pi install https://github.com/ethanolivertroy/kevin-pi

Terminal UI for searching CISA Known Exploited Vulnerabilities (KEV) catalog with EPSS exploit probability scores and an integrated AI agent for security analysis.

This repository is retained as the original Go/Bubble Tea implementation. The actively maintained successor is the Pi-native kevin-pi package.

For new usage, prefer the Pi-native successor:

pi install https://github.com/ethanolivertroy/kevin-pi

The legacy Go install instructions remain below for historical/reference purposes.

go install github.com/ethanolivertroy/kevs-tui@latest

git clone https://github.com/ethanolivertroy/kevs-tui.git
cd kevs-tui
go build -o kevs-tui .

# Browse KEV catalog with KEVin AI sidebar
kevs-tui

# Chat with KEVin AI only
kevs-tui agent

# One-shot query
kevs-tui agent "show me critical Microsoft vulnerabilities"

# Start A2A server
kevs-tui serve

• EPSS Scores - Exploit Prediction Scoring System data showing probability of exploitation
• Statistics Header - Total KEVs, ransomware count, overdue count at a glance
• Multiple Sort Options - Sort by date added, due date, EPSS score, or vendor
• Quick Filters - Filter to show only ransomware or overdue vulnerabilities
• Open in Browser - Launch NVD page directly from the TUI
• Copy to Clipboard - Quick copy CVE IDs
• Scrollable Detail View - Navigate long descriptions with keyboard/mouse
• Visual Indicators - Color-coded EPSS bars, overdue badges, ransomware flags
• Text Selection - Click-and-drag text selection in chat and detail views

Natural language interface for querying the KEV catalog with GRC control mapping and analytics.

Press Ctrl+P or Ctrl+K for quick access to all commands with fuzzy search.

• Top vendors chart
• Monthly timeline
• CWE distribution
• Ransomware usage breakdown
• Risk distribution by EPSS

Available themes: default, dracula, catppuccin, nord

Export filtered or full catalog to JSON, CSV, or Markdown formats.

kevs-tui

Browse the KEV catalog with KEVin AI sidebar. Toggle the sidebar with \.

# Interactive chat
kevs-tui agent

# One-shot query
kevs-tui agent "Microsoft vulnerabilities with ransomware"

Run as an Agent-to-Agent protocol server for integration with other tools:

# Default port 8001
kevs-tui serve

# Custom port
kevs-tui serve --port 9000

KEVin supports multiple LLM providers. Set LLM_PROVIDER and the required API key:

Override the model with LLM_MODEL:

export LLM_MODEL=gemini-1.5-pro

Google Gemini (default):

export GEMINI_API_KEY=your-api-key
kevs-tui agent

OpenRouter (access Claude, GPT-4, Llama, etc.):

export LLM_PROVIDER=openrouter
export OPENROUTER_API_KEY=sk-or-v1-xxxxx
kevs-tui agent

Ollama (local, no API key needed):

export LLM_PROVIDER=ollama
kevs-tui agent

• search_kevs - Search by keyword, vendor, or product
• get_cve_details - Detailed CVE info with EPSS scores
• list_ransomware_cves - CVEs used in ransomware campaigns
• list_overdue_cves - Past remediation due date
• get_stats - Catalog statistics
• export_report - Export to JSON/CSV/Markdown

• map_cve_to_controls - Map CVE to NIST 800-53, FedRAMP, or CIS Controls v8
• get_control_details - Security control details (e.g., SI-2, RA-5)
• list_controls - List controls by family or implementation group

• find_related_cves - Find CVEs related by CWE, vendor, or product
• get_vendor_risk_profile - Comprehensive vendor risk assessment
• batch_analyze - Analyze multiple CVEs with prioritization
• analyze_cwe - Deep dive on a CWE with affected vendors
• check_exploit_availability - Check for public exploits (GitHub PoCs, Nuclei)
• check_patch_status - Check for patches and advisories
• analyze_trends - Vulnerability trends over time

• KEV Catalog: CISA KEV Data - Official GitHub mirror
• EPSS Scores: FIRST EPSS API - Exploit probability predictions
• CVSS Metrics: NVD API - CVSS scores and assessments

MIT