๐ก๏ธ VIPER: Stay ahead of threats with AI-driven vulnerability intelligence. Prioritize CVEs effectively using NVD, EPSS, CISA KEV, and Google Gemini insights, all on an interactive dashboard
VIPER is your AI-powered co-pilot in the complex world of cyber threats, designed to provide actionable Vulnerability Intelligence, Prioritization, and Exploitation Reporting.
In an era of ever-increasing cyber threats, VIPER cuts through the noise. It ingests data from critical sources like NVD, EPSS, and the CISA KEV catalog, then leverages Google Gemini AI for deep contextual analysis and vulnerability prioritization. All this intelligence is centralized, enriched, and presented through multiple interfaces: an interactive Streamlit dashboard, a powerful CLI, and now integrated with Claude Desktop through MCP (Model Context Protocol) for natural language vulnerability analysis.
VIPER now includes a Model Context Protocol (MCP) server that integrates seamlessly with Claude Desktop, providing 12 powerful cybersecurity tools accessible through natural language:
perform_live_cve_lookup
- Full CVE analysisget_nvd_cve_details
- NVD dataget_epss_data_for_cve
- Exploitation probabilitycheck_cve_in_cisa_kev
- CISA KEV statussearch_public_exploits_for_cve
- GitHub/Exploit-DB searchget_gemini_cve_analysis
- AI analysisget_viper_risk_score
- Risk scoringsave_cve_data_to_viperdb
- Database storageUsage Examples:
"Analyze CVE-2024-3400 with full Viper analysis"
"Find exploits for CVE-2023-44487"
"Check if CVE-2024-1234 is in CISA KEV"
git clone https://github.com/ozanunal0/viper.git
cd viper
./setup.sh
cp env.example .env
# Edit .env with your settings:
# - GEMINI_API_KEY for Gemini AI (default provider)
# - Or set LLM_PROVIDER=ollama for local LLM
{
"mcpServers": {
"ViperMCPServer": {
"command": "/FULL/PATH/TO/viper/run_mcp_clean.sh"
}
}
}
Claude Desktop (Recommended):
Dashboard:
python main.py dashboard
CLI:
python main.py cli --days 7
For privacy-focused analysis without external API dependencies:
# 1. Set LLM provider to Ollama
echo "LLM_PROVIDER=ollama" >> .env
# 2. Start with Docker Compose (includes Ollama)
docker-compose up -d
# 3. Pull a model (run once)
docker exec -it viper_ollama ollama pull llama3:8b
# 4. Access VIPER at http://localhost:8501
llama3:8b
- Good balance of speed and quality (default)llama3:70b
- Higher quality, requires more resourcescodellama:7b
- Optimized for code analysismistral:7b
- Fast and efficient# In .env file
LLM_PROVIDER=ollama
OLLAMA_API_BASE_URL=http://localhost:11434 # or http://ollama:11434 in Docker
LOCAL_LLM_MODEL_NAME=llama3:8b
Here's where we're headed:
โ
Full NVD API Pagination: Ensure complete ingestion of all relevant CVEs from NVD by implementing robust pagination in nvd_client.py to handle large result sets (addressing current partial data fetching ).
โ
Solidify Retry Mechanisms: Continuously refine and test tenacity based retry logic across all external API clients (nvd_client.py, epss_client.py, cisa_kev_client.py, microsoft_update_client.py, gemini_analyzer.py) for maximum resilience.
โ Dashboard Usability & Features:
โ
Refine real-time CVE lookup: Optimize display and ensure all enrichment (EPSS, KEV, MSData, Gemini re-analysis) is available for live queries.
โ
Enhance filtering and sorting options on all data tables.
โ
Implement detailed CVE view modals or dedicated pages for better readability of all enriched data.
๐ง Automated Periodic Execution: Integrate APScheduler or configure system cron jobs to run the main_mvp.py data pipeline automatically at configurable intervals.
โ
Other CISA Products & Feeds: Explore and integrate other relevant CISA feeds beyond the KEV catalog (e.g., CISA Alerts, Industrial Control Systems Advisories if applicable).
Explore and integrate other relevant CISA feeds beyond the KEV catalog (e.g., CISA Alerts, Industrial Control Systems Advisories if applicable).
โ
Comprehensive Microsoft Patch Tuesday Parsing: Further refine microsoft_update_client.py to ensure accurate and detailed extraction of product families, specific product versions, and direct links to KB articles/MSRC guidance from CVRF/CSAF to ensure accurate and detailed extraction of product families, specific product versions, and direct links to KB articles/MSRC guidance from CVRF/CSAF data.
iocextract
.Star โญ the repo if VIPER helps with your vulnerability management!
{ "mcpServers": { "viper": { "command": "/FULL/PATH/TO/viper/run_mcp_clean.sh", "args": [] } } }
Related projects feature coming soon
Will recommend related projects based on sub-categories