[02. November 2025] - Version 0.14.3

• Enhanced Patching Prioritization Calculation
• Dependabot added

Special thanks to Manuel Sommer for the improvements.

[18. October 2025] - Version 0.14.2

• Directory Import Feature
  Added support for importing CVE IDs from entire directories containing vulnerability reports. Use --input-dir to recursively scan directories and extract CVE IDs from all files. This complements the existing file import functionality and supports batch processing of multiple scanner reports.

• Docker Improvements
  Updated Dockerfile to Python 3.13, added virtual environment setup, installed git for repository operations, and created a dedicated /results directory for exports.

• Export Path Enhancement
  Modified export file generation to save results in /results directory when available.

Special thanks to diwskx for the directory import feature and Docker improvements.

[07. October 2025] - Version 0.14.0

• Modern modular refactor
  Reorganized the codebase into clear modules (fetchers, metrics, display, AI providers, importers, exporters, utils) while keeping the CLI usage and output intact. The legacy wrapper now safely delegates to the new CLI and supports both “python -m sploitscan” and direct script execution.

• Metasploit integration
  Added default Metasploit discovery via Rapid7’s modules_metadata_base.json with conditional caching. Only modules whose references contain the exact CVE ID are counted.

• HTML export redesign
  Complete report refresh with Tailwind (CDN) styling: dark mode toggle, sticky header, sidebar filters, sortable summary table, responsive detail cards, and a readable AI section. Kept a zero‑build setup; distro packagers can optionally ship a precompiled CSS for offline styling.

• Bug fixes & compatibility

[07. October 2025] - Version 0.14.1

• Modern modular refactor
  Reorganized the codebase into clear modules (fetchers, metrics, display, AI providers, importers, exporters, utils) while keeping the CLI usage and output intact. The legacy wrapper now safely delegates to the new CLI and supports both “python -m sploitscan” and direct script execution.

• Metasploit integration
  Added default Metasploit discovery via Rapid7’s modules_metadata_base.json with conditional caching. Only modules whose references contain the exact CVE ID are counted.

• HTML export redesign
  Complete report refresh with Tailwind (CDN) styling: dark mode toggle, sticky header, sidebar filters, sortable summary table, responsive detail cards, and a readable AI section. Kept a zero‑build setup; distro packagers can optionally ship a precompiled CSS for offline styling.

• Bug fixes & compatibility

• Google Gemini, xAI Grok & DeepSeek Integration
  Added support for multiple AI providers in risk assessment. Users can now choose between OpenAI ChatGPT, Google Gemini, Grok AI or DeepSeek via the new --ai option.

• Local CVE Database Update & Cloning
  Implemented update (--local) functionality for the CVE List V5 repository. SploitScan now clones (or pulls updates from) the full CVE List V5 repository locally.

• Keyword-Based CVE Search Across Sources
  Enhanced the search functionality to allow users to search for keywords via --keywords (e.g., "Apple") across both the local CVE database and remote sources (CISA and Nuclei Templates). All matching CVEs are automatically looked up by SploitScan to search for associated exploits.

• Fast Mode for Streamlined Output
  Introduced a fast mode (--fast-mode) that limits the output to only basic CVE information, bypassing additional lookups (such as public exploits, EPSS, and risk assessments) for quicker results.

• CVSS Parsing Enhancements
  Updated the extract_cvss_info() function to handle a broader range of CVSS fields: checks for CVSSv4.0, v3.1, v3.0, and v3 in that order, and then falls back to ADP entries if necessary.

• Date Parsing Unification
  Introduced a new parse_iso_date() helper. Replaced direct datetime.fromisoformat() calls throughout the code with this function for consistent date formatting, including error handling for trailing Z characters.

• VulnCheck Key Handling
  Improved error handling for the VulnCheck API key check—now returns a clearer error message if no VulnCheck key is configured.

• HTML Report Template Overhaul
  Updated and reformatted the HTML export template for improved readability and consistency. Enhanced the layout for displaying references, exploit details, and the AI-powered risk assessment. Moved to a more standardized code style.

• Refined Public Exploits Display
  Enhanced how exploit PoCs are sorted and displayed.

• Dependency Upgrades
  Updated requests (2.32.2 → 2.32.3), jinja2 (3.1.4 → 3.1.5), and openai (1.30.2 → 1.60.1) in requirements.txt.

• General Code Cleanup

  • Organized imports and method parameters for clarity (e.g., specifying params= in all relevant requests).
  • Tweaked debug output for loading the configuration file, making it more verbose and consistent.
  • Adjusted logic for selecting public exploits to be clearer and more maintainable.

• Method Selection Added: Introduced a new -m argument to allow users to selectively run specific methods (e.g., cisa, epss, hackerone, ai, prio, references). This enables more granular control over which data sources and assessments are retrieved for each CVE.
• Import List Auto-Detection: Added functionality to automatically detect and handle plain text CVE lists when using the -i option without specifying an import type (-t). If the file is detected as a plain text CVE list, it will import the CVE IDs directly without requiring a specific type.
• CSV Export Fix: Fixed an issue where CISA data was not properly exported to CSV. Now, all relevant CISA information is included in the exported CSV file.
• HTML Export Fix: Resolved an issue where NoneType errors caused the HTML export to fail. Improved error handling to ensure that missing or empty data does not interrupt the export process.

[13. August 2024] - Version 0.10.5

• General Improvements: Prevent IndexError by checking for non-empty lists before accessing elements.

[18. July 2024] - Version 0.10.4

• CVE ID Export: Fixed the display of the CVE ID not exporting in HTML.
• Enhanced CVE Retrieval: Fixed the retrieval of missing CVE information if nested differently.

• Main Function Refactoring: Refactored the main function into smaller, modular functions to improve maintainability and readability.
• Public Exploit Display Enhancements: Reworked the public exploit display to include the total number of exploits and better error handling.
• Improved Error Handling: Enhanced error handling for API key configurations and data fetching, especially for VulnCheck.