Find Indicators of compromise (IOCs) from a CVE

CVE / VulnerabilityIOC (Indicator of Compromise)

Have a CVE? These OSINT tools take a CVE as input and return indicators of compromise (IOCs). 30 tools in our catalogue make this exact pivot — compare them by pricing, platform, and what they output, then chain the results into the next step of your investigation.

30tools

All CVE / Vulnerability tools

GreyNoise

Internet scanner reputation intelligence

Burp Suite icon

Burp Suite

a commercial web security testing platform for proxying, scanning, and analyz

CVE Details icon

CVE Details

a searchable vulnerability database for CVEs, vendors, products, versions, an

Can I Take Over XYZ icon

Can I Take Over XYZ

a community-maintained reference for identifying services vulnerable to subdo

Exploit-DB icon

Exploit-DB

a public exploit archive maintained by Offensive Security for vulnerability r

Greenbone Community Edition icon

Greenbone Community Edition

an open-source vulnerability scanning stack for identifying known issues acro

GreyNoise Visualizer icon

GreyNoise Visualizer

GreyNoise scan-trend visualisation

Grype

a vulnerability scanner for container images, filesystems, and software bills

Interactsh icon

Interactsh

an out-of-band interaction server used to verify blind vulnerabilities and ca

Jaeles

a signature-based web application scanner for detecting security issues and e

NVD

the U.S. National Vulnerability Database for CVEs, CPEs, CVSS scores, and ref

Nikto

a web server scanner for dangerous files, outdated software, and common misco

Nuclei

a template-based vulnerability scanner used to detect misconfigurations and e

Nuclei Templates icon

Nuclei Templates

a community template library used by Nuclei to identify vulnerabilities and m

OSV-Scanner icon

OSV-Scanner

a vulnerability scanner that checks dependencies against the Open Source Vuln

OWASP ZAP

an open-source web application security scanner and intercepting proxy for au

Packet Storm Security icon

Packet Storm Security

a long-running archive of exploits, advisories, tools, and security research

Qualys SSL Labs icon

Qualys SSL Labs

a web service for analyzing public TLS configuration and certificate deployme

Retire.js

a JavaScript dependency scanner that identifies vulnerable client-side librar

SSLyze

a Python scanner that analyzes SSL and TLS services for protocol and certific

Snyk

a developer security platform for scanning dependencies, containers, code, an

Subjack

a subdomain takeover scanner that checks dangling DNS records against known s

Syft

an SBOM generation tool for cataloging packages in containers, filesystems, a

Trivy

a security scanner for containers, dependencies, IaC, secrets, licenses, and

VulnCheck

a vulnerability intelligence platform focused on exploitability, weaponizatio

Vulners

a vulnerability intelligence database and API for CVEs, exploits, advisories,

WPScan

a WordPress security scanner for vulnerable plugins, themes, users, and confi

XSStrike

an XSS detection suite that analyzes parameters and application responses for

sqlmap

an automated SQL injection and database takeover testing tool for authorized

testssl.sh icon

testssl.sh

a command-line scanner for testing TLS and SSL configuration weaknesses

From cve / vulnerability, also find…

Report / Summary30

Find ioc (indicator of compromise) from other data

IP Address107 Domain Name104 URL90 Hash (MD5/SHA)61 Malware Sample31 Document / File16 Company Name6 Username6

All OSINT use cases & data types