npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

vulnripper

v1.1.0

Published

Vulnerability Intelligence platform searching for vulnerabilities, exploits, and malicious packages with network scanning and agent-based discovery.

Downloads

25

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

baysec-eubaysec-eu

Keywords

vulnerabilityexploitmalwaresecuritycvecpenmapsecurity-auditvulnerability-scannersecurity-toolspentestinginfoseccybersecurity

Readme

Vulnripper Logo

Vulnripper

Vulnerability Intelligence platform searching for vulnerabilities, exploits, and malicious packages with network scanning and agent-based discovery.

npm install -g vulnripper
vulnripper --update

# ready to operate - simple as that

Overview

Continuation of cveseeker with faster search and better correlation. CLI tool is open source and free to use. Vulnerability intelligence database is a paid commercial product maintained by Baysec and required for the tool to work. Database is 10GB uncompressed (1GB compressed) with daily updates. Works offline after download, perfect for air-gapped networks. See database statistics at vulns.baysec.eu.

Database Access Required: baysec.eu | [email protected]

What It Does

Search

Enter product name, get vulnerabilities, and exploits with CVSS, EPSS, CISA KEV. Find working exploits and PoCs.

Network Scan

Nmap wrapper that correlates discovered services with vulnerability database. Scans hosts, identifies software versions, shows vulnerabilities and exploits.

Asset Inventory

Deploy collectors on systems to gather IPs, hostnames, OS info, and installed software. Export to central location for bulk vulnerability correlation. Scales well and works without internet access.

Malware Detection

Search for malicious packages in npm, PyPI, RubyGems, Maven, NuGet and other ecosystems. Find compromised dependencies and correlate with collected data from assets.

Installation

Prerequisites

  • Node.js 18.0.0 or higher
  • npm or yarn package manager
  • nmap (required for scan functionality)

Install nmap

macOS:

brew install nmap

Ubuntu/Debian:

sudo apt-get update && sudo apt-get install nmap

RHEL/CentOS/Fedora:

sudo yum install nmap

Windows: Download from nmap.org and add C:\Program Files (x86)\nmap to PATH if needed.

Install Vulnripper

npm install -g vulnripper

Vulnripper Installation

Getting Started

1. Get Database Access

Contact Baysec at [email protected] or baysec.eu for database credentials.

2. Download and Configure

vulnripper --update

Downloads the database, stores credentials in ~/.vulnripper/.env, and builds the FTS5 search index. Takes 5-15 minutes for 30-100x faster searches.

3. Keep Updated

vulnripper --update

Cleans old files, downloads latest database, and rebuilds the index.

Core Capabilities

Vulnerability Search

Search the vulnerability database with filtering and correlation.

vulnripper apache
vulnripper CVE-2024-1234
vulnripper "remote code execution" nginx

Vulnripper Search

Advanced Filtering:

vulnripper apache --severity CRITICAL HIGH
vulnripper windows --exploit
vulnripper apache --newest
vulnripper apache --cvss
vulnripper apache --max-results 50

Network Scanning

Scan network targets with nmap and automatically correlate discovered services with vulnerability data.

vulnripper scan example.com --report
vulnripper scan 192.168.1.100 -p 22,80,443 --report
vulnripper scan 192.168.1.0/24 --report
vulnripper scan 10.0.0.1 -p 1-1000
vulnripper scan 10.0.0.1 -p "top-ports 100"

Reports include host IP, hostname, operating system, ports, services, software versions, and correlated vulnerabilities per host.

Vulnripper Scan

Analyze Existing Nmap Scans:

nmap -sV -oX scan.xml target.com
vulnripper nse scan.xml

Report Generation

Generate HTML and CSV reports for search and scan operations.

vulnripper apache --report
vulnripper scan example.com --report --report-dir /path/to/reports

HTML Reports Include:

  • Summary statistics with severity breakdown (critical, high, medium, low)
  • Collapsible host groups with full vulnerability details
  • CVE ID, severity, CVSS score, descriptions, affected products, exploits, CPE, and references
  • Host-based aggregation with IP, hostname, and vulnerability counts

CSV Reports Include:

  • CVE ID, title, severity, CVSS score, and EPSS score
  • Description, affected products, vendors, and exploit availability
  • Published date, scan target, and host details (IP, hostname, OS, port, service)

Vulnripper Report

Reports are saved to ./vulnripper-reports/ by default.

Malicious Package Detection

Search for known malicious packages across multiple ecosystems. Scan projects to identify compromised dependencies and supply chain threats.

vulnripper malware package-name
vulnripper malware package-name --ecosystem npm

Detects malicious packages in:

  • npm (Node.js)
  • PyPI (Python)
  • RubyGems (Ruby)
  • Maven (Java)
  • NuGet (.NET)
  • And other package ecosystems

Agent-Based Collection

Deploy collectors to gather host information, IP addresses, hostnames, and complete software inventory from systems. Correlates collected data with vulnerability database.

vulnripper get-collectors
vulnripper collect /path/to/collector/data --recursive --report

Collectors gather:

  • Host information (IP addresses, hostnames, operating systems)
  • Installed software with exact versions
  • Package managers and dependencies
  • Running services and applications

Use Cases:

  • Software inventory at scale (100+ hosts)
  • Attack surface management across infrastructure
  • Compliance reporting (PCI-DSS, ISO 27001, SOC 2)
  • Non-intrusive vulnerability management
  • Direct inventory versus version guessing
  • Continuous monitoring with offline capability

Configuration

Default paths are customizable via CLI options or config file:

  • Config: ~/.vulnripper/config.yml
  • Database: ~/.vulnripper/vulnripper.db
  • Reports: ./vulnripper-reports/
  • Collectors: ./vulnripper-collectors/

Command Reference

Global Commands

| Command | Description | |---------|-------------| | vulnripper <keywords...> | Search for vulnerabilities | | vulnripper scan <target> | Scan target with nmap | | vulnripper nse <xml-file> | Analyze nmap XML output | | vulnripper malware <package> | Search for malicious packages | | vulnripper collect <dir> | Analyze collector JSON files | | vulnripper get-collectors | Download collector binaries | | vulnripper --update | Download and update vulnerability database | | vulnripper build-index | Build FTS5 search index manually | | vulnripper --stats | Show database statistics | | vulnripper nse-path | Display NSE script path |

Global Options

| Option | Description | |--------|-------------| | --dataset <file> | Use custom database file | | --config <file> | Use custom config file | | --verbose | Show detailed output | | --no-logo | Hide logo |

Search Options

| Option | Description | |--------|-------------| | --max-results <n> | Maximum results to display (default: 100) | | --severity <levels...> | Filter by severity (CRITICAL, HIGH, MEDIUM, LOW) | | --exploit | Show only CVEs with exploits | | --newest | Sort by newest first | | --cvss | Sort by CVSS score | | --report | Generate HTML and CSV reports | | --report-dir <dir> | Report output directory |

Scan Options

| Option | Description | |--------|-------------| | -p, --ports <ports> | Ports to scan (default: top 1000) | | -oA <basename> | Output all nmap formats | | --report | Generate vulnerability reports | | --dataset <file> | Use custom database | | --nse-args <args> | Additional NSE arguments |

Troubleshooting

Database Download Fails

Check the following:

  • Internet connectivity
  • Credentials in ~/.vulnripper/.env
  • Sufficient disk space (at least 10GB available)

Nmap Scan Fails

Verify nmap installation:

nmap --version

Search Performance Issues

Rebuild the FTS5 index for 30-100x performance improvement:

vulnripper build-index

Baysec CTI Services

Vulnripper is used by Baysec analysts in daily operations. The Baysec CTI platform extends Vulnripper by correlating vulnerability and exploit data with threat actor intelligence, campaigns, malware families, and attack patterns.

Platform Features

  • Real-time vulnerability and exploit tracking
  • Threat actor TTP correlation
  • Custom dashboards for trends and patterns
  • API access for SOAR, SIEM, and vulnerability management
  • STIX/TAXII support
  • Knowledge graphs linking vulnerabilities, exploits, and threats

OpenCTI Integration

OpenCTI connector available for Vulnripper subscribers. Enables automated ingestion, vulnerability enrichment, and correlation with existing intelligence.

Contact: [email protected] | baysec.eu

License

CLI Tool: MIT License (see LICENSE file) Database: Commercial product with separate license from Baysec

Legal Notice

AUTHORIZED USE ONLY

Use this tool only on systems you own or have written authorization to test. Unauthorized use is illegal under the Computer Fraud and Abuse Act (CFAA) and Computer Misuse Act.

By using this tool, you agree to use it for legal purposes only and accept full responsibility for your actions.

Intended Use: Penetration testing, security audits, vulnerability management, security research, compliance, and incident response.

Prohibited Use: Unauthorized scanning, testing without permission, and illegal access.

Illegal activity is not supported. Developers will cooperate with law enforcement.

Contact

Database Access: Email: [email protected] Website: baysec.eu Statistics: vulns.baysec.eu

Issues & Bugs: GitHub: Create an issue