# cve-poc-mon

## What this is

GitHub CVE Proof of Concept scraper, deployed with GitHub actions to fetch and clone any newly published CVE PoCs matching the format of `cve-<current_year>`, into the `pocs/` directory.

Cloned repositories are not added as submodules and a workflow step renames all `.git` directories into `.git.bak`; this can be reverted to inspect commit history.

You can find the live version hosted through GitHub Pages at [https://cve.heqnx.com](https://cve.heqnx.com) and a simple RSS feed at [https://cve.heqnx.com/feed.xml](https://cve.heqnx.com/feed.xml)

## Run it yourself

Compile `cve-poc-mon` from the `src/` directory with either `go build`, `make` for all targets, or `make <target>` for a specific target (e.g., `make linux-amd64`).

Set up your own GitHub Actions workflow; check [.github/workflows/cve-poc-mon.yaml](.github/workflows/cve-poc-mon.yaml) to see how it runs in this repo.

## Cleanup steps for multiple binary blobs commited

- check blobs

```
git rev-list --objects --all | git cat-file --batch-check='%(objecttype) %(objectname) %(objectsize) %(rest)' | awk '$1 == "blob" && $3 > 100000' | sort -k3nr
```

- remove blobs

```
git filter-repo --invert-paths --path cve-poc-mon
```

- expire reflogs, gc

```
git reflog expire --expire=now --all
```

- force-push to remote repo

```
git push origin --force --all
```