Login

u/yongsanghoon

Image 1 — [VulnPath Update] New Feature: "My Tech Stack"
Image 2 — [VulnPath Update] New Feature: "My Tech Stack"
▲ 3 r/hacking

[VulnPath Update] New Feature: "My Tech Stack"

Happy Monday!

I spent some this weekend working on a new feature called "My Tech Stack" for VulnPath (CVE visualization tool that let's you see the attack chain; see my past post for the backstory).

What is it?
You can now add any library, vendor, and/or framework used in your tech stack to then let VulnPath flag any CVEs impacting your environment(s).

Why?
If you spend a lot of time digging through CVEs, you know that one of the first questions that come to mind is "Does this impact me?". My Tech Stack accelerates this validation step by having VulnPath auto-flag any impacting CVEs during your search.

How can I start using it?

  1. Once signed in, head over to your "Dashboard"
  2. Scroll to the "My Tech Stack" section
  3. The "Actively Tracking" section at the top shows you what you're currently monitoring (screenshot #1)
  4. Use the input box to add your lib, vendor, etc, or use the "Quick Add" feature to quickly add some of the more common software (screenshot #1)
  5. That's it! Now when you lookup any CVEs, VulnPath will flag any that impact your stack through the middle graph UI (screenshot #2)

As always, I'm open to what everyone thinks so let me know your thoughts and suggestions!

u/yongsanghoon — 1 day ago
▲ 3 r/redteamsec

[Tool] VulnPath: Visualizing E2E attack chains & mapping GH PoCs

Hey everyone,

I’ve been working on a tool called VulnPath to help bridge the gap between reading a CVE and actually understanding the path to impact. I wanted to share it here because I think it’s particularly useful during the recon/research phase of an engagement.

The goal is to stop clicking through multiple sources and instead see the E2E attack chain quickly, as well as quickly identify top GitHub PoCs.

What it does for offensive workflows:

  • 📋 Product-Based Recon: Search a specific tech stack (e.g., Ivanti, Fortinet, Apache) to see all impacting CVEs instantly.
  • 📈 Visual Attack Chains: See the full attack chain visualized through a node-based graph. Instead of a text wall, you see the entry point, the pivot, and the impact.
  • 💻 GitHub PoC Integration: I’ve integrated a panel that pulls top-rated GH PoCs per CVE so you can find real-world exploits without having to manually hunt for them.

Full transparency (in case anyone's wondering), yes AI helped me build this tool. But I did come up with the original design, features, and had many late night sessions debugging some of the typical AI slop.

If you're interested, check it out at https://www.vulnpath.app and let me know what you think! More features coming soon -- you can create an account to be the first to know when these drop!

vulnpath.app
u/yongsanghoon — 4 days ago
▲ 40 r/hacking

[VulnPath Update] Unlimited CVE & Product Searches

Happy Wednesday!

Back again with more updates on VulnPath, a CVE visualization tool that let's you see the attack chain (see my past post for the backstory). I got more valuable feedback from this community last week so I wanted to share what's been added since then:

  • Unlimited CVE lookups (free): you can now search any CVE for free and see the full attack chain graph, GitHub PoCs, etc. To keep the lights on (for infra, API, and AI costs), the full Attack Chain Graph and GitHub PoC panel are part of the Pro tier, but I’ve now included a 7-day free trial so you can test this out and cancel anytime you'd like.
  • Unlimited Product-Based Searches (free): a few of you asked for this--you can now search by products used in your tech stack (e.g. apache, nginx, etc) to see a visual map of CVEs impacting your environment.
  • Tutorial: quick walkthrough tutorial on how to use VulnPath for first time visitors

What's next? I'll continue checking to see what feedback/suggestions this community has but as of late, I'm thinking the following may be useful features to work on next:

  • User-Defined Tech Stack: add what libraries/software you use in your environment so that whenever you lookup a CVE, VulnPath will confirm if you're impacted
  • Favorite CVE Groupings: create folders to organize your favorited CVEs
  • Automated Reports: from your saved CVEs, AI will pull key details of each to auto-generate a report that can be exported for however you'd like to use it

Feel free to check it out at https://www.vulnpath.app/app and let me know what you think!

--- [4/16 UPDATE] Full CVE & Product search for free (no account or trial needed) ---

Full CVE lookups are now free for everyone. This includes the attack chain graph, GH PoCs, etc. After talking to a few of you, I realized paywalling or gating the core features behind an account sign-up was not the right move. Thanks for everyone's understanding, patience, and valuable feedback! I truly hope VulnPath can be of help however you plan to use it! More to come.

u/yongsanghoon — 6 days ago
🔥 Hot ▲ 65 r/hacking

[Tool] VulnPath is now officially live!

I posted ~2 weeks ago about vulnpath.app/app, a CVE visualization tool prototype I built that helps visual leaners (like myself) "see" the E2E attack chain. Thank you to everyone that reached out with feedback! I spent the last few weeks taking this in and iterating on it more and now I'm proud to say it's officially live!

There's still a lot more work to be done so I don't plan on stopping here. But if you have time to check it out, I would greaty appreciate any additional feedback and feature suggestions to make it an even more useful tool for everyone.

Thanks for taking the time to read this!

4/13 update: you can now search by product to see which CVEs impact your tech stack (thanks everyone for this suggestion!). Also added a free 7-day trial (can cancel anytime with no commitments).

u/yongsanghoon — 15 days ago