A scheduled GitHub Actions workflow that polls public OSINT sources for mentions of exploitation, proof-of-concept activity, or zero-day claims. Findings are filtered to exclude entries already in the Known Exploited Vulnerabilities (KEV) Catalog.
- Runs every 30 minutes (
cron */30 * * * *) - Scraper collects items from
config/sources.yaml - CVEs and keywords are extracted and classified
- Anything already on KEV is ignored
- When new items are found:
- A summary comment is posted to a tracking GitHub Issue
docs/_data/latest.jsonis updated- GitHub Pages (Jekyll) renders
docs/index.md
- Enable GitHub Pages: Settings → Pages → Deploy from a branch → Branch: main → Folder: /docs.
- Add optional secret
KEV_FEED_URLif you want to override the default KEV JSON endpoint. - Edit
config/sources.yamlto add/remove feeds. - Set
ALERT_ASSIGNEEin.github/workflows/osint.ymlto your GitHub username.
- Only public sources are accessed; respect robots.txt and terms of service.
- No SMTP needed: GitHub Issue comments/mentions trigger email notifications automatically.
- The site uses Jekyll/Liquid; CVEs auto-link to CVE.org.
MIT (or your choice)