Community Preview — v0.1.0

Know what to patch first.

Prioritize 5,000+ vulnerabilities in seconds using CISA KEV, FIRST EPSS, and CVSS — without uploading your data.

Get Started View on GitHub

$ pip install vulnpilot

Open Source
MIT License
Available on PyPI
Local-first
No API keys required
📄
Upload
Your Nessus scan.csv
Prioritize
5,000+ findings in seconds
🎯
Patch
KEV vulnerabilities first
vulnpilot analyze scan.csv
$ vulnpilot analyze scan.csv
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
VulnPilot by PatchVex — Vulnerability Prioritization
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 
Total findings        : 5,482
Unique hosts          : 47
 
Critical              : 142
High                 : 386
Medium               : 1,520
 
KEV matches (exploited now) : 19
EPSS ≥ 90% (high risk)    : 31
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 
TOP 5 PRIORITIZED FINDINGS
 
#    Score  Priority     Host              CVE                Finding
─────────────────────────────────────────────────────────────────────
1    100.0  CRITICAL NOW  192.168.1.10      CVE-2021-44228     Log4Shell ★KEV
2    100.0  CRITICAL NOW  192.168.1.25      CVE-2023-34362     MOVEit SQLi ★KEV
3    99.8   CRITICAL NOW  192.168.1.15      CVE-2020-1472      Zerologon ★KEV
4    99.7   CRITICAL NOW  192.168.1.11      CVE-2021-26084     Confluence RCE ★KEV
5    11.5   LOW           192.168.1.10      N/A                SSH Weak Ciphers
 
★ KEV = CISA Known Exploited — highest remediation priority.
Local-first
Data never leaves your machine
Open Source
MIT licensed, inspect every line
Daily Feeds
KEV + EPSS updated automatically
No Keys
No API keys or accounts required

Built for

Security Engineers
DevSecOps Teams
SOC Analysts
Infrastructure Engineers
Vulnerability Management Teams
Pentesters

Why VulnPilot?

CVSS scores alone do not tell you what is actively being exploited right now. VulnPilot combines three signals to give you a definitive remediation order.

Traditional workflowVulnPilot
Sort thousands of CVEs manually Prioritized automatically in seconds
CVSS score only KEV + EPSS + CVSS composite
Hours of analysis per scan cycle Results in seconds
Upload to cloud services Runs entirely on your machine
Enterprise-only platforms Free and open source

How it works

VulnPilot cross-references your Nessus scan output against three public data sources — all processed locally. No vulnerability data is transmitted outside your environment.

        Public Threat Intelligence
    +-------------------------------+
    |  CISA KEV      FIRST EPSS     |
    +---------------+---------------+
                    |
            vulnpilot update-feeds
                    |
        ~/.vulnpilot/feeds/ (local cache)
                    |
            vulnpilot analyze
                    |
    Nessus CSV (Local Machine Only)
                    |
       Composite Risk Engine
                    |
       Prioritized Findings

What's included

🔒
Local-first
All analysis runs on your machine. Scan data never leaves your environment. Ever.
CISA KEV enrichment
Instantly flags findings confirmed exploited in the wild right now.
📊
FIRST EPSS scoring
Adds exploitation probability so you focus on what's likely to be exploited next.
🎯
Composite scoring
KEV + EPSS + CVSS combined into one actionable priority score per finding.
🖥️
Top hosts ranking
Ranks hosts by aggregate risk so you know which servers need attention first.
🔄
Daily feed updates
KEV and EPSS feeds update automatically. No API keys required.

Powered by public threat intelligence from

Scoring model

The composite score is intentionally opinionated and fully transparent. Known exploited vulnerabilities receive the greatest weight because active exploitation is a stronger predictor of remediation priority than severity alone.

SignalWeightSource
CISA KEV match40%Known exploited in the wild
FIRST EPSS score35%Exploitation probability
CVSS base score15%Severity context
Scanner risk rating10%Nessus severity label

VulnPilot provides prioritization guidance to assist remediation workflows. Final decisions should always consider asset criticality, business context, and organizational risk tolerance.

Roadmap

Development priorities are driven by community feedback and real-world usage.

v0.1.0 ✓ Done
Community Preview
CLI, KEV, EPSS, PyPI
v0.2.0 ✓ Done
HTML Reports
Shareable export
v0.3.0
Jira Integration
Auto-create tickets
v0.4.0
Qualys Support
Multi-scanner
v1.0.0
Enterprise Edition
Team features, SSO

Get started

Install with pip. Requires Python 3.10, 3.11, or 3.12. Three steps.

Step 1 — Install
pip install vulnpilot
Install from PyPI. Zero dependencies.
Step 2 — Update feeds
vulnpilot update-feeds
Download latest KEV and EPSS data.
Step 3 — Analyze
vulnpilot analyze scan.csv
See prioritized findings instantly.
Install on PyPI View on GitHub

Frequently asked questions

Does VulnPilot upload my scan data?
No. All analysis runs locally on your machine. Only public threat intelligence feeds are downloaded. Your vulnerability data never leaves your environment.
Does it work offline or air-gapped?
Yes, after the initial feed download. Run vulnpilot update-feeds once to cache locally. After that, analysis works completely offline.
Is it open source?
Yes. VulnPilot is MIT licensed. Inspect every line of code, fork it, and contribute on GitHub.
Which scanners are supported?
Currently Nessus CSV exports. Qualys, Rapid7, and OpenVAS support is planned.
How often are the threat feeds updated?
CISA KEV and FIRST EPSS feeds update daily via GitHub Actions. Run vulnpilot update-feeds to pull the latest data anytime.
Can I use it commercially?
Yes. The MIT license permits commercial use without restriction.