This site uses cookies. Learn more.


Welcome to CSTOOL.io

CVE search and vulnerability management

Start now

Software has bugs. Bugs are bad.

Bugs cause vulnerabilities. Attackers exploit these vulnerabilities to compromise your systems. Installing updates solves the problem - some of the time. Sometimes you cannot install an update because of existing software dependencies. Sometimes there is no update: zero-day vulnerabilities can exist for weeks until mitigation becomes possible. CSTOOL.io will help you to know which vulnerabilities are most relevant for you and decide what to do about them.

Your 90 day patch cycle time is fine - if you prioritize correctly

The average time-to-patch in most organizations is 50-120 days. Is this fast enough, when exploits for publicly known vulnerabilities take 15 days or less to appear? Yes! But only if you identify and expedite high risk vulnerabilities. CSTOOL.io will help you with that. You can get started immediately - no need to set up scanning hardware or deploy software agents.

CSTOOL.io reads the news

Ever notice how trading apps always show related news next to the stock chart? This is because you need to know what is happening to be able to react quickly. CSTOOL.io does the same thing, but for vulnerabilities. CSTOOL.io continuously monitors official sources for vulnerabilities in software and hardware. But it also reads the news and matches the articles to weaknesses in your IT environment. You simply add the products that you are using to your inventory.

Compliance and Standards

Comply with standards and frameworks like

ISO/IEC 27001:2013 A.12.6.1, A.18.2.2
NIST SP 800-53 Rev. 4 RA-3, RA-5 and SI-2


Don't know where to start? Try this:

With AttackSrfc you don't have to setup a host- or network-based scanner to get your vulnerability- and patch management-processes going.

The CPE inventory and CVE search allows you to get started immediately.

You can patch vulnerable a system, cordon it, shut it down temporarily or monitor it more closely. You could find out that the risk is negligible in your specific case and you have to do nothing at all. But to be able to make that right choice at the right time you need to be informed. CSTOOL.io keeps you informed.

A security scan of a system will give you a detailed view of the vulnerabilities present on that particular system. But what about systems you cannot scan, such as those of vendors, partners or SaaS solutions? You can use AttackSrfc to get a quick view of publicly known vulnerabilities to start a qualified discussion with your third parties about their mitigation workflow.

Let me see how that works!