Welcome to Vulnerability Catalog project, a catalog for Information Security Management designed for environments with multiple or diffuse vulnerability-related information sources.
git clone https://github.com/daavelino/vulnerability-catalog
cd vulnerability-catalog
./setup.sh # only during the first install
./run.sh- Test the Catalog by importing a testing dataset.
- Consistent track of the entire vulnerability lifecycle in a single place.
- Standardized description and quantification of the vulnerabilities.
- Risk and severity calculators to support precise quantification.
- Dashboard to visualize the progress and attention points.
- Easily import of the vulnerabilities found by Nessus or OpenVAS.
Check the Wiki for more information.
Storing and keep track of all vulnerabilities found on your environment by using a centralized, easy to use and organized catalogue is a way more secure than using the traditional spreadsheets.
With the Panorama, gain insights about what needs to be improved, track progress and effort, design better strategies and reduce risks by visualising the environment as a whole.
The idea to start this effort came from my experience trying to keep track of vulnerabilities during the Olympic and Paralympic Games at Rio 2016 - The Rio de Janeiro Olympics. During that time, I realized three hard things about vulnerability management:
- it is hard to centralize all information we got from vulnerability reports, assessments, pentests, user/peers report in a consistent way.
- it is hard to put relevant information, like risks and severity, in a common (and normalized) base.
- it is hard to visualize and get insights about the enviroment when we have multiple and diffuse sources of data, comming from .pdf, .xslx, .doc files or even by e-mail or other channels.
So, Vulnerability Catalog try to make things a little bit easier. With Catalog, we can unify, put data into a normal basis and manage vulnerabilities better than if you try to do this by using sheets or search and reading reports one-by-one each time you need an information.
Please check the wiki for a step-by-step approach.
- Victor Carvalho (https://www.behance.net/VictorjCarvalho), for logo design.
- Barbara Camara for suggestions and point me the right persons.
- Andrea Fabrete, for important improvement insights and suggestions.
- Beatriz Lima, for watching changes and suggest new ideas.
- Paulo Caldas, for stress the project concept, making it more mature.
- Leandro Silva, for testing and report great feedback.
and others (you know who you are) for important feedbacks and to keep me straight in my path.
License: MIT License. Author: Daniel Avelino
Proudly made in 
.