Enterprise-grade vulnerability intelligence and prioritization platform
Powered by RogoLabs | Originally created by Jerry Gamblin
PatchThisApp transforms vulnerability management by providing actionable intelligence that cuts through the noise of thousands of CVEs published monthly. Our platform aggregates and analyzes data from industry-leading sources to deliver a curated, prioritized list of vulnerabilities that matter most to your organization.
- Intelligent Prioritization: ML-driven scoring and analysis to focus on the most critical threats
- Real-time Intelligence: Continuous monitoring and updates from trusted security sources
- Modern Web Interface: Single-page application with dashboard analytics, data explorer, and dark mode
- CSV Data Export: Generated vulnerability dataset for integration into your workflows
- Enterprise Ready: Professional interface suitable for executive reporting
- Open Source: Transparent, community-driven development
Our platform integrates data from the most trusted vulnerability intelligence sources:
| Source | Description | Update Frequency |
|---|---|---|
| CISA KEV Catalog | Known Exploited Vulnerabilities actively targeted in the wild | Daily |
| Rapid7 Metasploit | Battle-tested exploit modules used by security professionals | Continuous |
| Project Discovery Nuclei | Community-driven vulnerability detection templates | Continuous |
| EPSS Scoring | ML-driven exploit prediction scores (>0.95 threshold) | Daily |
- Python 3.10+ (for data processing)
- Web server (for hosting static files)
-
Clone the repository
git clone https://github.com/RogoLabs/patchthisapp.git cd patchthisapp -
Install dependencies
pip install -r requirements.txt
-
Generate vulnerability data
python patchthisapp.py
-
Serve the web interface
# Using Python's built-in server cd web python -m http.server 8000 # Or using any web server of your choice
-
Access the dashboard Open your browser to
http://localhost:8000
patchthisapp/
├── patchthisapp.py # Core data processing engine
├── requirements.txt # Python dependencies
├── web/ # Static web interface
│ ├── index.html # Single-page application
│ ├── modern.css # Modern styling
│ └── data.csv # Generated vulnerability data
├── data/ # Raw data sources
│ └── data.csv # Processed vulnerability dataset
├── scripts/ # Helper scripts for data and analysis
│ ├── local_data.py # Download all required data for local testing
│ └── column_summary.py # Print summary stats for key columns
└── README.md # This file
The patchthisapp.py script is the heart of our intelligence platform:
Key Features:
- Automated Data Collection: Fetches from multiple trusted sources
- Data Normalization: Standardizes formats and removes duplicates
- Intelligent Scoring: Applies EPSS and CVSS scoring for prioritization
- Export Capabilities: Generates CSV output
- Error Handling: Robust error management and logging
Output Columns:
CVE: CVE identifierCVSS Score: Severity score (0.0–10.0)CVSS_Vector: CVSS attack vector string (e.g., CVSS:3.1/AV:N/AC:L/...)EPSS: Exploit Prediction Scoring System score (0.0–1.0)CWE: Common Weakness Enumeration identifier (e.g., CWE-79, CWE-89)Description: Vulnerability description from NVDPublished: Publication date (YYYY-MM-DD)Source: Intelligence source attribution (Metasploit/Nuclei/CISA/EPSS)CPE: Common Platform Enumeration URIs (semicolon-separated)Vendor: Primary vendor (from NVD CPE data)Affected Products: Main affected product(s) (from NVD CPE data)
Usage:
# Basic usage
python patchthisapp.py
# With custom output path
python patchthisapp.py --output /path/to/output.csv
# Custom EPSS threshold
python patchthisapp.py --epss-threshold 0.90
# Verbose logging
python patchthisapp.py --verbose
# Dry run (report what would be produced without writing files)
python patchthisapp.py --dry-runThe web interface is a single-page application built with vanilla HTML, CSS, and JavaScript. It loads data.csv and renders four main sections:
- Hero: Overview of the platform with key statistics and call-to-action links
- Dashboard: Vulnerability analytics with Chart.js visualizations including timeline trends, source distribution, CVSS score breakdown, attack vector analysis, EPSS distribution, and top affected products
- Data Explorer: Full data table with search filtering, sortable columns, and pagination for browsing the complete vulnerability dataset
- Sources: Intelligence source details and attribution
Additional features:
- Dark mode toggle for comfortable viewing in any environment
- Pagination with configurable page sizes for navigating large datasets
- Real-time search to instantly filter vulnerabilities by any field
- Chart.js visualizations for at-a-glance trend and distribution analysis
- Responsive design that works on desktop, tablet, and mobile
The generated data.csv includes the following columns:
| Column | Description | Example |
|---|---|---|
CVE |
CVE identifier | CVE-2024-0001 |
CVSS Score |
Severity score (0.0–10.0) | 9.8 |
CVSS_Vector |
CVSS v3.1 vector string | CVSS:3.1/AV:N/AC:L/... |
EPSS |
Exploit prediction score (0.0–1.0) | 0.97 |
CWE |
Weakness classification | CWE-79 |
Description |
Vulnerability description from NVD | ... |
Published |
Publication date | 2024-01-15 |
Source |
Intelligence source attribution | Metasploit/CISA |
CPE |
Platform enumeration URIs | cpe:2.3:a:vendor:... |
Vendor |
Primary vendor (from CPE) | Apache |
Affected Products |
Main affected product (from CPE) | Http Server |
Download all required data for local testing:
python scripts/local_data.pyThis will fetch the latest NVD, CISA KEV, Metasploit, Nuclei, and EPSS data. Supports macOS and Linux.
Print summary statistics for Vendor, Affected Products, and CVSS_Vector columns:
python scripts/column_summary.pyThis will print counts, unique values, and top values for the new columns in data/data.csv.
Extend the platform by adding custom data sources in patchthisapp.py:
def load_custom_source(source_url: str) -> pd.DataFrame:
# Your custom data loading logic
passDeploy to any static hosting platform:
- GitHub Pages: Automatic deployment from repository
- Netlify: Drag-and-drop deployment
- AWS S3: Static website hosting
- Cloudflare Pages: Global CDN deployment
FROM nginx:alpine
COPY web/ /usr/share/nginx/html/
EXPOSE 80- HTTPS: Always use SSL in production
- CDN: Implement content delivery network
- Analytics: Add usage tracking if needed
- Automation: Schedule regular data updates
We welcome contributions from the security community! Here's how you can help:
- Bug Reports: Report issues or inconsistencies
- Feature Requests: Suggest new capabilities
- Documentation: Improve guides and examples
- Code Contributions: Submit pull requests
- Data Sources: Suggest additional intelligence feeds
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
- Follow PEP 8 for Python code
- Use meaningful commit messages
- Include documentation for new features
- Ensure backward compatibility
- ~2,000+ actively tracked CVEs
- 4 primary intelligence sources
- 24/7 monitoring and updates
- 99.9% uptime target
- <2s page load time
- Real-time search and filtering
- Mobile-optimized responsive design
- Lightweight ~100KB total assets
- No Data Collection: We don't track users or collect personal data
- Open Source: Complete transparency in methodology
- Secure Sources: All data from verified, trusted sources
- Regular Updates: Continuous security monitoring
Copyright (c) 2026 RogoLabs. This project is licensed under the MIT License - see the LICENSE file for details.
- Jerry Gamblin - Original creator and vision
- RogoLabs - Current maintainer and platform provider
- Security Community - Contributors and data source providers
- Open Source Projects - CISA, Rapid7, Project Discovery, and FIRST
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Website: RogoLabs
- Email: Contact through RogoLabs website