Automate CVE Detection with AI-Powered Nuclei Template Generation & Google Drive

Short description Automates collection, technical extraction, and automatic generation of Nuclei templates from public CVE PoCs.
Converts verified PoCs into reproducible detection templates ready for testing and distribution.

Purpose Provide a reliable pipeline that turns public proof-of-concept data into usable detection artifacts.
Reduce manual work involved in finding PoCs, extracting exploit details, validating sources, and building Nuclei templates.

How it works (technical summary) Runs a scheduled SSH job that executes vulnx with filters for recent, high-severity PoCs.
Parses the raw vulnx output and splits it into individual CVE entries.
Extracts structured fields: CVE ID, severity, title, summary, risk, remediation, affected products, POCs, and references.
Extracts URLs from PoC sections using regex.
Validates each URL with HTTP requests. Invalid or unreachable links are logged and skipped.
Uses an AI agent (OpenAI via LangChain) to extract technical artifacts: exploit steps, payloads, endpoints, raw HTTP requests/responses, parameters, and reproduction notes. The prompt forces technical-only output.
Sends the extracted technical content to ProjectDiscovery Cloud API to generate Nuclei templates.
Validates AI and API responses. Accepted templates are saved to a configured Google Drive folder.
Produces JSON records and logs for each processed CVE and URL.

Output Nuclei templates in ProjectDiscovery format (YAML) stored in Google Drive.
Structured JSON per CVE with metadata and extracted technical details.
Validation logs for URL checks, AI extraction, and template generation.

Intended audience Bug bounty hunters.
Security researchers and threat intel teams.
Automation engineers who need reproducible detection templates.

Setup & requirements n8n instance with workflow imported.
SSH access to a host with vulnx installed.
OpenAI API key for technical extraction.
ProjectDiscovery API key for template generation.
Google Drive OAuth2 credentials for storing templates.
Configure schedule trigger and target Google Drive folder ID.

Security and usage notes Performs static extraction and validation only. No active exploitation.
Processes only PoCs that meet configured filters (e.g., CVSS > 6).
Use responsibly. Do not target systems you do not own or have explicit permission to test.