CQR Exploit Monitoring is an automated system that collects information about technologies and services used on a target website and searches for associated vulnerabilities, exploits, and related news.
While large vulnerability databases exist, they are typically designed for manual analysis. CryEye’s Exploit Monitoring filters, correlates, and analyzes findings automatically — a feature rarely available in existing tools.
The process includes 4 automated steps:
Technologies are identified using WebAnalyzer and Wappalyzer.
Services are detected via CLI tools like nmap, netcat, and curl.
Example:
Vulnerabilities and exploits are retrieved from:
The system determines relevance by matching version ranges and analyzing exploit headers using custom algorithms.
For Apache 2.4:
No version range:
Higher than target version:
Lower than target version:
Metasploit Modules:
Exploit Histogram:
CVE data is sourced from:
CVEs are matched against technologies and services using version-aware logic.
Visualizations:
CVE Histogram:
CNNVD CVEs:
Vulners CVEs:
CryEye also tracks news, GitHub repositories, and PoCs related to technology vulnerabilities, helping users stay ahead of active exploitation.
Examples:
News feed:
GitHub repos:
News from multiple sources:
Add an Asset of type Technology
→ Go to Assets
Create a Simple Audit Project of type Exploit Monitoring
→ Projects Dashboard
Open the project/workflow, create and run the scan
View results inside workflow