vulnerability_intelligence_agent

Running

App Files Files Community

daqc commited on 10 days ago

Commit

2e82565

1 Parent(s): 060c1c8

Vulnerabilty Intelligence PoC

Browse files

Files changed (31) hide show

.gitignore +63 -0
README.md +3 -1
USAGE.md +101 -0
agents/__init__.py +4 -0
agents/cisa_agent.py +22 -0
agents/coordinator_agent.py +117 -0
agents/cve_agent.py +22 -0
agents/cwe_agent.py +22 -0
agents/nvd_agent.py +22 -0
app.py +102 -54
coordinator_agent.py +23 -0
prompts.yaml +114 -103
requirements.txt +7 -1
tools/__init__.py +7 -0
tools/parsers.py +89 -0
tools/utils.py +146 -0
vulnerability_intelligence_agent/README.md +90 -0
vulnerability_intelligence_agent/__init__.py +6 -0
vulnerability_intelligence_agent/agents/__init__.py +10 -0
vulnerability_intelligence_agent/agents/cisa_agent.py +154 -0
vulnerability_intelligence_agent/agents/coordinator_agent.py +191 -0
vulnerability_intelligence_agent/agents/cve_agent.py +170 -0
vulnerability_intelligence_agent/agents/cwe_agent.py +171 -0
vulnerability_intelligence_agent/agents/nvd_agent.py +227 -0
vulnerability_intelligence_agent/example_input.json +14 -0
vulnerability_intelligence_agent/main.py +136 -0
vulnerability_intelligence_agent/requirements.txt +7 -0
vulnerability_intelligence_agent/tools/__init__.py +8 -0
vulnerability_intelligence_agent/tools/http_client.py +214 -0
vulnerability_intelligence_agent/tools/parsers.py +456 -0
vulnerability_intelligence_agent/tools/utils.py +301 -0

.gitignore ADDED Viewed

	@@ -0,0 +1,63 @@

+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+# Virtual Environment
+venv/
+env/
+ENV/
+# Reports generated by the agent
+reports/
+*.json
+*.md
+!README.md
+!USAGE.md
+!example_input.json
+# IDE files
+.idea/
+.vscode/
+*.swp
+*.swo
+.project
+.pydevproject
+.settings/
+# Environment variables
+.env
+# Jupyter Notebook
+.ipynb_checkpoints
+# Logs and databases
+*.log
+*.sqlite3
+# OS specific files
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db

README.md CHANGED Viewed

@@ -16,4 +16,6 @@ tags:
 - hacking
 ---
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference

 - hacking
 ---
+# Vulnerability Intelligence Agent (VIA)
+Vulnerability Intelligence Agent (VIA) es un agente inteligente diseñado para buscar y analizar vulnerabilidades en software.

USAGE.md ADDED Viewed

	@@ -0,0 +1,101 @@

+# Instrucciones de Uso - Vulnerability Intelligence Agent (VIA)
+## Requisitos previos
+Asegúrate de tener instaladas todas las dependencias necesarias:
+```bash
+pip install -r requirements.txt
+```
+## Uso Básico
+### Comprobar vulnerabilidades para un software específico
+Para buscar vulnerabilidades en un software y versión específicos:
+```bash
+python main.py --software "OpenSSL" --version "1.1.1k"
+```
+### Procesar un archivo de entrada con múltiples software
+Para procesar un archivo JSON que contiene una lista de software:
+```bash
+python main.py --input example_input.json
+```
+El archivo de entrada debe tener el siguiente formato:
+```json
+[
+  {
+    "name": "OpenSSL",
+    "version": "1.1.1k"
+  },
+  {
+    "name": "Apache",
+    "version": "2.4.54"
+  }
+]
+```
+### Especificar directorio de salida para los reportes
+Por defecto, los reportes se guardan en el directorio `reports`. Puedes especificar un directorio diferente:
+```bash
+python main.py --input example_input.json --output-dir my_reports
+```
+### Habilitar modo verboso
+Para obtener más información sobre lo que está haciendo el agente:
+```bash
+python main.py --software "OpenSSL" --version "1.1.1k" --verbose
+```
+### Especificar un modelo diferente
+Por defecto, el agente utiliza el modelo "Qwen/Qwen2.5-Coder-32B-Instruct". Puedes especificar un modelo diferente:
+```bash
+python main.py --software "OpenSSL" --version "1.1.1k" --model "otra-id-de-modelo"
+```
+## Formato de Salida
+El agente genera reportes en dos formatos:
+1. **JSON**: Contiene todos los datos estructurados de las vulnerabilidades encontradas.
+2. **Markdown**: Un reporte legible con información formateada sobre las vulnerabilidades.
+Los reportes se guardan en el directorio especificado (por defecto, `reports`) con un nombre de archivo basado en el software y la versión, más una marca de tiempo.
+## Ejemplos
+### Ejemplo 1: Buscar vulnerabilidades en OpenSSL 1.1.1k
+```bash
+python main.py --software "OpenSSL" --version "1.1.1k"
+```
+### Ejemplo 2: Procesar varios software desde un archivo
+```bash
+python main.py --input example_input.json --verbose
+```
+### Ejemplo 3: Guardar reportes en un directorio específico
+```bash
+python main.py --input example_input.json --output-dir vulnerability_reports
+```
+## Notas
+- El agente limita las solicitudes a las bases de datos de vulnerabilidades para evitar problemas de limitación de tasa.
+- Para consultas de software con muchas vulnerabilidades conocidas, el proceso puede tardar varios minutos.
+- Si el agente encuentra muchas vulnerabilidades, solo mostrará las más críticas en la salida de la consola, pero todas se incluirán en los reportes generados.

agents/__init__.py ADDED Viewed

	@@ -0,0 +1,4 @@

+"""
+Vulnerability Intelligence Agent (VIA) - Agents Package.
+This package contains specialized agents for querying different vulnerability databases.
+"""

agents/cisa_agent.py ADDED Viewed

	@@ -0,0 +1,22 @@

+"""
+Agent for searching the CISA Known Exploited Vulnerabilities (KEV) catalog.
+"""
+from typing import Dict, List, Any, Optional
+def search_cisa_kev_for_software(software: str, version: str) -> Dict[str, Any]:
+    """
+    Search for CISA KEV entries related to a specific software and version.
+    Args:
+        software: Name of the software to search for
+        version: Version of the software to search for
+    Returns:
+        Dictionary with CISA KEV information for the software and version
+    """
+    # Simplified mock implementation
+    return {
+        "software": software,
+        "version": version,
+        "vulnerabilities": []
+    }

agents/coordinator_agent.py ADDED Viewed

	@@ -0,0 +1,117 @@

+"""
+Coordinator Agent module for vulnerability intelligence.
+This agent is responsible for coordinating the other agents and generating the final report.
+"""
+import json
+import time
+import logging
+from typing import Dict, List, Any, Optional, Union
+from smolagents import tool
+from tools import utils
+from tools.parsers import CWEParser
+from . import cve_agent, nvd_agent, cisa_agent, cwe_agent
+logger = utils.setup_logger("coordinator_agent")
+@tool
+def search_vulnerabilities_for_software(software: str, version: str) -> Dict[str, Any]:
+    """
+    Search for vulnerabilities related to a specific software and version across all sources.
+    Args:
+        software: Name of the software to search for
+        version: Version of the software to search for
+    Returns:
+        Dictionary with vulnerability information for the software and version from all sources
+    """
+    logger.info(f"Searching for vulnerabilities for {software} version {version}")
+    # Initialize results from each source
+    results = []
+    # Search NVD
+    logger.info("Searching NVD...")
+    nvd_results = nvd_agent.search_nvd_for_software(software, version)
+    if nvd_results.get("vulnerabilities"):
+        logger.info(f"Found {len(nvd_results['vulnerabilities'])} vulnerabilities in NVD")
+        results.append(nvd_results)
+    # Search CVE
+    logger.info("Searching CVE...")
+    cve_results = cve_agent.search_cve_for_software(software, version)
+    if cve_results.get("vulnerabilities"):
+        logger.info(f"Found {len(cve_results['vulnerabilities'])} vulnerabilities in CVE")
+        results.append(cve_results)
+    # Search CISA KEV
+    logger.info("Searching CISA KEV...")
+    cisa_results = cisa_agent.search_cisa_kev_for_software(software, version)
+    if cisa_results.get("vulnerabilities"):
+        logger.info(f"Found {len(cisa_results['vulnerabilities'])} vulnerabilities in CISA KEV")
+        results.append(cisa_results)
+    # Merge the results
+    merged_results = utils.merge_vulnerability_data(results)
+    # Enhance with CWE information
+    for vuln in merged_results.get("vulnerabilities", []):
+        if "description" in vuln:
+            # Try to extract CWEs from the description
+            cwe_ids = CWEParser.extract_cwe_from_cve(vuln["description"])
+            if cwe_ids:
+                cwe_details = []
+                for cwe_id in cwe_ids[:3]:  # Limit to 3 CWEs to avoid too many requests
+                    cwe_detail = cwe_agent.get_cwe_details(cwe_id)
+                    if "error" not in cwe_detail:
+                        cwe_details.append(cwe_detail)
+                    time.sleep(1)  # Add a short delay between CWE lookups
+                if cwe_details:
+                    vuln["related_cwe"] = cwe_details
+    # Generate report
+    if merged_results.get("vulnerabilities"):
+        report_filename = f"{software.lower().replace(' ', '_')}_{version}"
+        utils.save_report(merged_results, report_filename)
+        utils.generate_markdown_report(merged_results, report_filename)
+    return merged_results
+@tool
+def get_vulnerability_details(cve_id: str) -> Dict[str, Any]:
+    """
+    Get detailed information about a specific vulnerability.
+    Args:
+        cve_id: CVE ID to get details for
+    Returns:
+        Dictionary with detailed information about the vulnerability
+    """
+    logger.info(f"Getting details for {cve_id}")
+    # Mock response - in a real implementation, this would query actual sources
+    if cve_id == "CVE-2021-44228":  # Log4Shell
+        return {
+            "id": "CVE-2021-44228",
+            "description": "Log4j es vulnerable a la ejecución remota de código (RCE) porque permite la sustitución de búsquedas JNDI, que pueden exponerse a través de campos controlados por el usuario en solicitudes HTTP, encabezados o mensajes de registro.",
+            "severity": "CRITICAL",
+            "cvss": "10.0",
+            "date": "2021-12-10",
+            "recommendation": "Actualizar a Log4j 2.15.0 o posterior",
+            "affected_versions": "Log4j 2.0 hasta 2.14.1",
+            "source": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
+            "related_cwe": ["CWE-20", "CWE-400", "CWE-502"]
+        }
+    else:
+        return {
+            "id": cve_id,
+            "description": "No se encontraron detalles para este ID de CVE.",
+            "source": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=" + cve_id
+        }
+# ... existing code ...

agents/cve_agent.py ADDED Viewed

	@@ -0,0 +1,22 @@

+"""
+Agent for searching the Common Vulnerabilities and Exposures (CVE) database.
+"""
+from typing import Dict, List, Any, Optional
+def search_cve_for_software(software: str, version: str) -> Dict[str, Any]:
+    """
+    Search for CVE entries related to a specific software and version.
+    Args:
+        software: Name of the software to search for
+        version: Version of the software to search for
+    Returns:
+        Dictionary with CVE information for the software and version
+    """
+    # Simplified mock implementation
+    return {
+        "software": software,
+        "version": version,
+        "vulnerabilities": []
+    }

agents/cwe_agent.py ADDED Viewed

	@@ -0,0 +1,22 @@

+"""
+Agent for retrieving Common Weakness Enumeration (CWE) details.
+"""
+from typing import Dict, List, Any, Optional
+def get_cwe_details(cwe_id: str) -> Dict[str, Any]:
+    """
+    Get details about a specific CWE.
+    Args:
+        cwe_id: CWE ID to get details for (e.g., 'CWE-79')
+    Returns:
+        Dictionary with CWE details
+    """
+    # Simplified mock implementation
+    return {
+        "id": cwe_id,
+        "name": "Generic Weakness",
+        "description": "This is a placeholder for CWE details.",
+        "source": f"https://cwe.mitre.org/data/definitions/{cwe_id.replace('CWE-', '')}.html"
+    }

agents/nvd_agent.py ADDED Viewed

	@@ -0,0 +1,22 @@

+"""
+Agent for searching the National Vulnerability Database (NVD).
+"""
+from typing import Dict, List, Any, Optional
+def search_nvd_for_software(software: str, version: str) -> Dict[str, Any]:
+    """
+    Search for NVD entries related to a specific software and version.
+    Args:
+        software: Name of the software to search for
+        version: Version of the software to search for
+    Returns:
+        Dictionary with NVD information for the software and version
+    """
+    # Simplified mock implementation
+    return {
+        "software": software,
+        "version": version,
+        "vulnerabilities": []
+    }

app.py CHANGED Viewed

@@ -1,65 +1,113 @@
-from smolagents import CodeAgent,DuckDuckGoSearchTool, HfApiModel,load_tool,tool
-import datetime
-import requests
-import pytz
-import yaml
-from tools.final_answer import FinalAnswerTool
-from Gradio_UI import GradioUI
-# Hola prueba
-# Below is an example of a tool that does nothing. Amaze us with your creativity !
-@tool
-def my_cutom_tool(arg1:str, arg2:int)-> str: #it's import to specify the return type
-    #Keep this format for the description / args / args description but feel free to modify the tool
-    """A tool that does nothing yet
-    Args:
-        arg1: the first argument
-        arg2: the second argument
-    """
-    return "What magic will you build ?"
-@tool
-def get_current_time_in_timezone(timezone: str) -> str:
-    """A tool that fetches the current local time in a specified timezone.
-    Args:
-        timezone: A string representing a valid timezone (e.g., 'America/New_York').
-    """
-    try:
-        # Create timezone object
-        tz = pytz.timezone(timezone)
-        # Get current time in that timezone
-        local_time = datetime.datetime.now(tz).strftime("%Y-%m-%d %H:%M:%S")
-        return f"The current local time in {timezone} is: {local_time}"
-    except Exception as e:
-        return f"Error fetching time for timezone '{timezone}': {str(e)}"
-final_answer = FinalAnswerTool()
-model = HfApiModel(
-max_tokens=2096,
-temperature=0.5,
-model_id='Qwen/Qwen2.5-Coder-32B-Instruct',
-custom_role_conversions=None,
 )
-# Import tool from Hub
-image_generation_tool = load_tool("agents-course/text-to-image", trust_remote_code=True)
-with open("prompts.yaml", 'r') as stream:
-    prompt_templates = yaml.safe_load(stream)
-agent = CodeAgent(
-    model=model,
-    tools=[final_answer], ## add your tools here (don't remove final answer)
-    max_steps=6,
-    verbosity_level=1,
-    grammar=None,
-    planning_interval=None,
-    name=None,
-    description=None,
-    prompt_templates=prompt_templates
-)
-GradioUI(agent).launch()

+#!/usr/bin/env python3
+"""
+Gradio UI for the Vulnerability Intelligence Agent (VIA).
+This provides a chat interface to interact with the VIA using natural language.
+"""
+import os
+import sys
+import argparse
+import logging
+from typing import Dict, List, Any, Optional
+import gradio as gr
+from smolagents import CodeAgent, HfApiModel, GradioUI
+from smolagents.tools import load_tool, tool
+# Asegurarse de que el directorio actual esté en sys.path para que los imports funcionen
+sys.path.append(os.path.dirname(os.path.abspath(__file__)))
+from agents.coordinator_agent import search_vulnerabilities_for_software, get_vulnerability_details
+from tools import utils
+# Configure logging
+logging.basicConfig(
+    level=logging.INFO,
+    format="%(asctime)s - %(name)s - %(levelname)s - %(message)s",
 )
+logger = utils.setup_logger("gradio_ui")
+# Cargar las herramientas básicas usando las que ya existen en smolagents
+final_answer = load_tool("smolagents/final_answer", trust_remote_code=True)
+def get_agent_description():
+    """
+    Get the description for the agent.
+    """
+    return """
+    # 🔐 Vulnerability Intelligence Agent (VIA)
+    I am an intelligent agent designed to help you find vulnerabilities in software and systems.
+    ## What I can do:
+    - Search for known vulnerabilities in software by name and version
+    - Provide detailed information about specific vulnerabilities (CVE, CWE, etc.)
+    - Generate reports about vulnerabilities
+    ## How to use me:
+    - Ask about vulnerabilities in specific software, e.g., "Find vulnerabilities in OpenSSL 1.1.1k"
+    - Ask about a specific vulnerability, e.g., "Tell me about CVE-2021-44228"
+    - Use natural language to describe what you're looking for
+    ## Examples:
+    - "What vulnerabilities exist in Apache 2.4.54?"
+    - "Are there any critical vulnerabilities in log4j 2.14.1?"
+    - "Give me details about CVE-2021-44228"
+    - "What security issues should I be aware of in OpenSSL 1.1.1k?"
+    """
+def create_parser():
+    """Create command line argument parser."""
+    parser = argparse.ArgumentParser(description="Vulnerability Intelligence Agent (VIA) UI")
+    parser.add_argument("--port", type=int, default=7860, help="Port to run the Gradio app on")
+    parser.add_argument("--host", type=str, default="127.0.0.1", help="Host to run the Gradio app on")
+    parser.add_argument("--model", type=str, default="Qwen/Qwen2.5-Coder-32B-Instruct",
+                        help="HuggingFace model ID to use")
+    parser.add_argument("--share", action="store_true", help="Create a public link")
+    parser.add_argument("--verbose", action="store_true", help="Enable verbose logging")
+    return parser
+def main():
+    """Main entry point for the Gradio UI."""
+    args = create_parser().parse_args()
+    # Configure logging level
+    log_level = logging.DEBUG if args.verbose else logging.INFO
+    logging.basicConfig(level=log_level)
+    # Initialize the model
+    model = HfApiModel(
+        max_tokens=2096,
+        temperature=0.5,
+        model_id=args.model,
+        custom_role_conversions=None,
+    )
+    # Initialize the agent con las herramientas ya existentes y las que hemos creado
+    agent = CodeAgent(
+        model=model,
+        tools=[search_vulnerabilities_for_software, get_vulnerability_details, final_answer],
+        max_steps=10,
+        verbosity_level=2 if args.verbose else 1,
+    )
+    # Create Gradio UI
+    ui = GradioUI(agent)
+    # Launch the UI
+    ui.launch(
+        share=args.share,
+        server_name=args.host,
+        server_port=args.port,
+        show_api=False,
+        favicon_path=None,
+        allowed_paths=[],
+        app_kwargs={
+            "title": "🔐 Vulnerability Intelligence Agent (VIA)",
+            "description": get_agent_description(),
+            "theme": gr.themes.Base(),
+        },
+    )
+if __name__ == "__main__":
+    main()

coordinator_agent.py ADDED Viewed

	@@ -0,0 +1,23 @@

+"""
+Coordinator Agent module for vulnerability intelligence.
+This agent is responsible for coordinating the other agents and generating the final report.
+"""
+import json
+import time
+import argparse
+from typing import Dict, List, Any, Optional, Union
+from smolagents import tool
+from ..tools import utils
+from ..tools.parsers import CWEParser
+from . import cve_agent, nvd_agent, cisa_agent, cwe_agent
+logger = utils.setup_logger("coordinator_agent")
+# Enhance with CWE information
+for vuln in merged_results.get("vulnerabilities", []):
+    if "description" in vuln:
+        # Try to extract CWEs from the description
+        cwe_ids = CWEParser.extract_cwe_from_cve(vuln["description"])
+        if cwe_ids:
+            # ... rest of the code ...

prompts.yaml CHANGED Viewed

@@ -9,139 +9,149 @@
   These print outputs will then appear in the 'Observation:' field, which will be available as input for the next step.
   In the end you have to return a final answer using the `final_answer` tool.
-  Here are a few examples using notional tools:
   ---
-  Task: "Generate an image of the oldest person in this document."
-  Thought: I will proceed step by step and use the following tools: `document_qa` to find the oldest person in the document, then `image_generator` to generate an image according to the answer.
   Code:
   ```py
-  answer = document_qa(document=document, question="Who is the oldest person mentioned?")
-  print(answer)
   ```<end_code>
-  Observation: "The oldest person in the document is John Doe, a 55 year old lumberjack living in Newfoundland."
-  Thought: I will now generate an image showcasing the oldest person.
   Code:
   ```py
-  image = image_generator("A portrait of John Doe, a 55-year-old man living in Canada.")
-  final_answer(image)
   ```<end_code>
   ---
-  Task: "What is the result of the following operation: 5 + 3 + 1294.678?"
-  Thought: I will use python code to compute the result of the operation and then return the final answer using the `final_answer` tool
   Code:
   ```py
-  result = 5 + 3 + 1294.678
-  final_answer(result)
   ```<end_code>
-  ---
-  Task:
-  "Answer the question in the variable `question` about the image stored in the variable `image`. The question is in French.
-  You have been provided with these additional arguments, that you can access using the keys as variables in your python code:
-  {'question': 'Quel est l'animal sur l'image?', 'image': 'path/to/image.jpg'}"
-  Thought: I will use the following tools: `translator` to translate the question into English and then `image_qa` to answer the question on the input image.
   Code:
   ```py
-  translated_question = translator(question=question, src_lang="French", tgt_lang="English")
-  print(f"The translated question is {translated_question}.")
-  answer = image_qa(image=image, question=translated_question)
-  final_answer(f"The answer is {answer}")
   ```<end_code>
   ---
-  Task:
-  In a 1979 interview, Stanislaus Ulam discusses with Martin Sherwin about other great physicists of his time, including Oppenheimer.
-  What does he say was the consequence of Einstein learning too much math on his creativity, in one word?
-  Thought: I need to find and read the 1979 interview of Stanislaus Ulam with Martin Sherwin.
   Code:
   ```py
-  pages = search(query="1979 interview Stanislaus Ulam Martin Sherwin physicists Einstein")
-  print(pages)
   ```<end_code>
-  Observation:
-  No result found for query "1979 interview Stanislaus Ulam Martin Sherwin physicists Einstein".
-  Thought: The query was maybe too restrictive and did not find any results. Let's try again with a broader query.
   Code:
   ```py
-  pages = search(query="1979 interview Stanislaus Ulam")
-  print(pages)
   ```<end_code>
-  Observation:
-  Found 6 pages:
-  [Stanislaus Ulam 1979 interview](https://ahf.nuclearmuseum.org/voices/oral-histories/stanislaus-ulams-interview-1979/)
-  [Ulam discusses Manhattan Project](https://ahf.nuclearmuseum.org/manhattan-project/ulam-manhattan-project/)
-  (truncated)
-  Thought: I will read the first 2 pages to know more.
-  Code:
-  ```py
-  for url in ["https://ahf.nuclearmuseum.org/voices/oral-histories/stanislaus-ulams-interview-1979/", "https://ahf.nuclearmuseum.org/manhattan-project/ulam-manhattan-project/"]:
-      whole_page = visit_webpage(url)
-      print(whole_page)
-      print("\n" + "="*80 + "\n")  # Print separator between pages
-  ```<end_code>
-  Observation:
-  Manhattan Project Locations:
-  Los Alamos, NM
-  Stanislaus Ulam was a Polish-American mathematician. He worked on the Manhattan Project at Los Alamos and later helped design the hydrogen bomb. In this interview, he discusses his work at
-  (truncated)
-  Thought: I now have the final answer: from the webpages visited, Stanislaus Ulam says of Einstein: "He learned too much mathematics and sort of diminished, it seems to me personally, it seems to me his purely physics creativity." Let's answer in one word.
-  Code:
-  ```py
-  final_answer("diminished")
-  ```<end_code>
-  ---
-  Task: "Which city has the highest population: Guangzhou or Shanghai?"
-  Thought: I need to get the populations for both cities and compare them: I will use the tool `search` to get the population of both cities.
-  Code:
-  ```py
-  for city in ["Guangzhou", "Shanghai"]:
-      print(f"Population {city}:", search(f"{city} population")
-  ```<end_code>
-  Observation:
-  Population Guangzhou: ['Guangzhou has a population of 15 million inhabitants as of 2021.']
-  Population Shanghai: '26 million (2019)'
-  Thought: Now I know that Shanghai has the highest population.
-  Code:
-  ```py
-  final_answer("Shanghai")
-  ```<end_code>
-  ---
-  Task: "What is the current age of the pope, raised to the power 0.36?"
-  Thought: I will use the tool `wiki` to get the age of the pope, and confirm that with a web search.
-  Code:
-  ```py
-  pope_age_wiki = wiki(query="current pope age")
-  print("Pope age as per wikipedia:", pope_age_wiki)
-  pope_age_search = web_search(query="current pope age")
-  print("Pope age as per google search:", pope_age_search)
-  ```<end_code>
-  Observation:
-  Pope age: "The pope Francis is currently 88 years old."
-  Thought: I know that the pope is 88 years old. Let's compute the result using python code.
-  Code:
-  ```py
-  pope_current_age = 88 ** 0.36
-  final_answer(pope_current_age)
-  ```<end_code>
-  Above example were using notional tools that might not exist for you. On top of performing computations in the Python code snippets that you create, you only have access to these tools:
   {%- for tool in tools.values() %}
   - {{ tool.name }}: {{ tool.description }}
       Takes inputs: {{tool.inputs}}
@@ -172,6 +182,7 @@
   10. Don't give up! You're in charge of solving the task, not providing directions to solve it.
   Now Begin! If you solve the task correctly, you will receive a reward of $1,000,000.
 "planning":
   "initial_facts": |-
     Below I will present you a task.

   These print outputs will then appear in the 'Observation:' field, which will be available as input for the next step.
   In the end you have to return a final answer using the `final_answer` tool.
+  You are the Vulnerability Intelligence Agent (VIA), a specialized AI designed to find and analyze software vulnerabilities.
+  Your goal is to provide accurate information about vulnerabilities in software systems by searching across multiple vulnerability databases.
+  When a user asks about vulnerabilities in a specific software or version, you should:
+  1. Extract the software name and version from the query
+  2. Use the search_vulnerabilities_for_software() function to find vulnerabilities
+  3. Present the results in a clear, structured format
+  4. For critical vulnerabilities, provide more detailed information
+  If the user asks about a specific CVE or vulnerability identifier, use get_vulnerability_details() to provide comprehensive information.
+  Always cite your sources and be clear about the limitations of your knowledge. If you're uncertain about something, acknowledge it.
+  Remember that security is critical - don't spread misinformation about vulnerabilities.
+  NEVER make up CVE identifiers, vulnerability details, or other security information.
+  Here are a few examples using vulnerability search tools:
   ---
+  Task: "Find vulnerabilities in OpenSSL 1.1.1k"
+  Thought: I need to search for vulnerabilities related to OpenSSL version 1.1.1k. I'll use the search_vulnerabilities_for_software function with the appropriate parameters.
   Code:
   ```py
+  results = search_vulnerabilities_for_software(software="OpenSSL", version="1.1.1k")
+  print(json.dumps(results, indent=2))
   ```<end_code>
+  Observation: {"software": "OpenSSL", "version": "1.1.1k", "vulnerabilities": [{"id": "CVE-2021-3450", "description": "The certificate X509 with CA extension enabled is not properly validated", "severity": "HIGH", "cvss": "7.4", "date": "2021-03-25", "source": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450"}]}
+  Thought: I found a critical vulnerability in OpenSSL 1.1.1k. I'll now create a comprehensive and formatted answer for the user.
   Code:
   ```py
+  final_answer(f"""
+  # Vulnerabilities in OpenSSL 1.1.1k
+  I've found **1 high severity vulnerability** in OpenSSL 1.1.1k:
+  ## CVE-2021-3450
+  - **Severity**: HIGH (CVSS: 7.4)
+  - **Published**: March 25, 2021
+  - **Description**: The certificate X509 with CA extension enabled is not properly validated, which could allow attackers to issue a malicious certificate that might be accepted as valid.
+  - **Recommendation**: Update to OpenSSL 1.1.1l or newer
+  - **Source**: [CVE-2021-3450](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450)
+  ## Recommendation
+  It is highly recommended to upgrade your OpenSSL installation to version 1.1.1l or newer to address this vulnerability.
+  """)
   ```<end_code>
   ---
+  Task: "Tell me about CVE-2021-44228"
+  Thought: I need to get details about a specific CVE identifier, CVE-2021-44228, which is commonly known as Log4Shell. I'll use the get_vulnerability_details function to retrieve information about this vulnerability.
   Code:
   ```py
+  details = get_vulnerability_details(cve_id="CVE-2021-44228")
+  print(json.dumps(details, indent=2))
   ```<end_code>
+  Observation: {"id": "CVE-2021-44228", "description": "Log4j is vulnerable to remote code execution (RCE) by allowing JNDI lookups, which can be exposed through user-controlled fields in HTTP requests, headers, or log messages.", "severity": "CRITICAL", "cvss": "10.0", "date": "2021-12-10", "recommendation": "Upgrade to Log4j 2.15.0 or later", "affected_versions": "Log4j 2.0 through 2.14.1", "source": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228", "related_cwe": ["CWE-20", "CWE-400", "CWE-502"]}
+  Thought: I have detailed information about CVE-2021-44228 (Log4Shell). I'll format this information in a clear and comprehensive way for the user.
   Code:
   ```py
+  final_answer(f"""
+  # CVE-2021-44228 (Log4Shell)
+  ## Overview
+  - **Severity**: CRITICAL
+  - **CVSS Score**: 10.0 (maximum severity)
+  - **Published**: December 10, 2021
+  - **Affected Versions**: Log4j 2.0 through 2.14.1
+  ## Description
+  Log4j is vulnerable to remote code execution (RCE) by allowing JNDI lookups, which can be exposed through user-controlled fields in HTTP requests, headers, or log messages. This vulnerability is extremely serious as it allows attackers to execute arbitrary code on affected systems remotely with minimal effort.
+  ## Related Weaknesses
+  - CWE-20: Improper Input Validation
+  - CWE-400: Uncontrolled Resource Consumption
+  - CWE-502: Deserialization of Untrusted Data
+  ## Recommendation
+  Upgrade to Log4j 2.15.0 or later versions. If upgrading is not immediately possible, mitigations include:
+  - Setting the system property `-Dlog4j2.formatMsgNoLookups=true`
+  - Removing the JndiLookup class from the classpath
+  ## Source
+  [NVD Database Entry](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
+  """)
   ```<end_code>
   ---
+  Task: "Are there any vulnerabilities in log4j 2.14.1?"
+  Thought: I need to extract the software name and version from the query, then search for vulnerabilities related to Log4j version 2.14.1.
   Code:
   ```py
+  import re
+  query = "Are there any vulnerabilities in log4j 2.14.1?"
+  # Extract software name and version using regex
+  match = re.search(r"in\s+([a-zA-Z0-9_\-\.]+)\s+([0-9\.]+)", query)
+  if match:
+      software_name = match.group(1)
+      software_version = match.group(2)
+      print(f"Software: {software_name}, Version: {software_version}")
+      results = search_vulnerabilities_for_software(software_name, software_version)
+      print(json.dumps(results, indent=2))
   ```<end_code>
+  Observation: Software: log4j, Version: 2.14.1
+  {"software": "log4j", "version": "2.14.1", "vulnerabilities": [{"id": "CVE-2021-44228", "description": "Log4j is vulnerable to remote code execution (RCE) by allowing JNDI lookups", "severity": "CRITICAL", "cvss": "10.0", "date": "2021-12-10", "source": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"}]}
+  Thought: I've found a critical vulnerability in Log4j 2.14.1, which is the infamous Log4Shell vulnerability (CVE-2021-44228). I'll provide a detailed answer about this severe security issue.
   Code:
   ```py
+  final_answer(f"""
+  # Vulnerabilities in Log4j 2.14.1
+  ## Critical Findings
+  Yes, Log4j 2.14.1 has a **CRITICAL vulnerability** known as **Log4Shell** (CVE-2021-44228), which has a maximum CVSS score of 10.0.
+  ### CVE-2021-44228 (Log4Shell)
+  - **Severity**: CRITICAL
+  - **CVSS**: 10.0/10.0
+  - **Published**: December 10, 2021
+  - **Description**: This vulnerability allows attackers to execute arbitrary code on systems using Log4j by sending specially crafted requests that contain malicious JNDI lookups.
+  - **Impact**: Extremely high - allows remote code execution without authentication
+  ## Recommendation
+  It is **STRONGLY RECOMMENDED** to upgrade Log4j to version 2.15.0 or later immediately. This vulnerability is actively exploited in the wild and represents a serious security risk for any system using the affected versions.
+  If immediate upgrading is not possible, apply these mitigations:
+  - Set system property `-Dlog4j2.formatMsgNoLookups=true`
+  - Remove the JndiLookup class from the classpath
+  ## Source
+  [NVD Database Entry](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
+  """)
   ```<end_code>
+  Above examples were using notional tools that might not exist for you. On top of performing computations in the Python code snippets that you create, you only have access to these tools:
   {%- for tool in tools.values() %}
   - {{ tool.name }}: {{ tool.description }}
       Takes inputs: {{tool.inputs}}
   10. Don't give up! You're in charge of solving the task, not providing directions to solve it.
   Now Begin! If you solve the task correctly, you will receive a reward of $1,000,000.
 "planning":
   "initial_facts": |-
     Below I will present you a task.

requirements.txt CHANGED Viewed

@@ -1,5 +1,11 @@
 markdownify
 smolagents
 requests
-duckduckgo_search
 pandas

 markdownify
 smolagents
 requests
+beautifulsoup4
+httpx
+python-dotenv
+rich
+pyyaml
+gradio
 pandas
+duckduckgo_search

tools/__init__.py ADDED Viewed

	@@ -0,0 +1,7 @@

+"""
+Vulnerability Intelligence Agent (VIA) - Tools Package.
+This package contains utility tools for HTTP requests, parsing, and general utilities.
+"""
+from . import utils
+from . import final_answer

tools/parsers.py ADDED Viewed

	@@ -0,0 +1,89 @@

+"""
+Parsers for Vulnerability Intelligence Agent.
+This module contains parsers for different vulnerability data formats.
+"""
+import re
+from typing import Dict, List, Any, Optional
+class CWEParser:
+    """Parser for Common Weakness Enumeration (CWE) entries."""
+    @staticmethod
+    def extract_cwe_from_cve(description: str) -> List[str]:
+        """
+        Extract CWE IDs from a CVE description.
+        Args:
+            description: CVE description text
+        Returns:
+            List of CWE IDs found in the description
+        """
+        # Pattern to match CWE IDs (e.g., CWE-79, CWE-89)
+        pattern = r"CWE-(\d+)"
+        matches = re.findall(pattern, description)
+        # Convert matches to full CWE IDs
+        cwe_ids = [f"CWE-{match}" for match in matches]
+        return cwe_ids
+class NVDParser:
+    """Parser for National Vulnerability Database entries."""
+    @staticmethod
+    def parse_nvd_api_response(response_json: Dict[str, Any], software: str, version: str) -> List[Dict[str, Any]]:
+        """
+        Parse a response from the NVD API.
+        Args:
+            response_json: JSON response from NVD API
+            software: Software name being searched
+            version: Software version being searched
+        Returns:
+            List of parsed vulnerabilities
+        """
+        # Simplified implementation
+        return []
+class CVEParser:
+    """Parser for Common Vulnerabilities and Exposures (CVE) entries."""
+    @staticmethod
+    def parse_cve_data(html_content: str, software: str, version: str) -> List[Dict[str, Any]]:
+        """
+        Parse CVE data from HTML content.
+        Args:
+            html_content: HTML content from the CVE website
+            software: Software name being searched
+            version: Software version being searched
+        Returns:
+            List of parsed vulnerabilities
+        """
+        # Simplified implementation
+        return []
+class CISAParser:
+    """Parser for CISA Known Exploited Vulnerabilities (KEV) catalog entries."""
+    @staticmethod
+    def parse_kev_data(json_data: Dict[str, Any], software: str, version: str) -> List[Dict[str, Any]]:
+        """
+        Parse data from the CISA KEV catalog.
+        Args:
+            json_data: JSON data from the CISA KEV catalog
+            software: Software name being searched
+            version: Software version being searched
+        Returns:
+            List of parsed vulnerabilities
+        """
+        # Simplified implementation
+        return []

tools/utils.py ADDED Viewed

	@@ -0,0 +1,146 @@

+"""
+Utility functions for the Vulnerability Intelligence Agent (VIA).
+"""
+import os
+import logging
+import json
+import datetime
+from typing import Dict, List, Any, Optional, Union
+def setup_logger(name: str) -> logging.Logger:
+    """
+    Set up a logger with the specified name.
+    Args:
+        name: Name of the logger
+    Returns:
+        Configured logger instance
+    """
+    logger = logging.getLogger(name)
+    if not logger.handlers:
+        handler = logging.StreamHandler()
+        formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
+        handler.setFormatter(formatter)
+        logger.addHandler(handler)
+    return logger
+def merge_vulnerability_data(results: List[Dict[str, Any]]) -> Dict[str, Any]:
+    """
+    Merge vulnerability data from multiple sources.
+    Args:
+        results: List of dictionaries with vulnerability data from different sources
+    Returns:
+        Merged dictionary with all vulnerabilities
+    """
+    # Simple implementation - in a real system, this would be more sophisticated
+    if not results:
+        return {"software": "", "version": "", "vulnerabilities": []}
+    merged = {
+        "software": results[0].get("software", ""),
+        "version": results[0].get("version", ""),
+        "vulnerabilities": []
+    }
+    # Simple merge - just combine all vulnerabilities
+    for result in results:
+        if "vulnerabilities" in result:
+            merged["vulnerabilities"].extend(result["vulnerabilities"])
+    return merged
+def save_report(data: Dict[str, Any], filename: str, report_dir: str = "reports") -> str:
+    """
+    Save vulnerability data to a JSON file.
+    Args:
+        data: Vulnerability data to save
+        filename: Base filename (without extension)
+        report_dir: Directory to save the report in
+    Returns:
+        Path to the saved JSON file
+    """
+    # Ensure the reports directory exists
+    os.makedirs(report_dir, exist_ok=True)
+    # Add timestamp to filename to avoid overwriting
+    timestamp = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
+    json_filename = f"{filename}_{timestamp}.json"
+    json_path = os.path.join(report_dir, json_filename)
+    # Save the data to a JSON file
+    with open(json_path, 'w') as f:
+        json.dump(data, f, indent=2)
+    return json_path
+def generate_markdown_report(data: Dict[str, Any], filename: str, report_dir: str = "reports") -> str:
+    """
+    Generate a Markdown report from vulnerability data.
+    Args:
+        data: Vulnerability data
+        filename: Base filename (without extension)
+        report_dir: Directory to save the report in
+    Returns:
+        Path to the generated Markdown file
+    """
+    # Ensure the reports directory exists
+    os.makedirs(report_dir, exist_ok=True)
+    # Add timestamp to filename to avoid overwriting
+    timestamp = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
+    md_filename = f"{filename}_{timestamp}.md"
+    md_path = os.path.join(report_dir, md_filename)
+    with open(md_path, 'w') as f:
+        # Write title
+        f.write(f"# Vulnerability Report: {data['software']} {data['version']}\n\n")
+        f.write(f"*Generated on: {datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')}*\n\n")
+        # Write summary
+        f.write("## Summary\n\n")
+        vuln_count = len(data.get('vulnerabilities', []))
+        f.write(f"Found **{vuln_count}** vulnerabilities for {data['software']} {data['version']}.\n\n")
+        # Write vulnerabilities
+        if vuln_count > 0:
+            f.write("## Vulnerabilities\n\n")
+            for i, vuln in enumerate(data['vulnerabilities'], 1):
+                f.write(f"### {i}. {vuln.get('id', 'Unknown ID')}\n\n")
+                f.write(f"**Severity:** {vuln.get('severity', 'Unknown')}")
+                if 'cvss' in vuln:
+                    f.write(f" (CVSS: {vuln['cvss']})")
+                f.write("\n\n")
+                f.write(f"**Description:** {vuln.get('description', 'No description available.')}\n\n")
+                if 'date' in vuln:
+                    f.write(f"**Published:** {vuln['date']}\n\n")
+                if 'recommendation' in vuln:
+                    f.write(f"**Recommendation:** {vuln['recommendation']}\n\n")
+                if 'source' in vuln:
+                    f.write(f"**Source:** [{vuln['source']}]({vuln['source']})\n\n")
+                f.write("---\n\n")
+        else:
+            f.write("## No vulnerabilities found\n\n")
+            f.write("No known vulnerabilities were found for this software and version.\n\n")
+        # Write footer
+        f.write("## References\n\n")
+        f.write("- [CVE (Common Vulnerabilities and Exposures)](https://cve.mitre.org/)\n")
+        f.write("- [NVD (National Vulnerability Database)](https://nvd.nist.gov/)\n")
+        f.write("- [CISA Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)\n")
+        f.write("- [CWE (Common Weakness Enumeration)](https://cwe.mitre.org/)\n")
+    return md_path

vulnerability_intelligence_agent/README.md ADDED Viewed

	@@ -0,0 +1,90 @@

+# Vulnerability Intelligence Agent (VIA)
+Vulnerability Intelligence Agent (VIA) es un agente inteligente y modular basado en smolagents, capaz de buscar y reportar vulnerabilidades de software y sistemas operativos desde fuentes oficiales, mediante scraping y análisis web. Modular, extensible y diseñado para integrarse a pipelines de seguridad y análisis.
+## Características
+- Búsqueda de vulnerabilidades en múltiples fuentes oficiales mediante web scraping/parsing
+- Arquitectura modular: un agente por fuente
+- Sistema de coordinación eficiente de agentes
+- Generación de reportes automáticos legibles y exportables (JSON/Markdown)
+- Diseño extensible para futuras integraciones con APIs
+## Fuentes soportadas
+- CVE (Common Vulnerabilities and Exposures)
+- CISA (Cybersecurity & Infrastructure Security Agency)
+- CWE (Common Weakness Enumeration)
+- NVD (National Vulnerability Database)
+## Instalación
+```bash
+git clone <repository-url>
+cd vulnerability_intelligence_agent
+pip install -r requirements.txt
+```
+## Uso
+```bash
+python main.py --input input.json
+```
+Ejemplo de archivo input.json:
+```json
+[
+  { "name": "OpenSSL", "version": "1.1.1k" },
+  { "name": "Apache", "version": "2.4.54" }
+]
+```
+## Formato de salida
+El sistema genera reportes en formato JSON y Markdown con información detallada sobre las vulnerabilidades encontradas:
+```json
+{
+  "software": "OpenSSL",
+  "version": "1.1.1k",
+  "vulnerabilities": [
+    {
+      "id": "CVE-2021-3450",
+      "description": "Improper Certificate Validation vulnerability...",
+      "severity": "HIGH",
+      "cvss": "7.4",
+      "source": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450",
+      "date": "2021-03-25",
+      "recommendation": "Update to version 1.1.1l"
+    }
+  ]
+}
+```
+## Estructura del proyecto
+```
+vulnerability_intelligence_agent/
+├── agents/                     # Subagentes que buscan en cada fuente específica
+│   ├── cve_agent.py
+│   ├── cisa_agent.py
+│   ├── cwe_agent.py
+│   ├── nvd_agent.py
+│   └── coordinator_agent.py    # Agente principal que coordina a los demás
+├── tools/                      # Herramientas genéricas para parsing, http, utils
+│   ├── http_client.py
+│   ├── parsers.py
+│   └── utils.py
+├── reports/                    # Carpeta para almacenar reportes generados
+├── main.py                     # Ejecución principal del agente
+├── README.md                   # Documentación inicial
+└── requirements.txt            # Librerías necesarias
+```
+## Licencia
+MIT
+## Contribuciones
+Las contribuciones son bienvenidas. Por favor, abra un issue o un pull request para sugerencias y mejoras.

vulnerability_intelligence_agent/__init__.py ADDED Viewed

	@@ -0,0 +1,6 @@

+"""
+Vulnerability Intelligence Agent (VIA).
+An intelligent and modular agent for searching and reporting software vulnerabilities from official sources.
+"""
+__version__ = "0.1.0"

vulnerability_intelligence_agent/agents/__init__.py ADDED Viewed

	@@ -0,0 +1,10 @@

+"""
+Vulnerability Intelligence Agent (VIA) - Agents Package.
+This package contains the agent implementations for different vulnerability sources.
+"""
+from . import cve_agent
+from . import nvd_agent
+from . import cisa_agent
+from . import cwe_agent
+from . import coordinator_agent

vulnerability_intelligence_agent/agents/cisa_agent.py ADDED Viewed

	@@ -0,0 +1,154 @@

+"""
+CISA Agent module for vulnerability intelligence.
+This agent is responsible for querying the CISA Known Exploited Vulnerabilities (KEV) Catalog.
+"""
+import json
+import time
+from typing import Dict, List, Any, Optional
+from smolagents import tool
+from ..tools.http_client import HTTPClient
+from ..tools.parsers import CISAParser
+from ..tools import utils
+logger = utils.setup_logger("cisa_agent")
+@tool
+def search_cisa_kev_for_software(software: str, version: str) -> Dict[str, Any]:
+    """
+    Search the CISA Known Exploited Vulnerabilities (KEV) Catalog for vulnerabilities related to a specific software and version.
+    Args:
+        software: Name of the software to search for
+        version: Version of the software to search for
+    Returns:
+        Dictionary with vulnerability information for the software and version
+    """
+    logger.info(f"Searching CISA KEV for {software} version {version}")
+    result = {
+        "software": software,
+        "version": version,
+        "vulnerabilities": []
+    }
+    http_client = HTTPClient()
+    try:
+        # CISA provides the KEV catalog as a JSON file
+        kev_url = "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
+        # Get the KEV catalog
+        response = http_client.get(kev_url)
+        kev_data = response.json()
+        # Parse the KEV data
+        vulnerabilities = CISAParser.parse_cisa_kev_data(kev_data, software, version)
+        # Add the vulnerabilities to the result
+        result["vulnerabilities"] = vulnerabilities
+        logger.info(f"Found {len(vulnerabilities)} CISA KEV vulnerabilities for {software} {version}")
+        return result
+    except Exception as e:
+        logger.error(f"Error searching CISA KEV for {software} {version}: {str(e)}")
+        return {
+            "software": software,
+            "version": version,
+            "vulnerabilities": [],
+            "error": str(e)
+        }
+@tool
+def get_all_cisa_kev_vulnerabilities() -> Dict[str, Any]:
+    """
+    Get all vulnerabilities from the CISA Known Exploited Vulnerabilities (KEV) Catalog.
+    Returns:
+        Dictionary with all vulnerabilities from the KEV catalog
+    """
+    logger.info("Getting all CISA KEV vulnerabilities")
+    http_client = HTTPClient()
+    try:
+        # CISA provides the KEV catalog as a JSON file
+        kev_url = "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
+        # Get the KEV catalog
+        response = http_client.get(kev_url)
+        kev_data = response.json()
+        # Extract catalog metadata
+        result = {
+            "title": kev_data.get("title", "CISA Known Exploited Vulnerabilities Catalog"),
+            "catalogVersion": kev_data.get("catalogVersion", ""),
+            "dateReleased": kev_data.get("dateReleased", ""),
+            "count": len(kev_data.get("vulnerabilities", [])),
+            "vulnerabilities": kev_data.get("vulnerabilities", [])
+        }
+        logger.info(f"Found {result['count']} total CISA KEV vulnerabilities")
+        return result
+    except Exception as e:
+        logger.error(f"Error getting all CISA KEV vulnerabilities: {str(e)}")
+        return {
+            "error": str(e),
+            "vulnerabilities": []
+        }
+@tool
+def get_cisa_kev_vulnerability(cve_id: str) -> Dict[str, Any]:
+    """
+    Get details about a specific vulnerability from the CISA KEV Catalog by CVE ID.
+    Args:
+        cve_id: CVE ID to look up (e.g., "CVE-2021-44228")
+    Returns:
+        Dictionary with vulnerability details if found
+    """
+    logger.info(f"Looking up CISA KEV vulnerability for {cve_id}")
+    http_client = HTTPClient()
+    try:
+        # CISA provides the KEV catalog as a JSON file
+        kev_url = "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
+        # Get the KEV catalog
+        response = http_client.get(kev_url)
+        kev_data = response.json()
+        # Find the specific vulnerability by CVE ID
+        vulnerabilities = kev_data.get("vulnerabilities", [])
+        for vuln in vulnerabilities:
+            if vuln.get("cveID") == cve_id:
+                # Enhance the vulnerability data with a source URL and severity level
+                vuln["source"] = "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
+                vuln["severity"] = "CRITICAL"  # All KEV items are considered critical
+                # Add a standardized recommendation
+                vuln["recommendation"] = f"URGENT: Update immediately as this vulnerability is being actively exploited in the wild"
+                return vuln
+        # If we get here, the vulnerability wasn't found
+        logger.warning(f"CVE {cve_id} not found in CISA KEV catalog")
+        return {
+            "id": cve_id,
+            "error": f"CVE {cve_id} not found in CISA KEV catalog"
+        }
+    except Exception as e:
+        logger.error(f"Error looking up CISA KEV vulnerability for {cve_id}: {str(e)}")
+        return {
+            "id": cve_id,
+            "error": str(e)
+        }

vulnerability_intelligence_agent/agents/coordinator_agent.py ADDED Viewed

	@@ -0,0 +1,191 @@

+"""
+Coordinator Agent module for vulnerability intelligence.
+This agent is responsible for coordinating the other agents and generating the final report.
+"""
+import json
+import time
+import argparse
+from typing import Dict, List, Any, Optional, Union
+from smolagents import tool
+from ..tools import utils
+from . import cve_agent, nvd_agent, cisa_agent, cwe_agent
+logger = utils.setup_logger("coordinator_agent")
+@tool
+def search_vulnerabilities_for_software(software: str, version: str) -> Dict[str, Any]:
+    """
+    Search for vulnerabilities related to a specific software and version across all sources.
+    Args:
+        software: Name of the software to search for
+        version: Version of the software to search for
+    Returns:
+        Dictionary with vulnerability information for the software and version from all sources
+    """
+    logger.info(f"Searching for vulnerabilities for {software} version {version}")
+    # Initialize results from each source
+    results = []
+    # Search NVD
+    logger.info("Searching NVD...")
+    nvd_results = nvd_agent.search_nvd_for_software(software, version)
+    if nvd_results.get("vulnerabilities"):
+        logger.info(f"Found {len(nvd_results['vulnerabilities'])} vulnerabilities in NVD")
+        results.append(nvd_results)
+    # Search CVE
+    logger.info("Searching CVE...")
+    cve_results = cve_agent.search_cve_for_software(software, version)
+    if cve_results.get("vulnerabilities"):
+        logger.info(f"Found {len(cve_results['vulnerabilities'])} vulnerabilities in CVE")
+        results.append(cve_results)
+    # Search CISA KEV
+    logger.info("Searching CISA KEV...")
+    cisa_results = cisa_agent.search_cisa_kev_for_software(software, version)
+    if cisa_results.get("vulnerabilities"):
+        logger.info(f"Found {len(cisa_results['vulnerabilities'])} vulnerabilities in CISA KEV")
+        results.append(cisa_results)
+    # Merge the results
+    merged_results = utils.merge_vulnerability_data(results)
+    # Enhance with CWE information
+    for vuln in merged_results.get("vulnerabilities", []):
+        if "description" in vuln:
+            # Try to extract CWEs from the description
+            cwe_ids = cwe_agent.CWEParser.extract_cwe_from_cve(vuln["description"])
+            if cwe_ids:
+                cwe_details = []
+                for cwe_id in cwe_ids[:3]:  # Limit to 3 CWEs to avoid too many requests
+                    cwe_detail = cwe_agent.get_cwe_details(cwe_id)
+                    if "error" not in cwe_detail:
+                        cwe_details.append(cwe_detail)
+                    time.sleep(1)  # Add a short delay between CWE lookups
+                if cwe_details:
+                    vuln["related_cwe"] = cwe_details
+    # Generate report
+    if merged_results.get("vulnerabilities"):
+        report_filename = f"{software.lower().replace(' ', '_')}_{version}"
+        utils.save_report(merged_results, report_filename)
+        utils.generate_markdown_report(merged_results, report_filename)
+    return merged_results
+@tool
+def search_vulnerabilities_for_multiple_software(software_list: List[Dict[str, str]]) -> List[Dict[str, Any]]:
+    """
+    Search for vulnerabilities for multiple software and versions.
+    Args:
+        software_list: List of dictionaries, each with 'name' and 'version' keys
+    Returns:
+        List of dictionaries with vulnerability information for each software
+    """
+    logger.info(f"Searching vulnerabilities for {len(software_list)} software items")
+    results = []
+    for item in software_list:
+        software = item.get("name")
+        version = item.get("version")
+        if not software or not version:
+            logger.warning(f"Skipping invalid software item: {item}")
+            continue
+        logger.info(f"Processing {software} {version}")
+        # Search for vulnerabilities
+        result = search_vulnerabilities_for_software(software, version)
+        results.append(result)
+        # Add a short delay between software items to avoid hitting rate limits
+        if item != software_list[-1]:  # Skip delay for the last item
+            time.sleep(2)
+    return results
+@tool
+def get_vulnerability_details(vulnerability_id: str) -> Dict[str, Any]:
+    """
+    Get detailed information about a specific vulnerability by ID (CVE or CWE).
+    Args:
+        vulnerability_id: ID of the vulnerability (e.g., CVE-2021-44228, CWE-79)
+    Returns:
+        Dictionary with detailed information about the vulnerability
+    """
+    logger.info(f"Getting details for vulnerability: {vulnerability_id}")
+    if vulnerability_id.startswith("CVE-"):
+        # Try to get info from NVD first
+        nvd_details = nvd_agent.get_nvd_cve_details(vulnerability_id)
+        if "error" not in nvd_details:
+            # Enrich with CISA KEV information if available
+            cisa_details = cisa_agent.get_cisa_kev_vulnerability(vulnerability_id)
+            if "error" not in cisa_details:
+                nvd_details["cisa_kev"] = True
+                nvd_details["cisa_required_action"] = cisa_details.get("requiredAction")
+                nvd_details["cisa_due_date"] = cisa_details.get("dueDate")
+                nvd_details["severity"] = "CRITICAL"  # Override severity for KEV vulnerabilities
+                nvd_details["recommendation"] = "URGENT: Update immediately as this vulnerability is being actively exploited in the wild"
+            # Try to extract CWEs from the description
+            if "description" in nvd_details:
+                cwe_details = cwe_agent.extract_cwes_from_cve(nvd_details["description"])
+                if cwe_details:
+                    nvd_details["related_cwe"] = cwe_details
+            return nvd_details
+        # Fallback to CVE database
+        return cve_agent.get_cve_details(vulnerability_id)
+    elif vulnerability_id.startswith("CWE-") or vulnerability_id.isdigit():
+        return cwe_agent.get_cwe_details(vulnerability_id)
+    else:
+        return {
+            "id": vulnerability_id,
+            "error": "Unknown vulnerability ID format. Should start with CVE- or CWE-."
+        }
+@tool
+def process_input_file(input_file: str) -> List[Dict[str, Any]]:
+    """
+    Process an input file containing a list of software to check for vulnerabilities.
+    Args:
+        input_file: Path to the input file (JSON format)
+    Returns:
+        List of dictionaries with vulnerability information for each software
+    """
+    logger.info(f"Processing input file: {input_file}")
+    try:
+        with open(input_file, 'r') as f:
+            software_list = json.load(f)
+        if not isinstance(software_list, list):
+            raise ValueError("Input file should contain a JSON array of software items")
+        # Process each software item
+        return search_vulnerabilities_for_multiple_software(software_list)
+    except Exception as e:
+        logger.error(f"Error processing input file {input_file}: {str(e)}")
+        return [{"error": str(e)}]

vulnerability_intelligence_agent/agents/cve_agent.py ADDED Viewed

	@@ -0,0 +1,170 @@

+"""
+CVE Agent module for vulnerability intelligence.
+This agent is responsible for querying the CVE database.
+"""
+import re
+import time
+from typing import Dict, List, Any, Optional
+from smolagents import tool
+from ..tools.http_client import HTTPClient
+from ..tools.parsers import CVEParser
+from ..tools import utils
+logger = utils.setup_logger("cve_agent")
+@tool
+def search_cve_for_software(software: str, version: str) -> Dict[str, Any]:
+    """
+    Search for CVEs related to a specific software and version.
+    Args:
+        software: Name of the software to search for
+        version: Version of the software to search for
+    Returns:
+        Dictionary with vulnerability information for the software and version
+    """
+    logger.info(f"Searching CVE for {software} version {version}")
+    result = {
+        "software": software,
+        "version": version,
+        "vulnerabilities": []
+    }
+    http_client = HTTPClient()
+    try:
+        # First, search for CVEs by software name and version
+        search_url = "https://cve.mitre.org/cgi-bin/cvekey.cgi"
+        search_term = f"{software} {version}"
+        # Get the search results page
+        soup = http_client.get_soup(search_url, params={"keyword": search_term})
+        # Parse the search results to get a list of relevant CVEs
+        vulnerabilities = CVEParser.parse_cve_search_results(soup, software, version)
+        # If we find any vulnerabilities, get more details for each one
+        if vulnerabilities:
+            for i, vuln in enumerate(vulnerabilities):
+                cve_id = vuln["id"]
+                # Get the CVE detail page
+                detail_url = f"https://cve.mitre.org/cgi-bin/cvename.cgi?name={cve_id}"
+                detail_soup = http_client.get_soup(detail_url)
+                # Parse the detail page to get more information
+                detailed_vuln = CVEParser.parse_cve_page(detail_soup, cve_id)
+                # Update with any new details
+                for key, value in detailed_vuln.items():
+                    if key != "id":  # Keep the original ID
+                        vuln[key] = value
+                # Add recommendation based on severity if not already present
+                if "recommendation" not in vuln:
+                    severity = vuln.get("severity", "UNKNOWN")
+                    if severity == "CRITICAL" or severity == "HIGH":
+                        vuln["recommendation"] = f"Update {software} to a version newer than {version} immediately"
+                    elif severity == "MEDIUM":
+                        vuln["recommendation"] = f"Plan to update {software} to a version newer than {version}"
+                    else:
+                        vuln["recommendation"] = f"Consider updating {software} when convenient"
+                # Add a short delay to avoid hitting rate limits
+                if i < len(vulnerabilities) - 1:
+                    time.sleep(1)
+            result["vulnerabilities"] = vulnerabilities
+        # Additionally, try searching with the software name only to catch more generic vulnerabilities
+        if len(vulnerabilities) < 5:
+            broader_soup = http_client.get_soup(search_url, params={"keyword": software})
+            broader_vulnerabilities = CVEParser.parse_cve_search_results(broader_soup, software, version)
+            # Filter out any duplicates by ID
+            existing_ids = {v["id"] for v in vulnerabilities}
+            unique_broader = [v for v in broader_vulnerabilities if v["id"] not in existing_ids]
+            # Get details for each new vulnerability
+            for i, vuln in enumerate(unique_broader):
+                cve_id = vuln["id"]
+                detail_url = f"https://cve.mitre.org/cgi-bin/cvename.cgi?name={cve_id}"
+                detail_soup = http_client.get_soup(detail_url)
+                detailed_vuln = CVEParser.parse_cve_page(detail_soup, cve_id)
+                for key, value in detailed_vuln.items():
+                    if key != "id":
+                        vuln[key] = value
+                # Add recommendation if not already present
+                if "recommendation" not in vuln:
+                    severity = vuln.get("severity", "UNKNOWN")
+                    if severity == "CRITICAL" or severity == "HIGH":
+                        vuln["recommendation"] = f"Update {software} to a version newer than {version} immediately"
+                    elif severity == "MEDIUM":
+                        vuln["recommendation"] = f"Plan to update {software} to a version newer than {version}"
+                    else:
+                        vuln["recommendation"] = f"Consider updating {software} when convenient"
+                # Add a short delay to avoid hitting rate limits
+                if i < len(unique_broader) - 1:
+                    time.sleep(1)
+            # Add the unique broader vulnerabilities to the result
+            result["vulnerabilities"].extend(unique_broader)
+        logger.info(f"Found {len(result['vulnerabilities'])} CVE vulnerabilities for {software} {version}")
+        return result
+    except Exception as e:
+        logger.error(f"Error searching CVE for {software} {version}: {str(e)}")
+        return {
+            "software": software,
+            "version": version,
+            "vulnerabilities": [],
+            "error": str(e)
+        }
+@tool
+def get_cve_details(cve_id: str) -> Dict[str, Any]:
+    """
+    Get detailed information about a specific CVE.
+    Args:
+        cve_id: The CVE ID to look up
+    Returns:
+        Dictionary with detailed information about the CVE
+    """
+    logger.info(f"Getting details for {cve_id}")
+    http_client = HTTPClient()
+    try:
+        # Ensure the CVE ID is properly formatted
+        if not re.match(r"CVE-\d{4}-\d{4,}", cve_id):
+            return {
+                "id": cve_id,
+                "error": "Invalid CVE ID format. Should be CVE-YYYY-NNNN..."
+            }
+        # Get the CVE detail page
+        detail_url = f"https://cve.mitre.org/cgi-bin/cvename.cgi?name={cve_id}"
+        detail_soup = http_client.get_soup(detail_url)
+        # Parse the detail page
+        vuln_details = CVEParser.parse_cve_page(detail_soup, cve_id)
+        return vuln_details
+    except Exception as e:
+        logger.error(f"Error getting details for {cve_id}: {str(e)}")
+        return {
+            "id": cve_id,
+            "error": str(e)
+        }

vulnerability_intelligence_agent/agents/cwe_agent.py ADDED Viewed

	@@ -0,0 +1,171 @@

+"""
+CWE Agent module for vulnerability intelligence.
+This agent is responsible for querying the Common Weakness Enumeration (CWE) database.
+"""
+import re
+import time
+from typing import Dict, List, Any, Optional
+from smolagents import tool
+from ..tools.http_client import HTTPClient
+from ..tools.parsers import CWEParser
+from ..tools import utils
+logger = utils.setup_logger("cwe_agent")
+@tool
+def get_cwe_details(cwe_id: str) -> Dict[str, Any]:
+    """
+    Get detailed information about a specific CWE.
+    Args:
+        cwe_id: The CWE ID to look up (format: CWE-NUM or just NUM)
+    Returns:
+        Dictionary with detailed information about the CWE
+    """
+    logger.info(f"Getting details for {cwe_id}")
+    http_client = HTTPClient()
+    try:
+        # Normalize the CWE ID format
+        if cwe_id.startswith("CWE-"):
+            cwe_num = cwe_id[4:]
+        else:
+            cwe_num = cwe_id
+            cwe_id = f"CWE-{cwe_id}"
+        # Ensure the CWE ID is valid
+        if not re.match(r"^\d+$", cwe_num):
+            return {
+                "id": cwe_id,
+                "error": "Invalid CWE ID format. Should be numeric or CWE-NUM."
+            }
+        # Get the CWE detail page
+        detail_url = f"https://cwe.mitre.org/data/definitions/{cwe_num}.html"
+        detail_soup = http_client.get_soup(detail_url)
+        # Parse the detail page
+        cwe_details = CWEParser.parse_cwe_page(detail_soup, cwe_id)
+        return cwe_details
+    except Exception as e:
+        logger.error(f"Error getting details for {cwe_id}: {str(e)}")
+        return {
+            "id": cwe_id,
+            "error": str(e)
+        }
+@tool
+def extract_cwes_from_cve(cve_description: str) -> List[Dict[str, Any]]:
+    """
+    Extract CWE IDs from a CVE description and get details for each.
+    Args:
+        cve_description: CVE description text to extract CWEs from
+    Returns:
+        List of CWE details dictionaries
+    """
+    logger.info("Extracting CWEs from CVE description")
+    try:
+        # Extract CWE IDs
+        cwe_ids = CWEParser.extract_cwe_from_cve(cve_description)
+        if not cwe_ids:
+            logger.info("No CWE IDs found in the CVE description")
+            return []
+        logger.info(f"Found {len(cwe_ids)} CWE IDs: {', '.join(cwe_ids)}")
+        # Get details for each CWE
+        cwe_details_list = []
+        for cwe_id in cwe_ids:
+            # Get details for this CWE
+            cwe_details = get_cwe_details(cwe_id)
+            # Only add if we got valid details (no error)
+            if "error" not in cwe_details:
+                cwe_details_list.append(cwe_details)
+            # Add a short delay to avoid hitting rate limits
+            if cwe_id != cwe_ids[-1]:  # Skip delay for the last item
+                time.sleep(1)
+        return cwe_details_list
+    except Exception as e:
+        logger.error(f"Error extracting CWEs from CVE description: {str(e)}")
+        return []
+@tool
+def search_cwe_weaknesses(keyword: str) -> List[Dict[str, Any]]:
+    """
+    Search for CWE weaknesses by keyword.
+    Args:
+        keyword: Keyword to search for
+    Returns:
+        List of matching CWE weakness dictionaries
+    """
+    logger.info(f"Searching CWE for keyword: {keyword}")
+    http_client = HTTPClient()
+    try:
+        # Search URL
+        search_url = "https://cwe.mitre.org/find/index.html"
+        # Get the search results page
+        soup = http_client.get_soup(search_url, params={"query": keyword})
+        # Parse the search results
+        results = []
+        # Look for the table of matching items
+        result_table = soup.find("table", {"class": "detail"})
+        if not result_table:
+            logger.warning(f"No results found for keyword: {keyword}")
+            return []
+        # Extract information from each row
+        rows = result_table.find_all("tr")[1:]  # Skip header row
+        for row in rows:
+            cells = row.find_all("td")
+            if len(cells) >= 2:
+                # Extract CWE ID and name
+                id_cell = cells[0]
+                name_cell = cells[1]
+                cwe_link = id_cell.find("a")
+                if cwe_link:
+                    cwe_id = cwe_link.get_text(strip=True)
+                    cwe_name = name_cell.get_text(strip=True)
+                    # Get the URL from the link
+                    cwe_url = cwe_link.get("href")
+                    if cwe_url and not cwe_url.startswith("http"):
+                        cwe_url = f"https://cwe.mitre.org{cwe_url}"
+                    result = {
+                        "id": cwe_id,
+                        "name": cwe_name,
+                        "source": cwe_url
+                    }
+                    results.append(result)
+        logger.info(f"Found {len(results)} CWE weaknesses for keyword: {keyword}")
+        return results
+    except Exception as e:
+        logger.error(f"Error searching CWE for keyword {keyword}: {str(e)}")
+        return []

vulnerability_intelligence_agent/agents/nvd_agent.py ADDED Viewed

	@@ -0,0 +1,227 @@

+"""
+NVD Agent module for vulnerability intelligence.
+This agent is responsible for querying the National Vulnerability Database.
+"""
+import json
+import time
+from typing import Dict, List, Any, Optional
+import urllib.parse
+from smolagents import tool
+from ..tools.http_client import HTTPClient
+from ..tools.parsers import NVDParser
+from ..tools import utils
+logger = utils.setup_logger("nvd_agent")
+@tool
+def search_nvd_for_software(software: str, version: str, max_results: int = 20) -> Dict[str, Any]:
+    """
+    Search the National Vulnerability Database for vulnerabilities related to a specific software and version.
+    Args:
+        software: Name of the software to search for
+        version: Version of the software to search for
+        max_results: Maximum number of results to return (default: 20)
+    Returns:
+        Dictionary with vulnerability information for the software and version
+    """
+    logger.info(f"Searching NVD for {software} version {version}")
+    result = {
+        "software": software,
+        "version": version,
+        "vulnerabilities": []
+    }
+    http_client = HTTPClient()
+    try:
+        # NVD API endpoint
+        # Note: This uses the public API without an API key, which has rate limits
+        # For production use, consider registering for an API key: https://nvd.nist.gov/developers/request-an-api-key
+        api_url = "https://services.nvd.nist.gov/rest/json/cves/2.0"
+        # Construct the query for the specific software
+        # Format the search to look for CPE matches containing the software name
+        encoded_software = urllib.parse.quote(software.lower())
+        # First query: search for exact software + version
+        params = {
+            "cpeName": f"cpe:2.3:*:{encoded_software}:*:{version}:*:*:*:*:*:*",
+            "resultsPerPage": max_results
+        }
+        # Make the request
+        response = http_client.get(api_url, params=params)
+        response_json = response.json()
+        # Parse the response
+        vulnerabilities = NVDParser.parse_nvd_api_response(response_json, software, version)
+        # If we didn't find enough results, try a broader search without specifying the version
+        if len(vulnerabilities) < 5:
+            # Add a delay to respect rate limits
+            time.sleep(2)
+            # Second query: search for software name only
+            broader_params = {
+                "cpeName": f"cpe:2.3:*:{encoded_software}:*:*:*:*:*:*:*:*",
+                "resultsPerPage": max_results
+            }
+            broader_response = http_client.get(api_url, params=broader_params)
+            broader_json = broader_response.json()
+            broader_vulns = NVDParser.parse_nvd_api_response(broader_json, software, version)
+            # Filter out duplicates
+            existing_ids = {v["id"] for v in vulnerabilities}
+            unique_broader = [v for v in broader_vulns if v["id"] not in existing_ids]
+            vulnerabilities.extend(unique_broader)
+        # Try a keyword search as a fallback
+        if len(vulnerabilities) < 5:
+            # Add a delay to respect rate limits
+            time.sleep(2)
+            # Third query: keyword search
+            keyword_params = {
+                "keywordSearch": f"{software} {version}",
+                "resultsPerPage": max_results
+            }
+            keyword_response = http_client.get(api_url, params=keyword_params)
+            keyword_json = keyword_response.json()
+            keyword_vulns = NVDParser.parse_nvd_api_response(keyword_json, software, version)
+            # Filter out duplicates
+            existing_ids = {v["id"] for v in vulnerabilities}
+            unique_keyword = [v for v in keyword_vulns if v["id"] not in existing_ids]
+            vulnerabilities.extend(unique_keyword)
+        # Set the vulnerabilities in the result
+        result["vulnerabilities"] = vulnerabilities
+        logger.info(f"Found {len(vulnerabilities)} NVD vulnerabilities for {software} {version}")
+        return result
+    except Exception as e:
+        logger.error(f"Error searching NVD for {software} {version}: {str(e)}")
+        return {
+            "software": software,
+            "version": version,
+            "vulnerabilities": [],
+            "error": str(e)
+        }
+@tool
+def get_nvd_cve_details(cve_id: str) -> Dict[str, Any]:
+    """
+    Get detailed information about a specific CVE from the NVD database.
+    Args:
+        cve_id: The CVE ID to look up
+    Returns:
+        Dictionary with detailed information about the CVE from NVD
+    """
+    logger.info(f"Getting NVD details for {cve_id}")
+    http_client = HTTPClient()
+    try:
+        # NVD API endpoint for a specific CVE
+        api_url = f"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId={cve_id}"
+        # Make the request
+        response = http_client.get(api_url)
+        response_json = response.json()
+        # Check if we got a valid response with vulnerabilities
+        if response_json.get("totalResults", 0) == 0 or not response_json.get("vulnerabilities"):
+            return {
+                "id": cve_id,
+                "error": "CVE not found in NVD"
+            }
+        # Extract the vulnerability data
+        vuln_data = response_json["vulnerabilities"][0]["cve"]
+        # Extract key information
+        result = {
+            "id": vuln_data.get("id", cve_id),
+            "source": f"https://nvd.nist.gov/vuln/detail/{cve_id}"
+        }
+        # Extract description
+        descriptions = vuln_data.get("descriptions", [])
+        for desc in descriptions:
+            if desc.get("lang") == "en":
+                result["description"] = desc.get("value", "")
+                break
+        # Extract metrics (severity and CVSS score)
+        metrics = vuln_data.get("metrics", {})
+        cvss_v3 = metrics.get("cvssMetricV31", [])
+        cvss_v2 = metrics.get("cvssMetricV2", [])
+        if cvss_v3:
+            base_metric = cvss_v3[0].get("cvssData", {})
+            result["cvss"] = str(base_metric.get("baseScore", ""))
+            result["severity"] = base_metric.get("baseSeverity", "UNKNOWN").upper()
+        elif cvss_v2:
+            base_metric = cvss_v2[0].get("cvssData", {})
+            score = base_metric.get("baseScore")
+            result["cvss"] = str(score) if score is not None else ""
+            # Map CVSS v2 score to severity
+            if score is not None:
+                if score >= 9.0:
+                    result["severity"] = "CRITICAL"
+                elif score >= 7.0:
+                    result["severity"] = "HIGH"
+                elif score >= 4.0:
+                    result["severity"] = "MEDIUM"
+                else:
+                    result["severity"] = "LOW"
+        else:
+            result["severity"] = "UNKNOWN"
+        # Extract published date
+        if "published" in vuln_data:
+            try:
+                date_str = vuln_data["published"].replace("Z", "+00:00")
+                result["date"] = date_str.split("T")[0]  # Just keep the date part
+            except (ValueError, IndexError):
+                result["date"] = vuln_data["published"]
+        # Extract references
+        references = vuln_data.get("references", [])
+        if references:
+            result["references"] = [ref.get("url") for ref in references if "url" in ref]
+        # Add recommendation based on severity
+        if "severity" in result:
+            severity = result["severity"]
+            if severity in ["CRITICAL", "HIGH"]:
+                result["recommendation"] = "Update affected software immediately"
+            elif severity == "MEDIUM":
+                result["recommendation"] = "Plan to update affected software soon"
+            else:
+                result["recommendation"] = "Consider updating affected software when convenient"
+        return result
+    except Exception as e:
+        logger.error(f"Error getting NVD details for {cve_id}: {str(e)}")
+        return {
+            "id": cve_id,
+            "error": str(e)
+        }

vulnerability_intelligence_agent/example_input.json ADDED Viewed

	@@ -0,0 +1,14 @@

+[
+  {
+    "name": "OpenSSL",
+    "version": "1.1.1k"
+  },
+  {
+    "name": "Apache",
+    "version": "2.4.54"
+  },
+  {
+    "name": "log4j",
+    "version": "2.14.1"
+  }
+]

vulnerability_intelligence_agent/main.py ADDED Viewed

	@@ -0,0 +1,136 @@

+#!/usr/bin/env python3
+"""
+Main script for the Vulnerability Intelligence Agent (VIA).
+"""
+import os
+import sys
+import json
+import argparse
+import logging
+from typing import List, Dict, Any
+from smolagents import CodeAgent, HfApiModel
+from agents.coordinator_agent import process_input_file, search_vulnerabilities_for_software, search_vulnerabilities_for_multiple_software
+from tools import utils
+logger = utils.setup_logger("main")
+def parse_args():
+    """Parse command line arguments."""
+    parser = argparse.ArgumentParser(description="Vulnerability Intelligence Agent (VIA)")
+    parser.add_argument("--input", "-i", type=str, help="Path to input JSON file containing software to check")
+    parser.add_argument("--software", "-s", type=str, help="Name of software to check")
+    parser.add_argument("--version", "-v", type=str, help="Version of software to check")
+    parser.add_argument("--output-dir", "-o", type=str, default="reports", help="Directory to save reports")
+    parser.add_argument("--verbose", action="store_true", help="Enable verbose logging")
+    parser.add_argument("--model", type=str, default="Qwen/Qwen2.5-Coder-32B-Instruct", help="HuggingFace model ID to use")
+    return parser.parse_args()
+def main():
+    """Main entry point for the script."""
+    args = parse_args()
+    # Configure logging
+    log_level = logging.DEBUG if args.verbose else logging.INFO
+    logging.basicConfig(
+        level=log_level,
+        format="%(asctime)s - %(name)s - %(levelname)s - %(message)s",
+    )
+    logger.info("Starting Vulnerability Intelligence Agent (VIA)")
+    # Set output directory
+    if args.output_dir:
+        os.makedirs(args.output_dir, exist_ok=True)
+    # Initialize the model
+    model = HfApiModel(
+        max_tokens=2096,
+        temperature=0.5,
+        model_id=args.model,
+        custom_role_conversions=None,
+    )
+    # Initialize the agent
+    agent = CodeAgent(
+        model=model,
+        tools=[process_input_file, search_vulnerabilities_for_software, search_vulnerabilities_for_multiple_software],
+        max_steps=10,
+        verbosity_level=2 if args.verbose else 1,
+    )
+    # Process input
+    try:
+        if args.input:
+            # Process input file
+            logger.info(f"Processing input file: {args.input}")
+            # Use the process_input_file tool directly
+            result = process_input_file(args.input)
+            # Display summary
+            for software_result in result:
+                software_name = software_result.get("software", "Unknown")
+                software_version = software_result.get("version", "Unknown")
+                vuln_count = len(software_result.get("vulnerabilities", []))
+                print(f"\n{software_name} {software_version}: {vuln_count} vulnerabilities found")
+                # Show top 3 critical/high vulnerabilities if any
+                high_vulns = [v for v in software_result.get("vulnerabilities", [])
+                            if v.get("severity") in ["CRITICAL", "HIGH"]]
+                if high_vulns:
+                    print("\nTop Critical/High Vulnerabilities:")
+                    for i, vuln in enumerate(high_vulns[:3], 1):
+                        print(f"{i}. {vuln.get('id')} - {vuln.get('severity')} - {vuln.get('source')}")
+                        description = vuln.get("description", "")
+                        if len(description) > 100:
+                            description = description[:100] + "..."
+                        print(f"   {description}")
+        elif args.software and args.version:
+            # Process single software
+            logger.info(f"Checking vulnerabilities for {args.software} {args.version}")
+            # Use the search_vulnerabilities_for_software tool directly
+            result = search_vulnerabilities_for_software(args.software, args.version)
+            # Display summary
+            vuln_count = len(result.get("vulnerabilities", []))
+            print(f"\n{args.software} {args.version}: {vuln_count} vulnerabilities found")
+            if vuln_count > 0:
+                # Show all vulnerabilities
+                print("\nVulnerabilities:")
+                for i, vuln in enumerate(result.get("vulnerabilities", []), 1):
+                    print(f"{i}. {vuln.get('id')} - {vuln.get('severity')}")
+                    description = vuln.get("description", "")
+                    if len(description) > 100:
+                        description = description[:100] + "..."
+                    print(f"   {description}")
+                    print(f"   Source: {vuln.get('source')}")
+                    if vuln.get("recommendation"):
+                        print(f"   Recommendation: {vuln.get('recommendation')}")
+                    print()
+        else:
+            # No input provided
+            print("Error: No input provided. Use --input to specify an input file or --software and --version to check a specific software.")
+            parser.print_help()
+            return 1
+    except Exception as e:
+        logger.error(f"Error: {str(e)}")
+        return 1
+    logger.info("Vulnerability Intelligence Agent completed successfully")
+    return 0
+if __name__ == "__main__":
+    sys.exit(main())

vulnerability_intelligence_agent/requirements.txt ADDED Viewed

	@@ -0,0 +1,7 @@

+smolagents>=1.9.2
+requests>=2.32.3
+beautifulsoup4>=4.13.3
+httpx>=0.28.1
+python-dotenv>=1.0.1
+rich>=13.9.4
+pyyaml>=6.0.2

vulnerability_intelligence_agent/tools/__init__.py ADDED Viewed

	@@ -0,0 +1,8 @@

+"""
+Vulnerability Intelligence Agent (VIA) - Tools Package.
+This package contains utility tools for HTTP requests, parsing, and general utilities.
+"""
+from . import http_client
+from . import parsers
+from . import utils

vulnerability_intelligence_agent/tools/http_client.py ADDED Viewed

	@@ -0,0 +1,214 @@

+"""
+HTTP Client module for VIA.
+Provides a unified interface for making HTTP requests to vulnerability databases.
+"""
+import time
+import random
+import asyncio
+from typing import Dict, Optional, Any, Union
+import httpx
+import requests
+from bs4 import BeautifulSoup
+class HTTPClient:
+    """
+    A client for making HTTP requests to vulnerability databases.
+    Supports both synchronous and asynchronous requests.
+    """
+    DEFAULT_HEADERS = {
+        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36",
+        "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
+        "Accept-Language": "en-US,en;q=0.5",
+        "DNT": "1",
+        "Connection": "keep-alive",
+        "Upgrade-Insecure-Requests": "1",
+    }
+    DEFAULT_TIMEOUT = 30.0  # seconds
+    DEFAULT_RETRIES = 3
+    DEFAULT_RETRY_DELAY = 2.0  # seconds
+    def __init__(
+        self,
+        headers: Optional[Dict[str, str]] = None,
+        timeout: float = DEFAULT_TIMEOUT,
+        max_retries: int = DEFAULT_RETRIES,
+        retry_delay: float = DEFAULT_RETRY_DELAY,
+    ):
+        """
+        Initialize the HTTP client with custom headers and settings.
+        Args:
+            headers: Optional custom headers to use for requests
+            timeout: Request timeout in seconds
+            max_retries: Maximum number of retry attempts for failed requests
+            retry_delay: Base delay between retries in seconds
+        """
+        self.headers = headers or self.DEFAULT_HEADERS.copy()
+        self.timeout = timeout
+        self.max_retries = max_retries
+        self.retry_delay = retry_delay
+        # Initialize clients
+        self.sync_client = requests.Session()
+        self.sync_client.headers.update(self.headers)
+        self.async_client = httpx.AsyncClient(
+            headers=self.headers,
+            timeout=self.timeout,
+            follow_redirects=True,
+        )
+    def get(
+        self,
+        url: str,
+        params: Optional[Dict[str, Any]] = None,
+        headers: Optional[Dict[str, str]] = None,
+        timeout: Optional[float] = None,
+    ) -> requests.Response:
+        """
+        Make a synchronous GET request with retries.
+        Args:
+            url: The URL to request
+            params: Optional URL parameters
+            headers: Optional headers to add or override
+            timeout: Optional timeout override
+        Returns:
+            Response object from requests
+        """
+        merged_headers = self.headers.copy()
+        if headers:
+            merged_headers.update(headers)
+        timeout = timeout or self.timeout
+        for attempt in range(self.max_retries):
+            try:
+                response = self.sync_client.get(
+                    url,
+                    params=params,
+                    headers=merged_headers,
+                    timeout=timeout,
+                )
+                response.raise_for_status()
+                return response
+            except (requests.RequestException, httpx.HTTPError) as e:
+                if attempt == self.max_retries - 1:
+                    raise e
+                # Apply exponential backoff with jitter
+                delay = self.retry_delay * (2 ** attempt) + random.uniform(0, 1)
+                time.sleep(delay)
+        # This should not be reached due to the exception in the loop
+        raise RuntimeError("Failed to complete request after all retries")
+    async def get_async(
+        self,
+        url: str,
+        params: Optional[Dict[str, Any]] = None,
+        headers: Optional[Dict[str, str]] = None,
+        timeout: Optional[float] = None,
+    ) -> httpx.Response:
+        """
+        Make an asynchronous GET request with retries.
+        Args:
+            url: The URL to request
+            params: Optional URL parameters
+            headers: Optional headers to add or override
+            timeout: Optional timeout override
+        Returns:
+            Response object from httpx
+        """
+        merged_headers = self.headers.copy()
+        if headers:
+            merged_headers.update(headers)
+        timeout_val = timeout or self.timeout
+        for attempt in range(self.max_retries):
+            try:
+                response = await self.async_client.get(
+                    url,
+                    params=params,
+                    headers=merged_headers,
+                    timeout=timeout_val,
+                )
+                response.raise_for_status()
+                return response
+            except httpx.HTTPError as e:
+                if attempt == self.max_retries - 1:
+                    raise e
+                # Apply exponential backoff with jitter
+                delay = self.retry_delay * (2 ** attempt) + random.uniform(0, 1)
+                await asyncio.sleep(delay)
+        # This should not be reached due to the exception in the loop
+        raise RuntimeError("Failed to complete request after all retries")
+    def get_soup(
+        self,
+        url: str,
+        params: Optional[Dict[str, Any]] = None,
+        headers: Optional[Dict[str, str]] = None,
+        parser: str = "html.parser",
+    ) -> BeautifulSoup:
+        """
+        Make a GET request and return a BeautifulSoup object.
+        Args:
+            url: The URL to request
+            params: Optional URL parameters
+            headers: Optional headers to override
+            parser: BeautifulSoup parser to use
+        Returns:
+            BeautifulSoup object for the response
+        """
+        response = self.get(url, params=params, headers=headers)
+        return BeautifulSoup(response.text, parser)
+    async def get_soup_async(
+        self,
+        url: str,
+        params: Optional[Dict[str, Any]] = None,
+        headers: Optional[Dict[str, str]] = None,
+        parser: str = "html.parser",
+    ) -> BeautifulSoup:
+        """
+        Make an async GET request and return a BeautifulSoup object.
+        Args:
+            url: The URL to request
+            params: Optional URL parameters
+            headers: Optional headers to override
+            parser: BeautifulSoup parser to use
+        Returns:
+            BeautifulSoup object for the response
+        """
+        response = await self.get_async(url, params=params, headers=headers)
+        return BeautifulSoup(response.text, parser)
+    async def close(self):
+        """Close the async client."""
+        await self.async_client.aclose()
+    def __del__(self):
+        """Ensure the async client is closed."""
+        try:
+            if hasattr(self, "async_client"):
+                loop = asyncio.get_event_loop()
+                if loop.is_running():
+                    loop.create_task(self.async_client.aclose())
+                else:
+                    loop.run_until_complete(self.async_client.aclose())
+        except (ImportError, RuntimeError):
+            pass

vulnerability_intelligence_agent/tools/parsers.py ADDED Viewed

	@@ -0,0 +1,456 @@

+"""
+Parsers for vulnerability databases.
+"""
+import re
+import json
+from typing import Dict, List, Any, Optional, Tuple
+from datetime import datetime
+from bs4 import BeautifulSoup, Tag
+from . import utils
+logger = utils.setup_logger("parsers")
+class CVEParser:
+    """Parser for CVE database entries."""
+    @staticmethod
+    def parse_cve_page(soup: BeautifulSoup, cve_id: str) -> Dict[str, Any]:
+        """
+        Parse a CVE detail page from cve.mitre.org.
+        Args:
+            soup: BeautifulSoup object of the CVE page
+            cve_id: CVE ID being parsed
+        Returns:
+            Dictionary with parsed vulnerability information
+        """
+        result = {
+            "id": cve_id,
+            "source": f"https://cve.mitre.org/cgi-bin/cvename.cgi?name={cve_id}"
+        }
+        try:
+            # Extract description
+            description_div = soup.find("div", {"class": "cvedetails"})
+            if description_div:
+                desc_content = description_div.get_text(strip=True)
+                result["description"] = desc_content
+            # Extract date if available
+            date_div = soup.find("th", text=re.compile("Published"))
+            if date_div and date_div.find_next_sibling("td"):
+                date_text = date_div.find_next_sibling("td").get_text(strip=True)
+                try:
+                    parsed_date = datetime.strptime(date_text, "%m/%d/%Y")
+                    result["date"] = parsed_date.strftime("%Y-%m-%d")
+                except ValueError:
+                    # If date format is unexpected, include as-is
+                    result["date"] = date_text
+            # Severity is not typically available directly on CVE pages
+            # but might be referenced in the description
+            severity_patterns = [
+                (r'high severity', 'HIGH'),
+                (r'medium severity', 'MEDIUM'),
+                (r'low severity', 'LOW'),
+                (r'critical severity', 'CRITICAL')
+            ]
+            for pattern, severity in severity_patterns:
+                if result.get("description") and re.search(pattern, result["description"], re.IGNORECASE):
+                    result["severity"] = severity
+                    break
+            if "severity" not in result:
+                result["severity"] = "UNKNOWN"
+            return result
+        except Exception as e:
+            logger.error(f"Error parsing CVE page for {cve_id}: {str(e)}")
+            return {
+                "id": cve_id,
+                "description": "Error parsing CVE information",
+                "severity": "UNKNOWN",
+                "source": f"https://cve.mitre.org/cgi-bin/cvename.cgi?name={cve_id}"
+            }
+    @staticmethod
+    def parse_cve_search_results(soup: BeautifulSoup, software: str, version: str) -> List[Dict[str, Any]]:
+        """
+        Parse CVE search results for a specific software and version.
+        Args:
+            soup: BeautifulSoup object of the search results page
+            software: Software name being searched
+            version: Software version being searched
+        Returns:
+            List of vulnerability dictionaries
+        """
+        vulnerabilities = []
+        try:
+            # Find the main table containing CVEs
+            table = soup.find("table", {"id": "cves"})
+            if not table:
+                logger.warning(f"No CVE table found for {software} {version}")
+                return []
+            rows = table.find_all("tr")[1:]  # Skip header row
+            for row in rows:
+                cols = row.find_all("td")
+                if len(cols) >= 2:
+                    cve_id = cols[0].get_text(strip=True)
+                    description = cols[1].get_text(strip=True)
+                    # Check if the version appears in the description
+                    if version.lower() in description.lower():
+                        vuln = {
+                            "id": cve_id,
+                            "description": description,
+                            "severity": "UNKNOWN",  # Will need to be determined later
+                            "source": f"https://cve.mitre.org/cgi-bin/cvename.cgi?name={cve_id}"
+                        }
+                        vulnerabilities.append(vuln)
+            return vulnerabilities
+        except Exception as e:
+            logger.error(f"Error parsing CVE search results for {software} {version}: {str(e)}")
+            return []
+class NVDParser:
+    """Parser for National Vulnerability Database entries."""
+    @staticmethod
+    def parse_nvd_api_response(response_json: Dict[str, Any], software: str, version: str) -> List[Dict[str, Any]]:
+        """
+        Parse a response from the NVD API.
+        Args:
+            response_json: JSON response from NVD API
+            software: Software name being searched
+            version: Software version being searched
+        Returns:
+            List of parsed vulnerabilities
+        """
+        vulnerabilities = []
+        try:
+            results = response_json.get("vulnerabilities", [])
+            for item in results:
+                cve = item.get("cve", {})
+                # Extract CVE ID
+                cve_id = cve.get("id", "")
+                # Extract description
+                descriptions = cve.get("descriptions", [])
+                description = ""
+                for desc in descriptions:
+                    if desc.get("lang") == "en":
+                        description = desc.get("value", "")
+                        break
+                # Extract metrics for CVSS score
+                metrics = cve.get("metrics", {})
+                cvss_v3 = metrics.get("cvssMetricV31", [])
+                cvss_v2 = metrics.get("cvssMetricV2", [])
+                severity = "UNKNOWN"
+                cvss_score = None
+                # Try to get CVSS v3 first, then fallback to v2
+                if cvss_v3:
+                    base_metric = cvss_v3[0].get("cvssData", {})
+                    cvss_score = base_metric.get("baseScore")
+                    severity_raw = base_metric.get("baseSeverity", "").upper()
+                    if severity_raw:
+                        severity = severity_raw
+                elif cvss_v2:
+                    base_metric = cvss_v2[0].get("cvssData", {})
+                    cvss_score = base_metric.get("baseScore")
+                    # Map CVSS v2 score to severity
+                    if cvss_score is not None:
+                        if cvss_score >= 9.0:
+                            severity = "CRITICAL"
+                        elif cvss_score >= 7.0:
+                            severity = "HIGH"
+                        elif cvss_score >= 4.0:
+                            severity = "MEDIUM"
+                        else:
+                            severity = "LOW"
+                # Extract published date
+                published_date = cve.get("published", "")
+                if published_date:
+                    try:
+                        # NVD dates are in ISO format
+                        date_obj = datetime.fromisoformat(published_date.replace("Z", "+00:00"))
+                        published_date = date_obj.strftime("%Y-%m-%d")
+                    except ValueError:
+                        pass
+                # Check CPE matches for the specific software and version
+                configurations = cve.get("configurations", [])
+                matches_software = False
+                for config in configurations:
+                    nodes = config.get("nodes", [])
+                    for node in nodes:
+                        cpe_matches = node.get("cpeMatch", [])
+                        for cpe_match in cpe_matches:
+                            cpe_name = cpe_match.get("criteria", "").lower()
+                            # Check if the CPE contains the software name and version
+                            if software.lower() in cpe_name:
+                                # Direct version match
+                                if f":{version}:" in cpe_name or f":{version}" in cpe_name:
+                                    matches_software = True
+                                    break
+                                # Version range match
+                                version_start_inclusive = cpe_match.get("versionStartIncluding", "")
+                                version_start_exclusive = cpe_match.get("versionStartExcluding", "")
+                                version_end_inclusive = cpe_match.get("versionEndIncluding", "")
+                                version_end_exclusive = cpe_match.get("versionEndExcluding", "")
+                                if any([version_start_inclusive, version_start_exclusive,
+                                       version_end_inclusive, version_end_exclusive]):
+                                    # Convert version to comparable parts
+                                    version_parts = utils.extract_version_parts(version)
+                                    # Check range conditions
+                                    in_range = True
+                                    if version_start_inclusive:
+                                        start_parts = utils.extract_version_parts(version_start_inclusive)
+                                        if version_parts < start_parts:
+                                            in_range = False
+                                    if version_start_exclusive:
+                                        start_parts = utils.extract_version_parts(version_start_exclusive)
+                                        if version_parts <= start_parts:
+                                            in_range = False
+                                    if version_end_inclusive:
+                                        end_parts = utils.extract_version_parts(version_end_inclusive)
+                                        if version_parts > end_parts:
+                                            in_range = False
+                                    if version_end_exclusive:
+                                        end_parts = utils.extract_version_parts(version_end_exclusive)
+                                        if version_parts >= end_parts:
+                                            in_range = False
+                                    if in_range:
+                                        matches_software = True
+                                        break
+                        if matches_software:
+                            break
+                    if matches_software:
+                        break
+                # Only include vulnerabilities that match the software and version
+                if matches_software:
+                    vulnerability = {
+                        "id": cve_id,
+                        "description": description,
+                        "severity": severity,
+                        "source": f"https://nvd.nist.gov/vuln/detail/{cve_id}"
+                    }
+                    if cvss_score is not None:
+                        vulnerability["cvss"] = str(cvss_score)
+                    if published_date:
+                        vulnerability["date"] = published_date
+                    # Add recommendation based on severity
+                    if severity in ["CRITICAL", "HIGH"]:
+                        vulnerability["recommendation"] = f"Update {software} to the latest version immediately"
+                    elif severity == "MEDIUM":
+                        vulnerability["recommendation"] = f"Plan to update {software} to the latest version"
+                    else:
+                        vulnerability["recommendation"] = f"Consider updating {software} when convenient"
+                    vulnerabilities.append(vulnerability)
+            return vulnerabilities
+        except Exception as e:
+            logger.error(f"Error parsing NVD API response for {software} {version}: {str(e)}")
+            return []
+class CISAParser:
+    """Parser for CISA Known Exploited Vulnerabilities Catalog."""
+    @staticmethod
+    def parse_cisa_kev_data(kev_data: Dict[str, Any], software: str, version: str) -> List[Dict[str, Any]]:
+        """
+        Parse CISA Known Exploited Vulnerabilities (KEV) catalog data.
+        Args:
+            kev_data: KEV catalog data as JSON
+            software: Software name to filter for
+            version: Software version to filter for
+        Returns:
+            List of parsed vulnerabilities
+        """
+        vulnerabilities = []
+        try:
+            if not isinstance(kev_data, dict):
+                logger.error(f"Invalid KEV data format: {type(kev_data)}")
+                return []
+            catalog_items = kev_data.get("vulnerabilities", [])
+            for item in catalog_items:
+                product_name = item.get("product", "").lower()
+                # Check if this vulnerability applies to our software
+                normalized_software = utils.normalize_software_name(software)
+                if normalized_software not in utils.normalize_software_name(product_name):
+                    continue
+                # Extract version information, which may be in the vendorProject field
+                vendor_project = item.get("vendorProject", "").lower()
+                if version.lower() not in vendor_project and version.lower() not in product_name:
+                    continue
+                cve_id = item.get("cveID", "")
+                date_added = item.get("dateAdded", "")
+                # Format the date if available
+                formatted_date = ""
+                if date_added:
+                    try:
+                        date_obj = datetime.strptime(date_added, "%Y-%m-%d")
+                        formatted_date = date_obj.strftime("%Y-%m-%d")
+                    except ValueError:
+                        formatted_date = date_added
+                vulnerability = {
+                    "id": cve_id,
+                    "description": item.get("vulnerabilityName", ""),
+                    "severity": "CRITICAL",  # All KEV items are considered critical as they are actively exploited
+                    "source": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
+                    "cisa_required_action": item.get("requiredAction", ""),
+                    "cisa_due_date": item.get("dueDate", "")
+                }
+                if formatted_date:
+                    vulnerability["date"] = formatted_date
+                # Add strong recommendation as these are known exploited vulnerabilities
+                vulnerability["recommendation"] = f"URGENT: Update {software} immediately as this vulnerability is being actively exploited in the wild"
+                vulnerabilities.append(vulnerability)
+            return vulnerabilities
+        except Exception as e:
+            logger.error(f"Error parsing CISA KEV data for {software} {version}: {str(e)}")
+            return []
+class CWEParser:
+    """Parser for Common Weakness Enumeration (CWE) data."""
+    @staticmethod
+    def parse_cwe_page(soup: BeautifulSoup, cwe_id: str) -> Dict[str, Any]:
+        """
+        Parse a CWE detail page.
+        Args:
+            soup: BeautifulSoup object of the CWE page
+            cwe_id: CWE ID being parsed
+        Returns:
+            Dictionary with parsed weakness information
+        """
+        result = {
+            "id": cwe_id,
+            "source": f"https://cwe.mitre.org/data/definitions/{cwe_id}.html"
+        }
+        try:
+            # Extract the name/title
+            title_div = soup.find("div", {"id": "title"})
+            if title_div:
+                result["title"] = title_div.get_text(strip=True).replace(f"{cwe_id}: ", "")
+            # Extract description
+            desc_div = soup.find("div", {"id": "description"})
+            if desc_div:
+                desc_content = desc_div.find("div", {"class": "detail"})
+                if desc_content:
+                    result["description"] = desc_content.get_text(strip=True)
+            # Extract likelihood
+            likelihood_div = soup.find("div", {"id": "likelihood"})
+            if likelihood_div:
+                likelihood_content = likelihood_div.find("div", {"class": "detail"})
+                if likelihood_content:
+                    result["likelihood"] = likelihood_content.get_text(strip=True)
+            # Determine severity based on likelihood or description keywords
+            if "likelihood" in result:
+                if "high" in result["likelihood"].lower():
+                    result["severity"] = "HIGH"
+                elif "medium" in result["likelihood"].lower():
+                    result["severity"] = "MEDIUM"
+                elif "low" in result["likelihood"].lower():
+                    result["severity"] = "LOW"
+                else:
+                    result["severity"] = "UNKNOWN"
+            else:
+                result["severity"] = "UNKNOWN"
+            # Extract mitigation information
+            mitigation_div = soup.find("div", {"id": "mitigations"})
+            if mitigation_div:
+                mitigation_content = mitigation_div.find("div", {"class": "detail"})
+                if mitigation_content:
+                    result["mitigation"] = mitigation_content.get_text(strip=True)
+                    result["recommendation"] = result["mitigation"]
+            return result
+        except Exception as e:
+            logger.error(f"Error parsing CWE page for {cwe_id}: {str(e)}")
+            return {
+                "id": cwe_id,
+                "description": "Error parsing CWE information",
+                "severity": "UNKNOWN",
+                "source": f"https://cwe.mitre.org/data/definitions/{cwe_id}.html"
+            }
+    @staticmethod
+    def extract_cwe_from_cve(cve_description: str) -> List[str]:
+        """
+        Extract CWE IDs from a CVE description.
+        Args:
+            cve_description: CVE description text
+        Returns:
+            List of CWE IDs
+        """
+        # Pattern to match CWE references like CWE-79, CWE-89, etc.
+        pattern = r'CWE-(\d+)'
+        matches = re.findall(pattern, cve_description)
+        return [f"CWE-{match}" for match in matches]

vulnerability_intelligence_agent/tools/utils.py ADDED Viewed

	@@ -0,0 +1,301 @@

+"""
+Utility functions for the Vulnerability Intelligence Agent.
+"""
+import json
+import os
+import re
+import logging
+import datetime
+from typing import Dict, List, Any, Optional, Union
+# Configure logging
+logging.basicConfig(
+    level=logging.INFO,
+    format="%(asctime)s - %(name)s - %(levelname)s - %(message)s",
+)
+logger = logging.getLogger("via")
+def setup_logger(name: str, level: int = logging.INFO) -> logging.Logger:
+    """
+    Set up a logger with the given name and level.
+    Args:
+        name: Name of the logger
+        level: Logging level
+    Returns:
+        Configured logger instance
+    """
+    logger = logging.getLogger(f"via.{name}")
+    logger.setLevel(level)
+    return logger
+def normalize_software_name(name: str) -> str:
+    """
+    Normalize a software name to improve matching across databases.
+    Args:
+        name: Software name to normalize
+    Returns:
+        Normalized software name
+    """
+    # Convert to lowercase and remove special characters
+    normalized = re.sub(r"[^a-z0-9]", "", name.lower())
+    return normalized
+def normalize_version(version: str) -> str:
+    """
+    Normalize a version string to improve matching across databases.
+    Args:
+        version: Version string to normalize
+    Returns:
+        Normalized version string
+    """
+    # Remove leading 'v' if present
+    if version.lower().startswith("v"):
+        version = version[1:]
+    # Replace underscores with dots
+    version = version.replace("_", ".")
+    # Remove any alphabetic parts (like beta, alpha, etc.)
+    version = re.sub(r"[a-zA-Z].*$", "", version)
+    return version.strip()
+def save_report(data: Dict[str, Any], filename: str, report_dir: str = "reports") -> str:
+    """
+    Save a vulnerability report to a file.
+    Args:
+        data: Report data to save
+        filename: Base filename (without extension)
+        report_dir: Directory to save the report in
+    Returns:
+        Path to the saved report file
+    """
+    # Ensure the reports directory exists
+    os.makedirs(report_dir, exist_ok=True)
+    # Add timestamp to filename to avoid overwriting
+    timestamp = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
+    json_filename = f"{filename}_{timestamp}.json"
+    json_path = os.path.join(report_dir, json_filename)
+    # Save JSON report
+    with open(json_path, 'w') as f:
+        json.dump(data, f, indent=2)
+    logger.info(f"Report saved to {json_path}")
+    return json_path
+def generate_markdown_report(data: Dict[str, Any], filename: str, report_dir: str = "reports") -> str:
+    """
+    Generate a Markdown report from vulnerability data.
+    Args:
+        data: Vulnerability data
+        filename: Base filename (without extension)
+        report_dir: Directory to save the report in
+    Returns:
+        Path to the generated Markdown file
+    """
+    # Ensure the reports directory exists
+    os.makedirs(report_dir, exist_ok=True)
+    # Add timestamp to filename to avoid overwriting
+    timestamp = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
+    md_filename = f"{filename}_{timestamp}.md"
+    md_path = os.path.join(report_dir, md_filename)
+    with open(md_path, 'w') as f:
+        # Write title
+        f.write(f"# Vulnerability Report: {data['software']} {data['version']}\n\n")
+        f.write(f"*Generated on: {datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')}*\n\n")
+        # Write summary
+        f.write("## Summary\n\n")
+        vuln_count = len(data.get('vulnerabilities', []))
+        f.write(f"Found **{vuln_count}** vulnerabilities for {data['software']} {data['version']}.\n\n")
+        # Write vulnerabilities
+        if vuln_count > 0:
+            f.write("## Vulnerabilities\n\n")
+            for i, vuln in enumerate(data['vulnerabilities'], 1):
+                f.write(f"### {i}. {vuln.get('id', 'Unknown ID')}\n\n")
+                f.write(f"**Severity:** {vuln.get('severity', 'Unknown')}")
+                if 'cvss' in vuln:
+                    f.write(f" (CVSS: {vuln['cvss']})")
+                f.write("\n\n")
+                f.write(f"**Description:** {vuln.get('description', 'No description available.')}\n\n")
+                if 'date' in vuln:
+                    f.write(f"**Published:** {vuln['date']}\n\n")
+                if 'recommendation' in vuln:
+                    f.write(f"**Recommendation:** {vuln['recommendation']}\n\n")
+                if 'source' in vuln:
+                    f.write(f"**Source:** [{vuln['source']}]({vuln['source']})\n\n")
+                f.write("---\n\n")
+        else:
+            f.write("## No vulnerabilities found\n\n")
+            f.write("No known vulnerabilities were found for this software and version.\n\n")
+        # Write footer
+        f.write("## References\n\n")
+        f.write("- [CVE (Common Vulnerabilities and Exposures)](https://cve.mitre.org/)\n")
+        f.write("- [NVD (National Vulnerability Database)](https://nvd.nist.gov/)\n")
+        f.write("- [CISA Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)\n")
+        f.write("- [CWE (Common Weakness Enumeration)](https://cwe.mitre.org/)\n")
+    logger.info(f"Markdown report saved to {md_path}")
+    return md_path
+def merge_vulnerability_data(data_list: List[Dict[str, Any]]) -> Dict[str, Any]:
+    """
+    Merge vulnerability data from multiple sources, removing duplicates.
+    Args:
+        data_list: List of vulnerability data dictionaries
+    Returns:
+        Merged vulnerability data
+    """
+    if not data_list:
+        return {}
+    # Start with the first item
+    result = data_list[0].copy()
+    result['vulnerabilities'] = result.get('vulnerabilities', []).copy()
+    # Track vulnerability IDs to avoid duplicates
+    vuln_ids = {v.get('id'): True for v in result['vulnerabilities']}
+    # Merge additional data
+    for data in data_list[1:]:
+        if data.get('vulnerabilities'):
+            for vuln in data['vulnerabilities']:
+                vuln_id = vuln.get('id')
+                if vuln_id and vuln_id not in vuln_ids:
+                    result['vulnerabilities'].append(vuln)
+                    vuln_ids[vuln_id] = True
+    # Sort vulnerabilities by severity (if available)
+    severity_order = {
+        "CRITICAL": 0,
+        "HIGH": 1,
+        "MEDIUM": 2,
+        "LOW": 3,
+        "UNKNOWN": 4,
+    }
+    result['vulnerabilities'].sort(
+        key=lambda v: severity_order.get(v.get('severity', '').upper(), 999)
+    )
+    return result
+def extract_version_parts(version: str) -> List[int]:
+    """
+    Extract version numbers into a list of integers for comparison.
+    Args:
+        version: Version string (e.g., "1.2.3")
+    Returns:
+        List of integer version parts
+    """
+    # Normalize version and extract numeric parts
+    norm_version = normalize_version(version)
+    return [int(part) for part in re.findall(r'\d+', norm_version)]
+def is_version_in_range(version: str, min_version: str, max_version: str) -> bool:
+    """
+    Check if a version is within a specified range.
+    Args:
+        version: Version to check
+        min_version: Minimum version (inclusive)
+        max_version: Maximum version (inclusive)
+    Returns:
+        True if version is in range, False otherwise
+    """
+    version_parts = extract_version_parts(version)
+    min_parts = extract_version_parts(min_version)
+    max_parts = extract_version_parts(max_version)
+    # Extend parts with zeros to ensure equal length
+    max_length = max(len(version_parts), len(min_parts), len(max_parts))
+    version_parts.extend([0] * (max_length - len(version_parts)))
+    min_parts.extend([0] * (max_length - len(min_parts)))
+    max_parts.extend([0] * (max_length - len(max_parts)))
+    # Check if version is in range
+    return min_parts <= version_parts <= max_parts
+def is_version_affected(version: str, affected_versions: str) -> bool:
+    """
+    Check if a version is affected by a vulnerability based on version string.
+    Args:
+        version: Version to check
+        affected_versions: Description of affected versions (e.g., "< 1.2.3", ">= 2.0")
+    Returns:
+        True if version is affected, False otherwise
+    """
+    version_parts = extract_version_parts(version)
+    # Handle different version patterns
+    if "<=" in affected_versions:
+        max_version = affected_versions.split("<=")[1].strip()
+        max_parts = extract_version_parts(max_version)
+        max_parts.extend([0] * (len(version_parts) - len(max_parts)))
+        return version_parts <= max_parts
+    elif ">=" in affected_versions:
+        min_version = affected_versions.split(">=")[1].strip()
+        min_parts = extract_version_parts(min_version)
+        min_parts.extend([0] * (len(version_parts) - len(min_parts)))
+        return version_parts >= min_parts
+    elif "<" in affected_versions:
+        max_version = affected_versions.split("<")[1].strip()
+        max_parts = extract_version_parts(max_version)
+        max_parts.extend([0] * (len(version_parts) - len(max_parts)))
+        return version_parts < max_parts
+    elif ">" in affected_versions:
+        min_version = affected_versions.split(">")[1].strip()
+        min_parts = extract_version_parts(min_version)
+        min_parts.extend([0] * (len(version_parts) - len(min_parts)))
+        return version_parts > min_parts
+    elif "-" in affected_versions:
+        # Handle range: "1.0.0 - 2.0.0"
+        parts = affected_versions.split("-")
+        min_version = parts[0].strip()
+        max_version = parts[1].strip()
+        return is_version_in_range(version, min_version, max_version)
+    # Direct comparison
+    return normalize_version(version) == normalize_version(affected_versions)