A Telegram bot that monitors the nomi-sec/PoC-in-GitHub repository for new Proof of Concept (PoC) exploits and allows users to query CVEs by year.
- Automated Monitoring: Checks for new commits in the PoC repository every 24 hours and sends notifications to a specified Telegram chat.
- Smart Startup & Catch-up: On startup, the bot notifies the user of the last date it sent a PoC notification and aligns with the repository head without spamming old notifications. The user can catch up on missed PoCs at any time using
/catchup. - Detailed Notifications: Includes CVE ID, repository description, and direct links to the PoC repositories.
- On-Demand Queries: Use the
/cvecommand to fetch the latest PoCs for any given year. - Environment Driven: Configuration is handled via
.envfile for security.
/cve <year> <count>- Fetches the topcountPoCs for the specifiedyear(e.g./cve 2024 5)./cve <CVE-ID>- Fetches the PoCs for a specific CVE (e.g./cve CVE-2002-1614)./catchup- Catch up on missed PoCs that were added while the bot was offline.
- Go 1.26 or higher
- A Telegram Bot Token (from @BotFather)
- A Telegram Chat ID (where the bot will send background updates)
- (Optional) A GitHub Personal Access Token to avoid API rate limiting
-
Clone the repository:
git clone <your-repo-url> cd nomi-sec-bot
-
Install dependencies:
go mod download
-
Create a
.envfile in the root directory:TELEGRAM_BOT_TOKEN=your_bot_token_here TELEGRAM_CHAT_ID=your_chat_id_here GITHUB_TOKEN=your_github_token_here (optional)
-
Build both applications using the Makefile:
make
Alternative commands:
- Build only Telegram Bot:
make nomi-sec-bot - Build only TUI App:
make cve-tui - Clean built binaries:
make clean - Run TUI directly:
make run-tui - Run Bot directly:
make run-bot
- Build only Telegram Bot:
Start the bot by running the executable:
./nomi-sec-botThe bot will initialize, register its command menu, and start the background checker immediately.
The project now includes a rich, high-fidelity terminal user interface (TUI) console app built with the Bubble Tea framework.
Run the TUI:
./cve-tuior run it directly:
go run cmd/tui/main.go- Latest 5 PoCs: The main page displays the 5 most recent PoCs fetched dynamically from recent commits on the repository.
- On-Demand Query: Search by Year and Count (e.g.,
2024 5) or directly by specific CVE ID (e.g.,CVE-2024-1234).
- Tab / Shift+Tab: Switch between the "Latest 5 PoCs" and "Query CVE" tabs
- 1, 2: Quick jump to Tab 1 (Latest PoCs) or Tab 2 (Query CVE)
- Up / Down Arrow: Navigate / select PoC entries (in "Query CVE" tab, press
Downto blur the search box and focus the results list; pressUpon the first result to refocus the search box) - Esc / /: Focus search input (Query CVE Tab)
- R: Refresh the latest 5 PoCs (Latest PoCs Tab)
- Enter: Open selected PoC in browser (Latest PoCs Tab, or Query CVE Tab when results are focused); submit search (Query CVE Tab when search input is focused)
- O: Open selected PoC in browser (both tabs)
- Q / Ctrl+C: Quit the application
This project is open-source and available under the GNU General Public License v3.0 (GPL-3.0). See the LICENSE file for details.