loading
loading
Vulnerabilities
Find CVE proof-of-concept exploit repositories across GitHub.
overview
find-gh-poc runs a GraphQL search against GitHub and returns the repositories that match it, which makes it a fast way to locate proof-of-concept exploit code for a CVE. You give it a search query and a GitHub token, and it pages through the results so you do not have to click through the web UI or hit the basic search limits by hand.
Because the query is a GitHub GraphQL search string, you decide how wide to cast. Search a single CVE identifier to confirm whether public PoCs exist, or search a broader pattern to sweep a whole class of issues. The token is required so the run gets the higher authenticated rate limit instead of stalling on anonymous quotas.
On Trickest, find-gh-poc is a Vulnerabilities node that reads a query and a token, then writes a folder and a file of matching repositories. Place it after a CVE-discovery or triage step so each fresh CVE feeds a search, and route the results into reporting or into a clone-and-review stage.
use cases
Search a CVE identifier to find out whether working proof-of-concept code already exists on GitHub before deciding how urgently to patch or test it.
Schedule find-gh-poc behind a CVE source so newly disclosed issues are checked for public PoCs automatically and the matches land in a queryable output.
Collect the matching repositories from a query so an analyst can clone and read the PoC code rather than trusting a CVE summary alone.
Run a broader GraphQL search to pull every PoC repository matching a pattern, then triage the set instead of searching one CVE at a time.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| query-string | STRING | -query-string | GraphQL search query to run against GitHub. |
| query-file | FILE | -query-file | File to read the GraphQL search query from. |
| token-string | STRING | -token-string | GitHub token used to authenticate the search. |
| token-file | FILE | -token-file | File to read the GitHub token from. |
Showing key inputs. find-gh-poc exposes 4 inputs in total.
example
# search GitHub for a CVE's proof-of-concept repos, authenticatedfind-gh-poc -query-string 'CVE-2023-3519 in:name,readme' -token-file ./gh-token.txthttps://github.com/example-user/CVE-2023-3519-PoChttps://github.com/redteam-lab/netscaler-adc-rcehttps://github.com/appsec-notes/cve-2023-3519-scannerhttps://github.com/sec-research-42/citrix-pochttps://github.com/blueteam-tools/CVE-2023-3519-detecthttps://github.com/ctf-writeups-x/cve-2023-3519… (18 repositories matched for the real query behind this page)guidance
Use find-gh-poc when you have a CVE or a search pattern and want to know which proof-of-concept exploit repositories exist on GitHub. It searches public repositories rather than scanning hosts, so pair it with a CVE source upstream and a clone or report stage downstream. Supply a token so the run uses the authenticated rate limit.
Searches the local Exploit-DB archive. find-gh-poc instead pulls live PoC repositories straight from GitHub.
Tests hosts against CVE templates. find-gh-poc locates the PoC code rather than running a check.
A single-CVE scanner. find-gh-poc is generic and searches PoCs for any CVE you query.
faq
related
A Go script for bypassing 403 forbidden responses.
An open-source tool that automates detecting and exploiting command injection.
Detect and abuse vulnerable implementations of stateless sessions.
A Python tool to find Cross-Origin Resource Sharing misconfigurations.
A tool to find HTTP splitting vulnerabilities.
Multi-threaded, IPv6-aware username enumeration via CVE-2018-15473.
A CVE query feeds find-gh-poc, which searches GitHub and writes the matching proof-of-concept repositories as a queryable output.
Facts on this page come from the live Trickest tool library.