ThreatForce: The Vulnerability and Threat Search & Correlation Engine

NopSec has just launched ThreatForce – a flagship security vulnerability search engine that makes it easy for security analysts to gain a consolidated view of vulnerabilities by CVE correlated with threat, exploit and other public sources.


NopSec ThreatForce offers a summary and detailed results with correlation and links to:

  • Exploit-DB and Metasploit DB of exploits
  • All related patch links under different vendors covering Linux, Unix, Windows, and mobile OS flavors.
  • Snort and Suricata IDS signatures
  • Correlated DB of malware and exploit kits
  • CWE, CPE, CAPEC and OVAL related links.
  • CVSS score and related components
  • Date published
  • OS
  • Attack vector

On the left-hand side of the result page you can see the advanced filters that help narrow down the orginal query results. Some of the filters that can be applied include:

  • CVEs with patches
  • CVEs related to malware
  • CVEs with public exploits
  • CVEs found in exploit packs
  • Risk Factor
  • CVSS score slider
  • Vendors (CPE)
  • Attack Vectors (CWE)
  • Published date
  • A number of reference links can also be found in the detail section of the CVE, found by clicking on it.

As a use-case / example, you can plug in the following search string to find all the vulnerabilities in JAVA related to version 6 and 7.

The ThreatForce search engine and backend database is updated on a daily basis. More details and correlations will be added to the search engine in future releases.  We welcome your ideas on additional sources you would like to see included.  Send your feedback to

We invite you to take ThreatForce for a spin. Happy vulnerability hunting!!