What It Does#
Terminal UI for browsing CISA’s Known Exploited Vulnerabilities (KEV) catalog. EPSS exploit probability scores alongside each vulnerability so you can prioritize what actually matters.
Install#
go install github.com/ethanolivertroy/kevs-tui@latestOr build from source:
git clone https://github.com/ethanolivertroy/kevs-tui.git
cd kevs-tui
go build -o kev .Why#
Sometimes you just want to quickly check what’s in the KEV catalog without dealing with spreadsheets or web UIs. Plus having EPSS scores right there helps prioritize.
Built with Go and Bubbletea - same TUI framework I used for CMVP TUI and Vanta Go Export.
KEVin - AI Agent Integration#
I’m working on KEVin, an A2A Protocol-compliant intelligent agent that transforms kevs-tui from a data browser into a KEV reasoning engine. KEVin provides context, prioritization, and actionability around the CISA Known Exploited Vulnerabilities catalog.
The Vision#
Problem: The KEV catalog is raw signal. Security teams, auditors, and GRC engineers need context, not just CVE IDs.
Solution: An A2A-compliant agent layer that answers “Why does this matter?” and “What do I do about it?”
Architecture#
KEVin is built on the Agent-to-Agent (A2A) Protocol - an open standard from Google/Linux Foundation for agent interoperability. This enables:
- Interoperability: KEVin can communicate with agents built on LangGraph, CrewAI, Semantic Kernel, etc.
- Composability: Chain KEVin with other security agents (SBOM analyzers, threat intel, compliance checkers)
- Opaque Execution: Internal reasoning and tools stay private
- Go SDK Integration: Native integration with existing kevs-tui codebase
KEVin will be accessible via:
- TUI Integration: Agent panel within existing Bubbletea interface
- CLI Command: Standalone
kevincommand for scripting/automation - A2A Endpoint: Remote agent communication for multi-agent workflows
Planned Features#
Phase 1: Context-Enrichment Engine
- Attack chain placement (initial access, privesc, lateral movement, impact)
- Threat actor usage classification (APT vs crimeware vs ransomware)
- Exploit maturity assessment (PoC vs weaponized vs wormable)
- MITRE ATT&CK technique mapping
Phase 2: GRC Integration
- KEV → Control mapping (NIST 800-53, FedRAMP 20x KSIs, ISO 27001, CIS Controls)
- Evidence & audit assistant (checklists, suggested commands/logs, SSP/SAR templates, POA&M entries)
- Deadline & SLA intelligence (CISA deadlines, FedRAMP timelines, urgency explanation)
Phase 3: Environment Awareness
- Environment-aware relevance scoring (cloud provider, SaaS inventory, OS/middleware stack)
- Exploit chain reasoning (realistic exploitation paths, common follow-on techniques)
Phase 4: Strategic Intelligence
- KEV drift & trend analysis (vendor reputation tracking, technology class trends)
- Predictive KEV candidate scoring
Phase 5: Integration & Automation
- Integration hooks (Jira, ServiceNow, GitHub Issues, Slack/Teams)
- Multi-agent workflows via A2A
See Issue #14 for the full roadmap and technical details.
Planned Enhancements#
I’m actively working on several enhancements to expand kevs-tui’s capabilities:
- KEVin: A2A-Compliant CISA KEV Reasoning Agent (#14) - AI agent integration for contextual KEV analysis
- Display KEV catalog metadata (#12) - Show version and last updated information
- MITRE ATT&CK mapping (#11) - Add threat context for vulnerabilities
- Exploit-DB integration (#10) - Show public exploit availability
- Nuclei template availability (#9) - Indicator for Nuclei template existence
- Extended NVD data (#8) - References, CPE, and dates from NVD
- GreyNoise integration (#7) - Active exploitation data
- VulnCheck integration (#6) - Exploit intelligence
See all open issues for the complete roadmap.
Cross-platform binaries via GoReleaser.
