZERODAY_CACHE=/path/to/cache

# Force refresh interval (hours)
export CODEPHREAK_ZERODAY_REFRESH_HOURS=2

Config File

# ~/.config/codephreak/config.yaml
zero_day:
  enabled: true
  cache_dir: ~/.config/codephreak/zeroday_cache
  refresh_interval_hours: 4
  retention_days: 7
  sources:
    - cisa_kev
    - exploit_db
    - poc_in_github
    - vulners

Performance

10-30s
Initial fetch (all sources)
<100ms
Cached fetch (local)
1-5ms
Enrichment per finding

Related Documentation

SAST Scanning →

Static analysis security testing

Configuration →

Advanced configuration options

Need Help?

For detailed implementation information, see docs/ZERO_DAY_INTEGRATION.md in the repository.

Report Issues →View Source →