Security researcher outreach tool · Python · self-hosted · Hetzner CX22
Find the people who actually fix vulnerabilities. A pipeline that takes a Boolean CVE query, hunts GitHub for merged patches, surfaces the contributors who wrote the fix, extracts their contact info from git history, and hands you a direct outreach path. Built for security recruiting — reach developers at the exact moment their fix proves they know the problem space cold.
How it works
you
Boolean query
(python AND fuzzer) AND (rce OR "remote code execution")
CVE lookup
NVD API · OSV.dev · CISA KEV
Returns: CVE ID · CWE · EPSS · KEV flag · severity · description
Returns: CVE ID · CWE · EPSS · KEV flag · severity · description
CVE results list
You scan and pick the CVEs worth investigating
click to investigate
Live GitHub search — PyGithub API
"CVE-2024-XXXX" is:pr is:merged
Returns: PRs · commit authors · reviewers · orgs · repos
Returns: PRs · commit authors · reviewers · orgs · repos
Contributor card
GitHub handle · public org · PR role · languages · fix history
Ollama 2-line digest of the PR (optional)
Ollama 2-line digest of the PR (optional)
if worth contacting
.patch email extraction
Pulls commit email direct from git history
Direct outreach
"I saw your fix for CVE-2024-XXXX in [repo]..."
Python · FastAPI · NVD API · PyGithub · Ollama (optional) · Hetzner CX22
Stack