Upload 36 files

.env.template

@@ -0,0 +1,20 @@
+# Copy this file to .env and uncomment/modify the variables you need.
+
+# NOTES:
+# 1. For Hugging Face usage: Only HF_TOKEN is required or set in UI
+# 2. For Ollama usage: Uncomment MODEL_ID, OPENAI_API_BASE, and OPENAI_API_KEY
+
+
+# HUGGING FACE CONFIGURATION (RECOMMENDED)
+HF_TOKEN=your_huggingface_token_here
+MODEL_ID=Qwen/Qwen2.5-Coder-32B-Instruct
+
+
+# OLLAMA CONFIGURATION (LOCAL MODELS)
+# To use Ollama with local models, uncomment and configure these variables:
+# This uses OpenAI-compatible variables for Ollama integration
+
+# MODEL_ID=qwen2.5-coder:7b # replace with any model (qwen2.5-coder is recommended)
+# OPENAI_API_BASE=http://localhost:11434/v1
+# OPENAI_API_KEY=ollama
+

.gitattributes

@@ -0,0 +1,35 @@
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.arrow filter=lfs diff=lfs merge=lfs -text
+*.bin filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.ckpt filter=lfs diff=lfs merge=lfs -text
+*.ftz filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.h5 filter=lfs diff=lfs merge=lfs -text
+*.joblib filter=lfs diff=lfs merge=lfs -text
+*.lfs.* filter=lfs diff=lfs merge=lfs -text
+*.mlmodel filter=lfs diff=lfs merge=lfs -text
+*.model filter=lfs diff=lfs merge=lfs -text
+*.msgpack filter=lfs diff=lfs merge=lfs -text
+*.npy filter=lfs diff=lfs merge=lfs -text
+*.npz filter=lfs diff=lfs merge=lfs -text
+*.onnx filter=lfs diff=lfs merge=lfs -text
+*.ot filter=lfs diff=lfs merge=lfs -text
+*.parquet filter=lfs diff=lfs merge=lfs -text
+*.pb filter=lfs diff=lfs merge=lfs -text
+*.pickle filter=lfs diff=lfs merge=lfs -text
+*.pkl filter=lfs diff=lfs merge=lfs -text
+*.pt filter=lfs diff=lfs merge=lfs -text
+*.pth filter=lfs diff=lfs merge=lfs -text
+*.rar filter=lfs diff=lfs merge=lfs -text
+*.safetensors filter=lfs diff=lfs merge=lfs -text
+saved_model/**/* filter=lfs diff=lfs merge=lfs -text
+*.tar.* filter=lfs diff=lfs merge=lfs -text
+*.tar filter=lfs diff=lfs merge=lfs -text
+*.tflite filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.wasm filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
+*tfevents* filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1,35 @@
+# Python virtual environment
+venv/
+env/
+ENV/
+
+# Python cache files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# Distribution / packaging
+dist/
+build/
+*.egg-info/
+
+# Environment variables
+.env
+
+# IDE specific files
+.idea/
+.vscode/
+*.swp
+*.swo
+
+# Project specific
+downloads_folder/
+*.log
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# Local development settings
+*.local
+
+.gradio

LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

README.md

@@ -0,0 +1,83 @@
+# Open Deep Research Vulnerability Intelligence
+
+**Open Deep Research Vulnerability Intelligence** is an AI-powered platform for automated vulnerability and threat intelligence research, built on [Hugging Face's Open Deep Research](https://huggingface.co/blog/open-deep-research) architecture.
+
+## 🎯 What it does
+
+This AI agent specializes in automated vulnerability research and analysis. It searches across multiple security databases to provide comprehensive vulnerability intelligence reports with CVSS scores, EPSS predictions, and remediation advice.
+
+## 🎯 Motivation
+
+The rapid growth of software systems and the increasing complexity of digital infrastructures have led to an explosion in the number and diversity of software vulnerabilities. Traditional manual approaches to vulnerability intelligence are no longer sufficient to keep pace with the evolving threat landscape. There is a critical need for automated, scalable, and intelligent systems that can:
+
+- Aggregate and correlate data from multiple heterogeneous sources (NVD, CVEDB, KEV, EPSS, etc.)
+- Provide timely, actionable insights for security analysts and decision-makers
+- Reduce the cognitive load and manual effort required for vulnerability triage and reporting
+- Enable reproducible, transparent, and explainable research in vulnerability intelligence
+
+This project addresses these challenges by leveraging state-of-the-art language models and multi-source data aggregation, providing a research-grade platform for both academic and industry use.
+
+## 🛠️ Available Tools & APIs
+
+- **🛡️ [NIST NVD](https://nvd.nist.gov/)** - National Vulnerability Database (free API)
+- **📊 [Shodan CVEDB](https://cvedb.com/)** - Comprehensive vulnerability database (free API)  
+- **⚠️ [KEVin](https://kevin.gtfkd.com/)** - Known Exploited Vulnerabilities database (free API)
+- **📈 [EPSS](https://www.first.org/epss/)** - Exploit Prediction Scoring System (free API)
+- **🌐 Web Browser** - Navigate and extract information from web pages
+
+## 🚀 Features
+
+- **Multi-Source Intelligence**: Searches NVD, CVEDB, KEV, EPSS, and web sources
+- **Smart Product Detection**: Automatically strips version numbers for accurate searches
+- **Comprehensive Reports**: Generates detailed vulnerability reports with hyperlinks
+- **Session Management**: Secure API key handling with session-based storage
+- **Responsive UI**: Works on desktop and mobile devices
+- **Example Prompts**: Built-in examples to get started quickly
+
+## 📋 Requirements
+
+- Python 3.8+
+- Hugging Face API key (free)
+- Internet connection
+- **Optional**: [Ollama](https://ollama.ai/) for local model inference
+
+## 🚀 Quick Start
+
+```bash
+# Clone the repository
+git clone https://github.com/mcdaqc/open-deep-research-vulnerability-intelligence.git
+cd open-deep-research-vulnerability-intelligence
+
+# Create virtual environment
+python -m venv venv
+venv\Scripts\activate  # Windows
+# source venv/bin/activate  # Linux/Mac
+
+# Install dependencies
+pip install -r requirements.txt
+
+# Run the application
+python app.py
+```
+
+
+
+
+
+## 🏗️ Project Structure
+
+```
+├── app.py                   # Main application with Gradio UI
+├── scripts/                 # Tool implementations
+    ├── cvedb_tool.py        # Shodan CVEDB integration
+    ├── nvd_tool.py          # NIST NVD integration
+    ├── kevin_tool.py        # KEVin database integration
+    ├── epss_tool.py         # EPSS scoring integration
+    └── text_web_browser.py  # Web browsing capabilities
+```
+
+
+
+---
+
+**Powered by** <img src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/smolagents/mascot_smol.png" width="20" height="20" style="vertical-align: middle; margin-right: 8px;"> **[hf/smolagents](https://github.com/huggingface/smolagents)**

app.py

@@ -0,0 +1,999 @@
+import json
+import mimetypes
+import os
+import re
+import shutil
+import threading
+from typing import Optional
+from loguru import logger
+from datetime import datetime
+
+import gradio as gr
+from dotenv import load_dotenv
+from huggingface_hub import login, HfApi
+from smolagents import (
+    CodeAgent,
+    InferenceClientModel,
+    Tool,
+    DuckDuckGoSearchTool,
+)
+from smolagents.agent_types import (
+    AgentAudio,
+    AgentImage,
+    AgentText,
+    handle_agent_output_types,
+)
+from smolagents.gradio_ui import stream_to_gradio
+
+from scripts.text_inspector_tool import TextInspectorTool
+from scripts.text_web_browser import (
+    ArchiveSearchTool,
+    FinderTool,
+    FindNextTool,
+    PageDownTool,
+    PageUpTool,
+    SimpleTextBrowser,
+    VisitTool,
+)
+from scripts.visual_qa import visualizer
+from scripts.cvedb_tool import CVEDBTool
+from scripts.report_generator import ReportGeneratorTool
+from scripts.epss_tool import EpsTool
+from scripts.nvd_tool import NvdTool
+from scripts.kevin_tool import KevinTool
+
+# web_search = GoogleSearchTool(provider="serper")
+web_search = DuckDuckGoSearchTool()
+
+AUTHORIZED_IMPORTS = [
+    "requests",
+    "zipfile",
+    "pandas",
+    "numpy",
+    "sympy",
+    "json",
+    "bs4",
+    "pubchempy",
+    "xml",
+    "yahoo_finance",
+    "Bio",
+    "sklearn",
+    "scipy",
+    "pydub",
+    "PIL",
+    "chess",
+    "PyPDF2",
+    "pptx",
+    "torch",
+    "datetime",
+    "fractions",
+    "csv",
+    "plotly",
+    "plotly.express",
+    "plotly.graph_objects",
+    "jinja2",
+]
+
+load_dotenv(override=True)
+
+# Only login if HF_TOKEN is available and valid in environment
+if os.getenv("HF_TOKEN"):
+    try:
+        login(os.getenv("HF_TOKEN"))
+        logger.info("Successfully logged in with HF_TOKEN from environment")
+    except Exception as e:
+        logger.warning(f"Failed to login with HF_TOKEN from environment: {e}")
+        logger.info("You can still use the application by providing a valid API key in the interface")
+
+append_answer_lock = threading.Lock()
+
+custom_role_conversions = {"tool-call": "assistant", "tool-response": "user"}
+
+user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Edg/119.0.0.0"
+
+BROWSER_CONFIG = {
+    "viewport_size": 1024 * 5,
+    "downloads_folder": "downloads_folder",
+    "request_kwargs": {
+        "headers": {"User-Agent": user_agent},
+        "timeout": 300,
+    },
+    "serpapi_key": os.getenv("SERPAPI_API_KEY"),
+}
+
+os.makedirs(f"./{BROWSER_CONFIG['downloads_folder']}", exist_ok=True)
+
+# Default Hugging Face model configuration
+model_id = os.getenv("MODEL_ID", "Qwen/Qwen2.5-Coder-32B-Instruct")
+logger.info(f"Default Hugging Face model: {model_id}")
+
+# Define text_limit before using it
+text_limit = 20000
+
+# Default model (will be overridden by session-specific models)
+# Note: This model may not work without a valid API key
+default_model = None
+ti_tool = None
+
+# Only try to create default model if we have a valid token
+if os.getenv("HF_TOKEN"):
+    try:
+        # Test if the token is valid
+        api = HfApi(token=os.getenv("HF_TOKEN"))
+        api.whoami()  # This will raise an exception if token is invalid
+        # If we get here, token is valid
+        default_model = InferenceClientModel(
+            model_id,
+            custom_role_conversions={
+                "tool-call": "assistant",
+                "tool-response": "user"
+            },
+            token=os.getenv("HF_TOKEN")
+        )
+        ti_tool = TextInspectorTool(default_model, text_limit)
+        logger.info("Default model created successfully with valid token")
+    except Exception as e:
+        logger.warning(f"Failed to create default model: {e}")
+        default_model = None
+        ti_tool = None
+else:
+    logger.info("No HF_TOKEN provided, default model will be created when user provides API key")
+
+browser = SimpleTextBrowser(**BROWSER_CONFIG)
+
+# Tool configuration
+cvedb_tool = CVEDBTool()
+report_generator = ReportGeneratorTool()
+epss_tool = EpsTool()
+nvd_tool = NvdTool()
+kevin_tool = KevinTool()
+
+# Default tools (will be updated with session-specific models)
+WEB_TOOLS = [
+    web_search,  # duckduckgo
+    VisitTool(browser),
+    PageUpTool(browser),
+    PageDownTool(browser),
+    FinderTool(browser),
+    FindNextTool(browser),
+    ArchiveSearchTool(browser),
+] + ([ti_tool] if ti_tool else []) + [
+    cvedb_tool,  # CVEDB Tool
+    # report_generator,  # Report generation tool - COMMENTED: Only works locally
+    epss_tool,  # EPSS Tool
+    nvd_tool,  # NVD Tool
+    kevin_tool,  # KEVin Tool
+]
+
+def validate_hf_api_key(api_key: str) -> tuple[bool, str]:
+    """Validate Hugging Face API key by making a test request."""
+    if not api_key or not api_key.strip():
+        return False, "❌ API key cannot be empty"
+    
+    api_key = api_key.strip()
+    
+    # Basic format validation
+    if not api_key.startswith("hf_"):
+        return False, "❌ Invalid API key format. Hugging Face API keys start with 'hf_'"
+    
+    try:
+        # Test the API key by making a simple request
+        api = HfApi(token=api_key)
+        # Try to get user info to validate the token
+        user_info = api.whoami()
+        return True, f"✅ API key validated successfully! Welcome, {user_info.get('name', 'User')}!"
+    except Exception as e:
+        return False, f"❌ Invalid API key: {str(e)}"
+
+def create_model_with_api_key(hf_token: str, model_id: str = None) -> InferenceClientModel:
+    """Create a new InferenceClientModel instance with the provided HF_TOKEN."""
+    if not model_id:
+        model_id = os.getenv("MODEL_ID", "Qwen/Qwen2.5-Coder-32B-Instruct")
+    
+    logger.info(f"Creating model {model_id} with token: {hf_token[:10]}...")
+    
+    # First, try to login with the token to ensure it's properly set
+    try:
+        login(hf_token)
+        logger.info("Successfully logged in with token")
+    except Exception as e:
+        logger.warning(f"Login failed: {e}")
+    
+    # Create the model with explicit token
+    model = InferenceClientModel(
+        model_id,
+        custom_role_conversions={
+            "tool-call": "assistant",
+            "tool-response": "user"
+        },
+        token=hf_token
+    )
+    
+    # Verify the token is set correctly
+    if hasattr(model, 'token'):
+        logger.info(f"Model token attribute: {model.token[:10] if model.token else 'None'}...")
+    else:
+        logger.warning("Model does not have token attribute")
+    
+    # Test the model with a simple request to verify token works
+    try:
+        logger.info("Testing model with simple request...")
+        # This is a simple test to see if the model can be accessed
+        test_response = model.generate("Hello", max_new_tokens=5)
+        logger.info("Model test successful")
+    except Exception as e:
+        logger.error(f"Model test failed: {e}")
+        # Don't raise the exception, just log it
+    
+    logger.info(f"Model created successfully with token")
+    return model
+
+def create_tools_with_model(model: InferenceClientModel) -> list:
+    """Create tools list with the provided model."""
+    return [
+        web_search,  # duckduckgo
+        VisitTool(browser),
+        PageUpTool(browser),
+        PageDownTool(browser),
+        FinderTool(browser),
+        FindNextTool(browser),
+        ArchiveSearchTool(browser),
+        TextInspectorTool(model, text_limit),
+        cvedb_tool,  # CVEDB Tool
+        # report_generator,  # Report generation tool - COMMENTED: Only works locally
+        epss_tool,  # EPSS Tool
+        nvd_tool,  # NVD Tool
+        kevin_tool,  # KEVin Tool
+    ]
+
+# Agent creation in a factory function
+def create_agent(hf_token: str = None, model_id: str = None, max_steps: int = 10):
+    """Creates a fresh agent instance for each session"""
+    if not hf_token:
+        raise ValueError("A valid Hugging Face API key is required to create an agent.")
+    
+    logger.info(f"Creating agent with token: {hf_token[:10]}...")
+    
+    # Use session-specific model with HF_TOKEN
+    model = create_model_with_api_key(hf_token, model_id)
+    tools = create_tools_with_model(model)
+    
+    agent = CodeAgent(
+        model=model,
+        tools=[visualizer] + tools,
+        max_steps=max_steps,
+        verbosity_level=1,
+        additional_authorized_imports=AUTHORIZED_IMPORTS,
+        planning_interval=4,
+    )
+    
+    logger.info("Agent created successfully")
+    return agent
+
+# Only create document_inspection_tool if default_model is available
+if default_model:
+    document_inspection_tool = TextInspectorTool(default_model, 20000)
+else:
+    document_inspection_tool = None
+
+class GradioUI:
+    """A one-line interface to launch your agent in Gradio"""
+
+    def __init__(self, file_upload_folder: str | None = None):
+        self.file_upload_folder = file_upload_folder
+        if self.file_upload_folder is not None:
+            if not os.path.exists(file_upload_folder):
+                os.mkdir(file_upload_folder)
+        # Create reports directory
+        self.reports_folder = "reports"
+        if not os.path.exists(self.reports_folder):
+            os.mkdir(self.reports_folder)
+
+    def save_report(self, html_content: str) -> str:
+        """Saves the HTML report and returns the file path."""
+        timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
+        filename = f"vulnerability_report_{timestamp}.html"
+        filepath = os.path.join(self.reports_folder, filename)
+        
+        with open(filepath, "w", encoding="utf-8") as f:
+            f.write(html_content)
+            
+        return filepath
+
+    def validate_api_key(self, api_key: str) -> tuple[str, str]:
+        """Validate API key and return status message."""
+        is_valid, message = validate_hf_api_key(api_key)
+        if is_valid:
+            return message, "success"
+        else:
+            return message, "error"
+
+    def interact_with_agent(self, prompt, messages, session_state):
+        # Get or create session-specific agent
+        if "agent" not in session_state:
+            # Check if we have a valid HF_TOKEN in session
+            hf_token = session_state.get("hf_token")
+            
+            # If no token in session, try to get it from .env file
+            if not hf_token:
+                env_token = os.getenv("HF_TOKEN")
+                if env_token:
+                    hf_token = env_token
+                    session_state["hf_token"] = env_token
+                    session_state["max_steps"] = 10  # Default max_steps
+                    logger.info(f"Using HF_TOKEN from .env file: {env_token[:10]}...")
+                else:
+                    logger.warning("No API key found in session state or .env file")
+                    error_msg = "❌ No API key provided. Please enter your Hugging Face API key in the API Configuration section above or set HF_TOKEN in your .env file."
+                    messages.append(gr.ChatMessage(role="assistant", content=error_msg))
+                    yield messages
+                    return
+            
+            logger.info(f"Agent not in session, checking for token: {hf_token[:10] if hf_token else 'None'}...")
+            
+            if hf_token:
+                try:
+                    max_steps = session_state.get("max_steps", 10)
+                    session_state["agent"] = create_agent(hf_token, max_steps=max_steps)
+                    logger.info("Agent created successfully in interact_with_agent")
+                except Exception as e:
+                    logger.error(f"Failed to create agent in interact_with_agent: {e}")
+                    error_msg = f"❌ Failed to create agent with provided API key: {str(e)}"
+                    messages.append(gr.ChatMessage(role="assistant", content=error_msg))
+                    yield messages
+                    return
+        else:
+            logger.info("Agent already exists in session")
+        
+        # Adding monitoring
+        try:
+            # log the existence of agent memory
+            has_memory = hasattr(session_state["agent"], "memory")
+            print(f"Agent has memory: {has_memory}")
+            if has_memory:
+                print(f"Memory type: {type(session_state['agent'].memory)}")
+
+            # Prepare the system prompt
+            system_prompt = f"""You are a Vulnerability Intelligence Analyst. Complete the user request in {session_state.get('max_steps', 10)} steps maximum.
+
+AVAILABLE TOOLS: nvd_search, web_search, cvedb_search, kevin_search, epss_search
+
+CRITICAL RULES:
+1. VERSION ANALYSIS: 
+   - FIRST: Check current version via web search to understand the latest available version
+   - PRIORITY: When user asks for specific version, focus ONLY on vulnerabilities affecting that version and newer
+   - EXCLUDE OLDER: Do NOT report vulnerabilities that only affect older versions
+   - VERSION LOGIC: 
+     * "up to X" or "before X" = affects versions UP TO X, NOT newer versions
+     * "X+" or "X and later" = affects X and newer versions
+     * "X through Y" = affects versions X to Y inclusive
+   - CORRECT LOGIC: If CVE affects "up to v22.1" and user asks about v24.0 then v24.0 is NOT vulnerable
+   - CORRECT LOGIC: If CVE affects "v25.0+" and user asks about v24.0 then v24.0 is NOT vulnerable
+   - CORRECT LOGIC: If CVE affects "below v25.0" and user asks about v24.0 then v24.0 is vulnerable
+2. DATES: Use current date for "today" or "current". Use: from datetime import datetime; today = datetime.now().strftime("%Y-%m-%d")
+3. PRODUCT SEARCH: ALWAYS use ONLY the base product name, NEVER include versions when using vulnerability tools (nvd_search, cvedb_search, kevin_search, epss_search)
+4. SOURCES: Always prioritize vendor/original sources for CVE, CWE, and reference links (official vendor websites, security advisories)
+5. SIMPLICITY: Keep code simple and logical. Avoid unnecessary library imports. Use only basic Python functions when needed.
+6. TOOL USAGE: Use ONLY the available tools. Do not complicate tool calls with unnecessary code.
+7. STRING OPERATIONS: Use simple Python methods (in, find, startswith, endswith, etc.). NEVER use .contains() - it doesn't exist in Python. Avoid complex string parsing of tool results.
+8. VULNERABILITY ANALYSIS: When analyzing tool results:
+   - READ CAREFULLY: Pay attention to version ranges in vulnerability descriptions
+   - "up to X" means versions UP TO X, NOT including newer versions
+   - "below X" means versions BELOW X, NOT including X or newer
+   - "X+" means X and newer versions
+   - ONLY include vulnerabilities that actually affect the requested version
+   - If unsure about version compatibility, exclude the vulnerability
+   - DO NOT REASON: Don't create complex logic about version compatibility
+   - DO NOT ASSUME: If a CVE affects "up to 22.1", it does NOT affect 24.0
+   - SIMPLE RULE: Only include CVEs where the version range explicitly includes the requested version
+9. REPORT GENERATION: Do NOT create complex functions, or loops for the final answer. Use the information collected and format it directly following the REPORT FORMAT.
+
+REPORT FORMAT:
+# Vulnerability Report
+### [Software and Version]
+
+#### CVE-ID: [CVE-YYYY-NNNNN]
+**NIST NVD Link:** https://nvd.nist.gov/vuln/detail/CVE-YYYY-NNNNN
+- **Attack Type:** [Type]
+- **Published:** [Date]
+- **CVSS:** [Score]
+- **EPSS:** [Score]
+- **KEV:** [Yes/No]
+- **Affected Versions:** [Specific range]
+- **Description:** [Description]
+- **CWE:** [CWE-XXX] - https://cwe.mitre.org/data/definitions/XXX.html
+- **Recommendations:** [Remediation advice]
+- **Sources:** 
+  - https://oficial-vendor-website.com/security-advisory
+  - https://official-security-source.com
+  - https://additional-reference-source.com
+
+INSTRUCTIONS:
+- Follow the exact format above
+- Use official vendor sources when available
+- Complete the task efficiently within the step limit
+
+Now it is your turn, remember to keep code simple.
+User Query: """
+
+            # Combine system prompt with user message
+            full_prompt = system_prompt + prompt
+
+            messages.append(gr.ChatMessage(role="user", content=prompt))
+            yield messages
+
+            logger.info("Starting agent interaction...")
+            for msg in stream_to_gradio(
+                session_state["agent"], task=full_prompt, reset_agent_memory=False
+            ):
+                # If the message contains an HTML report, we save it and update the message
+                if isinstance(msg.content, str) and msg.content.startswith("<!DOCTYPE html>"):
+                    report_path = self.save_report(msg.content)
+                    msg.content = f"Report generated and saved at: {report_path}\n\nYou can open the file in your browser to view the complete report."
+                
+                messages.append(msg)
+                yield messages
+            yield messages
+        except Exception as e:
+            logger.error(f"Error in interaction: {str(e)}")
+            print(f"Error in interaction: {str(e)}")
+            error_msg = f"❌ Error during interaction: {str(e)}"
+            messages.append(gr.ChatMessage(role="assistant", content=error_msg))
+            yield messages
+
+    def setup_api_key(self, api_key: str, max_steps: int, session_state) -> str:
+        """Setup API key for the session."""
+        # Check if API key is provided from interface
+        if api_key and api_key.strip():
+            # Use the API key from interface
+            token_to_use = api_key.strip()
+            source = "interface"
+        else:
+            # Try to use token from .env file
+            env_token = os.getenv("HF_TOKEN")
+            if env_token:
+                token_to_use = env_token
+                source = ".env file"
+            else:
+                return "❌ No API key provided. Please enter your Hugging Face API key or set HF_TOKEN in your .env file."
+        
+        # Validate the token
+        is_valid, message = validate_hf_api_key(token_to_use)
+        
+        if is_valid:
+            # Store HF_TOKEN in session state
+            session_state["hf_token"] = token_to_use
+            session_state["max_steps"] = max_steps
+            logger.info(f"API key stored in session from {source}: {token_to_use[:10]}...")
+            logger.info(f"Max steps set to: {max_steps}")
+            
+            # Also set the environment variable for smolagents
+            os.environ["HF_TOKEN"] = token_to_use
+            logger.info("HF_TOKEN environment variable set")
+            
+            # Create new agent with the HF_TOKEN and max_steps
+            try:
+                session_state["agent"] = create_agent(token_to_use, max_steps=max_steps)
+                logger.info("Agent created successfully in setup_api_key")
+                return f"✅ API key from {source} validated and agent created successfully! {message.split('!')[1] if '!' in message else ''}"
+            except Exception as e:
+                logger.error(f"Failed to create agent in setup_api_key: {e}")
+                return f"❌ Failed to create agent with API key from {source}: {str(e)}"
+        else:
+            logger.warning(f"Invalid API key from {source}: {token_to_use[:10] if token_to_use else 'None'}...")
+            return f"❌ Invalid API key from {source}: {message}"
+
+    def upload_file(
+        self,
+        file,
+        file_uploads_log,
+        allowed_file_types=[
+            "application/pdf",
+            "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+            "text/plain",
+        ],
+    ):
+        """
+        Handle file uploads, default allowed types are .pdf, .docx, and .txt
+        """
+        if file is None:
+            return gr.Textbox("No file uploaded", visible=True), file_uploads_log
+
+        try:
+            mime_type, _ = mimetypes.guess_type(file.name)
+        except Exception as e:
+            return gr.Textbox(f"Error: {e}", visible=True), file_uploads_log
+
+        if mime_type not in allowed_file_types:
+            return gr.Textbox("File type disallowed", visible=True), file_uploads_log
+
+        # Sanitize file name
+        original_name = os.path.basename(file.name)
+        sanitized_name = re.sub(
+            r"[^\w\-.]", "_", original_name
+        )  # Replace any non-alphanumeric, non-dash, or non-dot characters with underscores
+
+        type_to_ext = {}
+        for ext, t in mimetypes.types_map.items():
+            if t not in type_to_ext:
+                type_to_ext[t] = ext
+
+        # Ensure the extension correlates to the mime type
+        sanitized_name = sanitized_name.split(".")[:-1]
+        sanitized_name.append("" + type_to_ext[mime_type])
+        sanitized_name = "".join(sanitized_name)
+
+        # Save the uploaded file to the specified folder
+        file_path = os.path.join(
+            self.file_upload_folder, os.path.basename(sanitized_name)
+        )
+        shutil.copy(file.name, file_path)
+
+        return gr.Textbox(
+            f"File uploaded: {file_path}", visible=True
+        ), file_uploads_log + [file_path]
+
+    def log_user_message(self, text_input, file_uploads_log):
+        return (
+            text_input
+            + (
+                f"\nYou have been provided with these files, which might be helpful or not: {file_uploads_log}"
+                if len(file_uploads_log) > 0
+                else ""
+            ),
+            gr.Textbox(
+                value="",
+                interactive=False,
+                placeholder="Please wait while Steps are getting populated",
+            ),
+            gr.Button(interactive=False),
+        )
+
+    def detect_device(self, request: gr.Request):
+        # Check whether the user device is a mobile or a computer
+
+        if not request:
+            return "Unknown device"
+        # Method 1: Check sec-ch-ua-mobile header
+        is_mobile_header = request.headers.get("sec-ch-ua-mobile")
+        if is_mobile_header:
+            return "Mobile" if "?1" in is_mobile_header else "Desktop"
+
+        # Method 2: Check user-agent string
+        user_agent = request.headers.get("user-agent", "").lower()
+        mobile_keywords = ["android", "iphone", "ipad", "mobile", "phone"]
+
+        if any(keyword in user_agent for keyword in mobile_keywords):
+            return "Mobile"
+
+        # Method 3: Check platform
+        platform = request.headers.get("sec-ch-ua-platform", "").lower()
+        if platform:
+            if platform in ['"android"', '"ios"']:
+                return "Mobile"
+            elif platform in ['"windows"', '"macos"', '"linux"']:
+                return "Desktop"
+
+        # Default case if no clear indicators
+        return "Desktop"
+
+    def launch(self, **kwargs):
+        with gr.Blocks(theme="ocean", fill_height=True) as demo:
+            # Different layouts for mobile and computer devices
+            @gr.render()
+            def layout(request: gr.Request):
+                device = self.detect_device(request)
+                print(f"device - {device}")
+                # Render layout with sidebar
+                if device == "Desktop":
+                    with gr.Blocks(
+                        fill_height=True,
+                    ):
+                        file_uploads_log = gr.State([])
+                        with gr.Sidebar():
+                            # Project title and repository link at the top
+                            gr.Markdown("""# Open Deep Research Vulnerability Intelligence""")
+                            gr.Markdown("""<img src="https://github.githubassets.com/images/modules/logos_page/GitHub-Mark.png" width="20" height="20" style="display: inline-block; vertical-align: middle; margin-right: 8px;"> <a href="https://github.com/mcdaqc/open-deep-research-vulnerability-intelligence" target="_blank">Github Repository</a>""")
+                            
+                            # About section
+                            with gr.Accordion("ℹ️ About", open=False):
+                                gr.Markdown("""**What it does:**
+This AI agent specializes in automated vulnerability research and analysis, built on <a href="https://huggingface.co/blog/open-deep-research" target="_blank">Hugging Face's Open Deep Research</a> architecture. It can search across multiple security databases to provide comprehensive vulnerability intelligence reports.
+
+**Available Tools & APIs:**
+- <a href="https://nvd.nist.gov/developers/vulnerabilities" target="_blank">🛡️ NIST NVD</a> - National Vulnerability Database (free API)
+- <a href="https://cvedb.com/" target="_blank">📊 Shodan CVEDB</a> - Comprehensive vulnerability database (free API)
+- <a href="https://kevin.gtfkd.com/" target="_blank">⚠️ KEVin</a> - Known Exploited Vulnerabilities database (free API)
+- <a href="https://www.first.org/epss/" target="_blank">📈 EPSS</a> - Exploit Prediction Scoring System (free API)
+- 🌐 **Web Browser** - Navigate and extract information from web pages
+
+**Model Configuration:**
+- **Default Model**: Qwen/Qwen2.5-Coder-32B-Instruct (recommended)
+- **Alternative**: You can also use Ollama with local models for privacy
+
+**How to use:**
+1. Enter your Hugging Face API key below
+2. Ask about specific software versions, CVEs, or security vulnerabilities
+3. The agent will automatically search all available databases
+4. Receive comprehensive vulnerability reports with CVSS scores, EPSS predictions, and remediation advice""")
+                            
+                            with gr.Group():
+                                gr.Markdown("**Your request**", container=True)
+                                text_input = gr.Textbox(
+                                    lines=3,
+                                    label="Your request",
+                                    container=False,
+                                    placeholder="Enter your prompt here and press Shift+Enter or press the button",
+                                )
+                                launch_research_btn = gr.Button(
+                                    "Run", variant="primary"
+                                )
+
+                            # Examples Section
+                            with gr.Accordion("💡 Example Prompts", open=False):
+                                gr.Markdown("**Click any example below to populate your request field:**")
+                                
+                                example_btn_1 = gr.Button("🔍 MobaXterm 24.0 vulnerabilities", size="sm", variant="secondary")
+                                example_btn_2 = gr.Button("🔍 Chrome 120.0.6099.109 security issues", size="sm", variant="secondary")
+                                example_btn_3 = gr.Button("🔍 Apache Tomcat 9.0.65 KEV check", size="sm", variant="secondary")
+                                example_btn_4 = gr.Button("🔍 Windows 11 recent vulnerabilities", size="sm", variant="secondary")
+                                example_btn_5 = gr.Button("🔍 CVE-2024-0001 analysis", size="sm", variant="secondary")
+                                example_btn_6 = gr.Button("🔍 Nginx 1.24.0 security status", size="sm", variant="secondary")
+                                
+                                # Example button events
+                                example_btn_1.click(
+                                    lambda: "Analyze MobaXterm 24.0 for vulnerabilities as of today",
+                                    None,
+                                    [text_input]
+                                )
+                                example_btn_2.click(
+                                    lambda: "Check Chrome 120.0.6099.109 for security vulnerabilities",
+                                    None,
+                                    [text_input]
+                                )
+                                example_btn_3.click(
+                                    lambda: "Is Apache Tomcat 9.0.65 in KEV database as of today?",
+                                    None,
+                                    [text_input]
+                                )
+                                example_btn_4.click(
+                                    lambda: "Check Windows 11 for recent vulnerabilities as of today",
+                                    None,
+                                    [text_input]
+                                )
+                                example_btn_5.click(
+                                    lambda: "Analyze CVE-2024-0001 in detail",
+                                    None,
+                                    [text_input]
+                                )
+                                example_btn_6.click(
+                                    lambda: "Check Nginx 1.24.0 for security vulnerabilities",
+                                    None,
+                                    [text_input]
+                                )
+
+                            # API Key Configuration Section
+                            with gr.Accordion("🔑 API Configuration", open=False):
+                                gr.Markdown("**Configure your Hugging Face API Key**")
+                                gr.Markdown("All API keys are stored only in session memory, not persisted.")
+                                gr.Markdown("Get your API key from: https://huggingface.co/settings/tokens")
+                                
+                                api_key_input = gr.Textbox(
+                                    label="Hugging Face API Key",
+                                    placeholder="hf_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+                                    type="password",
+                                    lines=1
+                                )
+                                api_key_status = gr.Textbox(
+                                    label="Status",
+                                    value="✅ HF_TOKEN found in .env file. To use a different key, enter it above and click 'Setup API Key'." if os.getenv("HF_TOKEN") else "⚠️ Please enter your Hugging Face API key or set HF_TOKEN in your .env file.",
+                                    interactive=False
+                                )
+                                
+                                # Agent configuration
+                                gr.Markdown("**Agent Configuration**")
+                                max_steps_slider = gr.Slider(
+                                    minimum=5,
+                                    maximum=30,
+                                    value=10,
+                                    step=1,
+                                    label="Maximum Steps",
+                                    info="Number of steps the agent can take per session (higher = more detailed but slower)"
+                                )
+                                
+                                setup_api_btn = gr.Button("Setup API Key", variant="secondary")
+
+                            # If an upload folder is provided, enable the upload feature
+                            if self.file_upload_folder is not None:
+                                upload_file = gr.File(label="Upload a file")
+                                upload_status = gr.Textbox(
+                                    label="Upload Status",
+                                    interactive=False,
+                                    visible=False,
+                                )
+                                upload_file.change(
+                                    self.upload_file,
+                                    [upload_file, file_uploads_log],
+                                    [upload_status, file_uploads_log],
+                                )
+
+                            # Powered by smolagents
+                            with gr.Row():
+                                gr.HTML("""<div style="display: flex; align-items: center; gap: 8px; font-family: system-ui, -apple-system, sans-serif;">Powered by
+                        <img src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/smolagents/mascot_smol.png" style="width: 32px; height: 32px; object-fit: contain;" alt="logo">
+                        <a target="_blank" href="https://github.com/huggingface/smolagents"><b>hf/smolagents</b></a>
+                        </div>""")
+
+                        # Add session state to store session-specific data
+                        session_state = gr.State(
+                            {}
+                        )  # Initialize empty state for each session
+                        stored_messages = gr.State([])
+                        chatbot = gr.Chatbot(
+                            label="open-Deep-Research",
+                            type="messages",
+                            avatar_images=(
+                                None,
+                                "https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/smolagents/mascot_smol.png",
+                            ),
+                            resizeable=False,
+                            scale=1,
+                            elem_id="my-chatbot",
+                        )
+
+                        # Add component to display reports
+                        report_viewer = gr.HTML(label="Vulnerability Report", visible=False)
+
+                        # API Key setup event
+                        setup_api_btn.click(
+                            self.setup_api_key,
+                            [api_key_input, max_steps_slider, session_state],
+                            [api_key_status]
+                        )
+
+                        text_input.submit(
+                            self.log_user_message,
+                            [text_input, file_uploads_log],
+                            [stored_messages, text_input, launch_research_btn],
+                        ).then(
+                            self.interact_with_agent,
+                            # Include session_state in function calls
+                            [stored_messages, chatbot, session_state],
+                            [chatbot],
+                        ).then(
+                            lambda: (
+                                gr.Textbox(
+                                    interactive=True,
+                                    placeholder="Enter your prompt here and press the button",
+                                ),
+                                gr.Button(interactive=True),
+                            ),
+                            None,
+                            [text_input, launch_research_btn],
+                        )
+                        launch_research_btn.click(
+                            self.log_user_message,
+                            [text_input, file_uploads_log],
+                            [stored_messages, text_input, launch_research_btn],
+                        ).then(
+                            self.interact_with_agent,
+                            # Include session_state in function calls
+                            [stored_messages, chatbot, session_state],
+                            [chatbot],
+                        ).then(
+                            lambda: (
+                                gr.Textbox(
+                                    interactive=True,
+                                    placeholder="Enter your prompt here and press the button",
+                                ),
+                                gr.Button(interactive=True),
+                            ),
+                            None,
+                            [text_input, launch_research_btn],
+                        )
+
+                # Render simple layout
+                else:
+                    with gr.Blocks(
+                        fill_height=True,
+                    ):
+                        # Project title and repository link at the top
+                        gr.Markdown("""# Open Deep Research Vulnerability Intelligence""")
+                        gr.Markdown("""<img src="https://github.githubassets.com/images/modules/logos_page/GitHub-Mark.png" width="20" height="20" style="display: inline-block; vertical-align: middle; margin-right: 8px;"> <a href="https://github.com/mcdaqc/open-deep-research-vulnerability-intelligence" target="_blank">Github Repository</a>""")
+                        
+                        # About section for mobile
+                        with gr.Accordion("ℹ️ About", open=False):
+                            gr.Markdown("""**What it does:**
+This AI agent specializes in automated vulnerability research and analysis, built on <a href="https://huggingface.co/blog/open-deep-research" target="_blank">Hugging Face's Open Deep Research</a> architecture. It can search across multiple security databases to provide comprehensive vulnerability intelligence reports.
+
+**Available Tools & APIs:**
+- <a href="https://nvd.nist.gov/developers/vulnerabilities" target="_blank">🛡️ NIST NVD</a> - National Vulnerability Database (free API)
+- <a href="https://cvedb.com/" target="_blank">📊 Shodan CVEDB</a> - Comprehensive vulnerability database (free API)
+- <a href="https://kevin.gtfkd.com/" target="_blank">⚠️ KEVin</a> - Known Exploited Vulnerabilities database (free API)
+- <a href="https://www.first.org/epss/" target="_blank">📈 EPSS</a> - Exploit Prediction Scoring System (free API)
+- 🌐 **Web Browser** - Navigate and extract information from web pages
+
+**Model Configuration:**
+- **Default Model**: Qwen/Qwen2.5-Coder-32B-Instruct (recommended)
+- **Alternative**: You can also use Ollama with local models for privacy
+
+**How to use:**
+1. Enter your Hugging Face API key below
+2. Ask about specific software versions, CVEs, or security vulnerabilities
+3. The agent will automatically search all available databases
+4. Receive comprehensive vulnerability reports with CVSS scores, EPSS predictions, and remediation advice""")
+
+                        # API Key Configuration Section for Mobile
+                        with gr.Accordion("🔑 API Configuration", open=False):
+                            gr.Markdown("**Configure your Hugging Face API Key**")
+                            gr.Markdown("Due to recent API changes, you need to provide your own Hugging Face API key to use this application.")
+                            gr.Markdown("Get your API key from: https://huggingface.co/settings/tokens")
+                            
+                            mobile_api_key_input = gr.Textbox(
+                                label="Hugging Face API Key",
+                                placeholder="hf_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+                                type="password",
+                                lines=1
+                            )
+                            mobile_api_key_status = gr.Textbox(
+                                label="Status",
+                                value="✅ HF_TOKEN found in .env file. To use a different key, enter it above and click 'Setup API Key'." if os.getenv("HF_TOKEN") else "⚠️ Please enter your Hugging Face API key or set HF_TOKEN in your .env file.",
+                                interactive=False
+                            )
+                            
+                            # Agent configuration for mobile
+                            gr.Markdown("**Agent Configuration**")
+                            mobile_max_steps_slider = gr.Slider(
+                                minimum=5,
+                                maximum=30,
+                                value=10,
+                                step=1,
+                                label="Maximum Steps",
+                                info="Number of steps the agent can take per session (higher = more detailed but slower)"
+                            )
+                            
+                            mobile_setup_api_btn = gr.Button("Setup API Key", variant="secondary")
+                        
+                        # Add session state to store session-specific data
+                        session_state = gr.State(
+                            {}
+                        )  # Initialize empty state for each session
+                        stored_messages = gr.State([])
+                        file_uploads_log = gr.State([])
+                        chatbot = gr.Chatbot(
+                            label="open-Deep-Research",
+                            type="messages",
+                            avatar_images=(
+                                None,
+                                "https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/smolagents/mascot_smol.png",
+                            ),
+                            resizeable=True,
+                            scale=1,
+                        )
+                        
+                        # Mobile API Key setup event
+                        mobile_setup_api_btn.click(
+                            self.setup_api_key,
+                            [mobile_api_key_input, mobile_max_steps_slider, session_state],
+                            [mobile_api_key_status]
+                        )
+                        
+                        # Mobile Example button events
+                        mobile_example_btn_1 = gr.Button("🔍 MobaXterm 24.0 vulnerabilities", size="sm", variant="secondary")
+                        mobile_example_btn_2 = gr.Button("🔍 Chrome 120.0.6099.109 security analysis", size="sm", variant="secondary")
+                        mobile_example_btn_3 = gr.Button("🔍 Apache Tomcat 9.0.65 KEV check", size="sm", variant="secondary")
+                        
+                        # Mobile Example button events
+                        mobile_example_btn_1.click(
+                            lambda: "Analyze MobaXterm 24.0 for vulnerabilities as of today",
+                            None,
+                            [text_input]
+                        )
+                        mobile_example_btn_2.click(
+                            lambda: "Check Chrome 120.0.6099.109 for current security issues",
+                            None,
+                            [text_input]
+                        )
+                        mobile_example_btn_3.click(
+                            lambda: "Is Apache Tomcat 9.0.65 in KEV database as of today?",
+                            None,
+                            [text_input]
+                        )
+
+                        # Powered by smolagents for mobile
+                        with gr.Row():
+                            gr.HTML("""<div style="display: flex; align-items: center; gap: 8px; font-family: system-ui, -apple-system, sans-serif;">Powered by
+                        <img src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/smolagents/mascot_smol.png" style="width: 32px; height: 32px; object-fit: contain;" alt="logo">
+                        <a target="_blank" href="https://github.com/huggingface/smolagents"><b>hf/smolagents</b></a>
+                        </div>""")
+
+                        text_input = gr.Textbox(
+                            lines=1,
+                            label="Your request",
+                            placeholder="Enter your prompt here and press the button",
+                        )
+                        launch_research_btn = gr.Button(
+                            "Run",
+                            variant="primary",
+                        )
+
+                        # Examples Section for Mobile
+                        with gr.Accordion("💡 Example Prompts", open=False):
+                            gr.Markdown("**Click any example below to populate your request field:**")
+                            
+                            mobile_example_btn_1 = gr.Button("🔍 MobaXterm 24.0 vulnerabilities", size="sm", variant="secondary")
+                            mobile_example_btn_2 = gr.Button("🔍 Chrome 120.0.6099.109 security analysis", size="sm", variant="secondary")
+                            mobile_example_btn_3 = gr.Button("🔍 Apache Tomcat 9.0.65 KEV check", size="sm", variant="secondary")
+                        
+                        # Mobile Example button events
+                        mobile_example_btn_1.click(
+                            lambda: "Analyze MobaXterm 24.0 for vulnerabilities as of today",
+                            None,
+                            [text_input]
+                        )
+                        mobile_example_btn_2.click(
+                            lambda: "Check Chrome 120.0.6099.109 for current security issues",
+                            None,
+                            [text_input]
+                        )
+                        mobile_example_btn_3.click(
+                            lambda: "Is Apache Tomcat 9.0.65 in KEV database as of today?",
+                            None,
+                            [text_input]
+                        )
+
+                        # Powered by smolagents for mobile
+                        with gr.Row():
+                            gr.HTML("""<div style="display: flex; align-items: center; gap: 8px; font-family: system-ui, -apple-system, sans-serif;">Powered by
+                        <img src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/smolagents/mascot_smol.png" style="width: 32px; height: 32px; object-fit: contain;" alt="logo">
+                        <a target="_blank" href="https://github.com/huggingface/smolagents"><b>hf/smolagents</b></a>
+                        </div>""")
+
+                        text_input.submit(
+                            self.log_user_message,
+                            [text_input, file_uploads_log],
+                            [stored_messages, text_input, launch_research_btn],
+                        ).then(
+                            self.interact_with_agent,
+                            # Include session_state in function calls
+                            [stored_messages, chatbot, session_state],
+                            [chatbot],
+                        ).then(
+                            lambda: (
+                                gr.Textbox(
+                                    interactive=True,
+                                    placeholder="Enter your prompt here and press the button",
+                                ),
+                                gr.Button(interactive=True),
+                            ),
+                            None,
+                            [text_input, launch_research_btn],
+                        )
+                        launch_research_btn.click(
+                            self.log_user_message,
+                            [text_input, file_uploads_log],
+                            [stored_messages, text_input, launch_research_btn],
+                        ).then(
+                            self.interact_with_agent,
+                            # Include session_state in function calls
+                            [stored_messages, chatbot, session_state],
+                            [chatbot],
+                        ).then(
+                            lambda: (
+                                gr.Textbox(
+                                    interactive=True,
+                                    placeholder="Enter your prompt here and press the button",
+                                ),
+                                gr.Button(interactive=True),
+                            ),
+                            None,
+                            [text_input, launch_research_btn],
+                        )
+
+        demo.launch(debug=True, **kwargs)
+
+# can this fix ctrl-c no response? no
+try:
+    GradioUI().launch(mcp_server=True)
+except KeyboardInterrupt:
+    ...

requirements.txt

@@ -0,0 +1,52 @@
+# Core dependencies
+smolagents==1.18.0
+anthropic==0.54.0
+beautifulsoup4==4.13.4
+datasets==3.6.0
+google_search_results==2.4.2
+huggingface_hub==0.33.0
+mammoth==1.9.1
+markdownify==1.1.0
+numexpr==2.11.0
+numpy==2.2.6
+openai==1.87.0
+openpyxl==3.1.5
+pandas==2.3.0
+pathvalidate==3.3.1
+pdfminer==20191125
+pdfminer.six==20250506
+Pillow==11.2.1
+puremagic==1.29
+pypdf==5.6.0
+PyPDF2==3.0.1
+python-dotenv==1.1.0
+python-pptx==1.0.2
+requests==2.32.4
+serpapi==0.1.5
+tqdm==4.67.1
+torch==2.7.1
+torchvision==0.22.1
+transformers==4.52.4
+
+# Additional libraries
+chess==1.11.2
+sympy==1.14.0
+PubChemPy==1.0.4
+scikit-learn==1.7.0
+scipy==1.15.3
+pydub==0.25.1
+SpeechRecognition==3.14.3
+xlrd==2.0.2
+
+# Web search and utilities
+duckduckgo_search==8.0.4
+loguru==0.7.3
+
+# UI and visualization
+gradio==5.34.0
+gradio_client==1.10.3
+plotly==6.1.2
+Jinja2==3.1.6
+
+# MCP support
+mcp==1.9.3

scripts/cookies.py

@@ -0,0 +1,715 @@
+from requests.cookies import RequestsCookieJar
+
+
+COOKIES_LIST = [
+    {
+        "domain": ".youtube.com",
+        "expirationDate": 1718884961,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "ST-xuwub9",
+        "path": "/",
+        "sameSite": None,
+        "secure": False,
+        "session": False,
+        "storeId": None,
+        "value": "session_logininfo=AFmmF2swRAIgf4gadACOuWOcipI1anW-dakEjtidNLkufnOC8uml7EECIDh2YisqWELDBJPTGUysCucJ3I0wjXxYjVHro1LHrdW0%3AQUQ3MjNmd2Jiajl3OWZYRnpFNnZlWWV5ZGJWZ0hpcmp4LVVPU280bk4zOS03Z0ozZG9fOFhWZ0dXaVo3NG1wTEg1b3hGaG10TFBlaFBnTlJfbER5bEp0aFhoNS1OLVhYNFRZT2F6ajgzOFpDbGhlUjZpMWRETlFFRjFfTTRiM0RnNTROSkdmMTFMVjFic1VuZ2trbGp4aktDa0JJUC1BWDh3",
+    },
+    {
+        "domain": ".youtube.com",
+        "expirationDate": 1753004444.745411,
+        "hostOnly": False,
+        "httpOnly": True,
+        "name": "__Secure-YEC",
+        "path": "/",
+        "sameSite": "lax",
+        "secure": True,
+        "session": False,
+        "storeId": None,
+        "value": "CgtRVnI5LW1zRHlQVSjbtNCzBjIhCgJGUhIbEhcSFRMLFBUWFwwYGRobHB0eHw4PIBAREiAk",
+    },
+    {
+        "domain": ".youtube.com",
+        "expirationDate": 1753434620.050824,
+        "hostOnly": False,
+        "httpOnly": True,
+        "name": "__Secure-3PSID",
+        "path": "/",
+        "sameSite": "no_restriction",
+        "secure": True,
+        "session": False,
+        "storeId": None,
+        "value": "g.a000kwibeLUu8Ea9Y-vLun7u3kU5VNJVuMAZl_jdfJaNm50JyDBB4ezJ_bdWu46a7YwObVn44wACgYKAakSARQSFQHGX2MicJcTzecTKH6bHzqU6TMbTxoVAUF8yKqQYK-MoI6Ql3vI2oYTB3E-0076",
+    },
+    {
+        "domain": ".youtube.com",
+        "expirationDate": 1750420959.974642,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "SIDCC",
+        "path": "/",
+        "sameSite": None,
+        "secure": False,
+        "session": False,
+        "storeId": None,
+        "value": "AKEyXzWQZauHKOo8t87zoEcjaVNIYUX54ohoWXT-tX4aAhEuZzIIptxZAcNkHuG2oDXYL6t-lw",
+    },
+    {
+        "domain": ".youtube.com",
+        "expirationDate": 1753434620.050652,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "SID",
+        "path": "/",
+        "sameSite": None,
+        "secure": False,
+        "session": False,
+        "storeId": None,
+        "value": "g.a000kwibeLUu8Ea9Y-vLun7u3kU5VNJVuMAZl_jdfJaNm50JyDBB6VHrZcC3gBAsFPbCQ0gF5AACgYKAYkSARQSFQHGX2Mi9kt0gHg5CxCYSkLQGHWaeBoVAUF8yKre_V6r3jZVak6JV4o2Q0FL0076",
+    },
+    {
+        "domain": ".youtube.com",
+        "expirationDate": 1750420958.397534,
+        "hostOnly": False,
+        "httpOnly": True,
+        "name": "__Secure-1PSIDTS",
+        "path": "/",
+        "sameSite": None,
+        "secure": True,
+        "session": False,
+        "storeId": None,
+        "value": "sidts-CjIB3EgAEkYL2L-GfrEzW5Dfy62S9oefGNLgst78S_986htCnGcfkxECch_9oz-qytSsZBAA",
+    },
+    {
+        "domain": ".youtube.com",
+        "expirationDate": 1753433494.44729,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "_ga_M0180HEFCY",
+        "path": "/",
+        "sameSite": None,
+        "secure": False,
+        "session": False,
+        "storeId": None,
+        "value": "GS1.1.1718871908.1.0.1718873494.0.0.0",
+    },
+    {
+        "domain": ".youtube.com",
+        "expirationDate": 1753434620.050933,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "SAPISID",
+        "path": "/",
+        "sameSite": None,
+        "secure": True,
+        "session": False,
+        "storeId": None,
+        "value": "mfeuiC-HraNJ-A03/ASXvCPNJSw7yTFgd6",
+    },
+    {
+        "domain": ".youtube.com",
+        "expirationDate": 1750420959.974764,
+        "hostOnly": False,
+        "httpOnly": True,
+        "name": "__Secure-1PSIDCC",
+        "path": "/",
+        "sameSite": None,
+        "secure": True,
+        "session": False,
+        "storeId": None,
+        "value": "AKEyXzWHDSoXGCZpZhPxRrnC7B1s8zGIUjeMVyvgtQfsm1fs92lXPtFEI_td9LBUyqVUe0xK",
+    },
+    {
+        "domain": ".youtube.com",
+        "expirationDate": 1753434620.050881,
+        "hostOnly": False,
+        "httpOnly": True,
+        "name": "SSID",
+        "path": "/",
+        "sameSite": None,
+        "secure": True,
+        "session": False,
+        "storeId": None,
+        "value": "AmlwXHnQvOQ10LVd-",
+    },
+    {
+        "domain": ".youtube.com",
+        "expirationDate": 1753434620.050959,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "__Secure-1PAPISID",
+        "path": "/",
+        "sameSite": None,
+        "secure": True,
+        "session": False,
+        "storeId": None,
+        "value": "mfeuiC-HraNJ-A03/ASXvCPNJSw7yTFgd6",
+    },
+    {
+        "domain": ".youtube.com",
+        "expirationDate": 1753434620.050795,
+        "hostOnly": False,
+        "httpOnly": True,
+        "name": "__Secure-1PSID",
+        "path": "/",
+        "sameSite": None,
+        "secure": True,
+        "session": False,
+        "storeId": None,
+        "value": "g.a000kwibeLUu8Ea9Y-vLun7u3kU5VNJVuMAZl_jdfJaNm50JyDBBrlk7lRpKQGywAHEon7WGQAACgYKAQsSARQSFQHGX2MirAmnSRdZl6GPG6KLd4hOihoVAUF8yKoV17Tcj1a_OenIOkf2wBjO0076",
+    },
+    {
+        "domain": ".youtube.com",
+        "expirationDate": 1753434620.050993,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "__Secure-3PAPISID",
+        "path": "/",
+        "sameSite": "no_restriction",
+        "secure": True,
+        "session": False,
+        "storeId": None,
+        "value": "mfeuiC-HraNJ-A03/ASXvCPNJSw7yTFgd6",
+    },
+    {
+        "domain": ".youtube.com",
+        "expirationDate": 1750420959.974815,
+        "hostOnly": False,
+        "httpOnly": True,
+        "name": "__Secure-3PSIDCC",
+        "path": "/",
+        "sameSite": "no_restriction",
+        "secure": True,
+        "session": False,
+        "storeId": None,
+        "value": "AKEyXzXM5UjKUEXwSHVmRAIo6hGHA4G63adj3EE1VdNriD0f38jZQbsUKiD4LQbA3BValmTFDg",
+    },
+    {
+        "domain": ".youtube.com",
+        "expirationDate": 1750420958.397647,
+        "hostOnly": False,
+        "httpOnly": True,
+        "name": "__Secure-3PSIDTS",
+        "path": "/",
+        "sameSite": "no_restriction",
+        "secure": True,
+        "session": False,
+        "storeId": None,
+        "value": "sidts-CjIB3EgAEkYL2L-GfrEzW5Dfy62S9oefGNLgst78S_986htCnGcfkxECch_9oz-qytSsZBAA",
+    },
+    {
+        "domain": ".youtube.com",
+        "expirationDate": 1753434620.050908,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "APISID",
+        "path": "/",
+        "sameSite": None,
+        "secure": False,
+        "session": False,
+        "storeId": None,
+        "value": "IlQWLPjdNqziwCrV/ANG7Z4x5FF-IBxbZk",
+    },
+    {
+        "domain": ".youtube.com",
+        "expirationDate": 1753434620.050855,
+        "hostOnly": False,
+        "httpOnly": True,
+        "name": "HSID",
+        "path": "/",
+        "sameSite": None,
+        "secure": False,
+        "session": False,
+        "storeId": None,
+        "value": "AasA7hmRuTFv7vjoq",
+    },
+    {
+        "domain": ".youtube.com",
+        "expirationDate": 1753435873.577793,
+        "hostOnly": False,
+        "httpOnly": True,
+        "name": "LOGIN_INFO",
+        "path": "/",
+        "sameSite": "no_restriction",
+        "secure": True,
+        "session": False,
+        "storeId": None,
+        "value": "AFmmF2swRAIgf4gadACOuWOcipI1anW-dakEjtidNLkufnOC8uml7EECIDh2YisqWELDBJPTGUysCucJ3I0wjXxYjVHro1LHrdW0:QUQ3MjNmd2Jiajl3OWZYRnpFNnZlWWV5ZGJWZ0hpcmp4LVVPU280bk4zOS03Z0ozZG9fOFhWZ0dXaVo3NG1wTEg1b3hGaG10TFBlaFBnTlJfbER5bEp0aFhoNS1OLVhYNFRZT2F6ajgzOFpDbGhlUjZpMWRETlFFRjFfTTRiM0RnNTROSkdmMTFMVjFic1VuZ2trbGp4aktDa0JJUC1BWDh3",
+    },
+    {
+        "domain": ".youtube.com",
+        "expirationDate": 1753444956.555608,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "PREF",
+        "path": "/",
+        "sameSite": None,
+        "secure": True,
+        "session": False,
+        "storeId": None,
+        "value": "f4=4000000&f6=40000000&tz=Europe.Paris&f5=30000&f7=100",
+    },
+]
+
+COOKIES_LIST += [
+    {
+        "domain": ".www.researchgate.net",
+        "hostOnly": False,
+        "httpOnly": True,
+        "name": "isInstIp",
+        "path": "/",
+        "sameSite": None,
+        "secure": True,
+        "session": True,
+        "storeId": None,
+        "value": "False",
+    },
+    {
+        "domain": ".researchgate.net",
+        "expirationDate": 1734423981,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "__eoi",
+        "path": "/",
+        "sameSite": None,
+        "secure": False,
+        "session": False,
+        "storeId": None,
+        "value": "ID=c26f752377373146:T=1718871981:RT=1718884914:S=AA-AfjZw-T_OOX2kW2LLaFzXImgc",
+    },
+    {
+        "domain": ".www.researchgate.net",
+        "expirationDate": 1753444909.646103,
+        "hostOnly": False,
+        "httpOnly": True,
+        "name": "ptc",
+        "path": "/",
+        "sameSite": None,
+        "secure": True,
+        "session": False,
+        "storeId": None,
+        "value": "RG1.8947708639250500550.1718872043",
+    },
+    {
+        "domain": ".researchgate.net",
+        "expirationDate": 1750507578,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "euconsent-v2-didomi",
+        "path": "/",
+        "sameSite": "lax",
+        "secure": True,
+        "session": False,
+        "storeId": None,
+        "value": "CQAgmoAQAgmoAAHABBENA5EsAP_gAEPgAAYgJ2pB5G5UTWlBIG53YMskIAUFhFBoQEAgAACAAwIBSBIAIIwEAGAAIAgAICACAAIAIBIAIABAGAAAAAAAYIAAIAAIAAAQIAAKIAAAAAAAAgBQAAgIAgggEAAAgEBEABAAgAAAEIIAQNgACgAAACCAAAAAAAABAAAAAAAAQAAAAAAAYCQAAAJIAAAAACAIABAIAAAAAAAAAAAAAAAABBAAIJ2wPIAFAAXABQAFQALgAcAA8ACAAEgALwAZAA0ACIAEcAJgAUgAqgBcADEAGgAPQAfgBEACOAE4AMMAZYA0QBsgDkAHOAO4AfsBBwEIAItARwBHQC6gHUAO2Ae0A_4CHQEXgJ2AUOAo8BT4CpQFqALYAXmAwQBkgDLAGXANjAhCBG8CbAE3gJ1gTtAA.f_wACHwAAAAA",
+    },
+    {
+        "domain": ".researchgate.net",
+        "expirationDate": 1718885236,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "_gat",
+        "path": "/",
+        "sameSite": None,
+        "secure": False,
+        "session": False,
+        "storeId": None,
+        "value": "1",
+    },
+    {
+        "domain": "www.researchgate.net",
+        "expirationDate": 1721477183,
+        "hostOnly": True,
+        "httpOnly": False,
+        "name": "_pbjs_userid_consent_data",
+        "path": "/",
+        "sameSite": "lax",
+        "secure": False,
+        "session": False,
+        "storeId": None,
+        "value": "3524755945110770",
+    },
+    {
+        "domain": ".researchgate.net",
+        "expirationDate": 1752567981,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "__gads",
+        "path": "/",
+        "sameSite": None,
+        "secure": False,
+        "session": False,
+        "storeId": None,
+        "value": "ID=eca2adb88969c830:T=1718871981:RT=1718884914:S=ALNI_MY2qZchynrhWX6hWMlaI87Pcj9riQ",
+    },
+    {
+        "domain": ".researchgate.net",
+        "expirationDate": 1718886709.646173,
+        "hostOnly": False,
+        "httpOnly": True,
+        "name": "__cf_bm",
+        "path": "/",
+        "sameSite": "no_restriction",
+        "secure": True,
+        "session": False,
+        "storeId": None,
+        "value": "IkQ_J4ciBzKQduRvjqsfSmQu8UygDWbHeROO5JVccfo-1718884909-1.0.1.1-qvNGEdbfI0HfhFP6kwe7R7mkTqODNhFuKhs72lLly6K2BOPMG3kbahpQFGvPK0U8FUfkznkq65gngd1sWj7sDA",
+    },
+    {
+        "domain": ".researchgate.net",
+        "expirationDate": 1752567981,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "__gpi",
+        "path": "/",
+        "sameSite": None,
+        "secure": False,
+        "session": False,
+        "storeId": None,
+        "value": "UID=00000e4e9aa2e6f2:T=1718871981:RT=1718884914:S=ALNI_MYFNrgzkKn7K6Bd2y8hC6GJCvDiSg",
+    },
+    {
+        "domain": ".researchgate.net",
+        "hostOnly": False,
+        "httpOnly": True,
+        "name": "_cfuvid",
+        "path": "/",
+        "sameSite": "no_restriction",
+        "secure": True,
+        "session": True,
+        "storeId": None,
+        "value": "_GPmGZkBymiH3UiqTqzakEpi98br3nfFUWC2_u_wqkc-1718884909785-0.0.1.1-604800000",
+    },
+    {
+        "domain": ".researchgate.net",
+        "expirationDate": 1753445177.271667,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "_ga",
+        "path": "/",
+        "sameSite": None,
+        "secure": False,
+        "session": False,
+        "storeId": None,
+        "value": "GA1.1.1525244793.1718885177",
+    },
+    {
+        "domain": ".researchgate.net",
+        "expirationDate": 1753445177.271482,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "_ga_4P31SJ70EJ",
+        "path": "/",
+        "sameSite": None,
+        "secure": False,
+        "session": False,
+        "storeId": None,
+        "value": "GS1.1.1718885177.1.0.1718885177.0.0.0",
+    },
+    {
+        "domain": ".researchgate.net",
+        "expirationDate": 1718971576,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "_gid",
+        "path": "/",
+        "sameSite": None,
+        "secure": False,
+        "session": False,
+        "storeId": None,
+        "value": "GA1.2.854907463.1718885177",
+    },
+    {
+        "domain": ".www.researchgate.net",
+        "expirationDate": 1750407982.506505,
+        "hostOnly": False,
+        "httpOnly": True,
+        "name": "did",
+        "path": "/",
+        "sameSite": None,
+        "secure": True,
+        "session": False,
+        "storeId": None,
+        "value": "1dWLO3C6am8l667Q4VUlBo0O1LI49Qi2Vw21SJEXHavBDYT56DI9007W5rYGVFVH",
+    },
+    {
+        "domain": ".researchgate.net",
+        "expirationDate": 1750507578,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "didomi_token",
+        "path": "/",
+        "sameSite": "lax",
+        "secure": True,
+        "session": False,
+        "storeId": None,
+        "value": "eyJ1c2VyX2lkIjoiMTkwMzU4YTUtNWU2My02Y2UzLWJlNzAtZGFjNzVmYjdiY2ExIiwiY3JlYXRlZCI6IjIwMjQtMDYtMjBUMTI6MDY6MTYuODA2WiIsInVwZGF0ZWQiOiIyMDI0LTA2LTIwVDEyOjA2OjE4Ljc4MVoiLCJ2ZW5kb3JzIjp7ImVuYWJsZWQiOlsidHdpdHRlciIsImdvb2dsZSIsImM6bGlua2VkaW4tbWFya2V0aW5nLXNvbHV0aW9ucyIsImM6b3duZXJpcSIsImM6b21uaXR1cmUtYWRvYmUtYW5hbHl0aWNzIiwiYzp0ZWNobm9yYXRpLW1lZGlhIiwiYzppbnRlcmNvbSIsImM6aW50ZW50LWlxIiwiYzppcHJvbSIsImM6bGlua2VkaW4iLCJjOmFtYXpvbmFkdi16Y1hGTEI2WCIsImM6bWVkaWFuZXQtY1V3YUtFNnoiLCJjOmluZGV4ZXhjaC1OWkNRTTY4UCIsImM6emVvdGFwZ21iLWQ3YndtdGp3IiwiYzp0cmlwbGVsaWYtZGRKSDM0clkiLCJjOnJ0YmhvdXNlLWI4Y2RIOHRNIiwiYzptZHByaW1pcy1lYU4yOVdjUCIsImM6bG9vcG1lbGktVGRhWXRCUHEiLCJjOm1hZ25pdGVpbi05d1RZTHFSRCIsImM6Ymlkc3dpdGNoLWQ2N0V3N1c5IiwiYzpvcmFjbGVhZHYtcUhlREptQUwiLCJjOmdvb2dsZWFuYS00VFhuSmlnUiIsImM6bG90YW1lc29sLURIaTdMUmpNIiwiYzpuZXh0bWlsbGUtR0pyZlg4VWMiLCJjOm5yaWNodGVjLXFVVlEyUlFxIiwiYzpicml0ZXBvb2wtQldWeVdHeVUiLCJjOnRhcGFkaW5jLXFxY2tVN1BXIiwiYzppZDV0ZWNobi16Tk1KNGR3ZiIsImM6bWljcm9zb2Z0IiwiYzpwZXJtdXRpdmUtSjdpaHJlTWsiLCJjOm9wZXJhc29mdC1CY1hjRFZKTSIsImM6cG9zdGhvZy1Cakp4RmRGOSJdfSwicHVycG9zZXMiOnsiZW5hYmxlZCI6WyJnZW9sb2NhdGlvbl9kYXRhIiwiZGV2aWNlX2NoYXJhY3RlcmlzdGljcyJdfSwidmVuZG9yc19saSI6eyJlbmFibGVkIjpbImdvb2dsZSIsImM6b3BlcmFzb2Z0LUJjWGNEVkpNIl19LCJ2ZXJzaW9uIjoyLCJhYyI6IkRIU0FvQUZrQWNnQTVnSHFnUUhBeGdCNndEMTRJR0FRTkFqMEJJd0NTY0VyQUtCd1YtZ3MxQmgwREc0R09nQUEuREhTQW9BRmtBY2dBNWdIcWdRSEF4Z0I2d0QxNElHQVFOQWowQkl3Q1NjRXJBS0J3Vi1nczFCaDBERzRHT2dBQSJ9",
+    },
+    {
+        "domain": ".www.researchgate.net",
+        "hostOnly": False,
+        "httpOnly": True,
+        "name": "hasPdpNext",
+        "path": "/",
+        "sameSite": None,
+        "secure": True,
+        "session": True,
+        "storeId": None,
+        "value": "False",
+    },
+    {
+        "domain": ".researchgate.net",
+        "expirationDate": 1750421183,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "ph_phc_ma1XTQyee96N1GML6qUTgLQRiDifnRcE9STiHTZ0CfZ_posthog",
+        "path": "/",
+        "sameSite": "lax",
+        "secure": True,
+        "session": False,
+        "storeId": None,
+        "value": "%7B%22distinct_id%22%3A%220190358a-56a1-7313-83b0-d13dddeac787%22%2C%22%24sesid%22%3A%5B1718885183223%2C%220190358a-56a1-7313-83b0-d13b2b87778d%22%2C1718885176993%5D%2C%22%24session_is_sampled%22%3Atrue%7D",
+    },
+    {
+        "domain": ".www.researchgate.net",
+        "hostOnly": False,
+        "httpOnly": True,
+        "name": "sid",
+        "path": "/",
+        "sameSite": None,
+        "secure": True,
+        "session": True,
+        "storeId": None,
+        "value": "qmH5Lc4f0CUJ3zeaxORcV0S8I8V1MuCFZtcIQqPYtv1XPejrbSLAQRbT50PL40TqeKQ1XsQDWt9gtYVzuL80bRmPjw6jn3cQ0ikNqW40maHcQ3JL2Vfa8ZZf0j7p35eJ",
+    },
+]
+
+COOKIES_LIST += [
+    {
+        "domain": "github.com",
+        "hostOnly": True,
+        "httpOnly": True,
+        "name": "_gh_sess",
+        "path": "/",
+        "sameSite": "lax",
+        "secure": True,
+        "session": True,
+        "storeId": None,
+        "value": "P%2Fmof1avuqwHaUQUIJR%2FZYn7jqbT7lgGuTGjp1BGAFIG5UpNDusEE3b8dRjz0eATE5xPdPjLYFqMs%2FI9AOalKX4YuYfSEEnxCMawU01099b4o9Xzzcv%2BmecrmO0Q8q%2Bdq1h8SIv6nvPP7HzlFesl8ysafb9b%2F0q6dTArKdSOurasza8UgLSYD08ofA50Pcm0IG7CTzF8ZCizrGgGTMi%2F%2B7L3E17jav5PM1Sf2vQKg15Gbg1QIOppJJHzlufgQoZigqFv%2BWznaws0Tt7Y2lSFCw%3D%3D--CJRhqMXJnwOaJgk4--DhUErlL4GdROikEjKD4O9g%3D%3D",
+    },
+    {
+        "domain": ".github.com",
+        "expirationDate": 1750408875.763785,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "_octo",
+        "path": "/",
+        "sameSite": "lax",
+        "secure": True,
+        "session": False,
+        "storeId": None,
+        "value": "GH1.1.728652011.1718872875",
+    },
+    {
+        "domain": ".github.com",
+        "expirationDate": 1750408875.763926,
+        "hostOnly": False,
+        "httpOnly": True,
+        "name": "logged_in",
+        "path": "/",
+        "sameSite": "lax",
+        "secure": True,
+        "session": False,
+        "storeId": None,
+        "value": "no",
+    },
+    {
+        "domain": ".github.com",
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "preferred_color_mode",
+        "path": "/",
+        "sameSite": "lax",
+        "secure": True,
+        "session": True,
+        "storeId": None,
+        "value": "dark",
+    },
+    {
+        "domain": ".github.com",
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "tz",
+        "path": "/",
+        "sameSite": "lax",
+        "secure": True,
+        "session": True,
+        "storeId": None,
+        "value": "Europe%2FParis",
+    },
+]
+
+COOKIES_LIST += [
+    {
+        "domain": ".web.archive.org",
+        "expirationDate": 1718886430,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "_gat",
+        "path": "/web/20201123221659/http://orcid.org/",
+        "sameSite": None,
+        "secure": False,
+        "session": False,
+        "storeId": None,
+        "value": "1",
+    },
+    {
+        "domain": ".web.archive.org",
+        "expirationDate": 1718972770,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "_gid",
+        "path": "/web/20201123221659/http://orcid.org/",
+        "sameSite": None,
+        "secure": False,
+        "session": False,
+        "storeId": None,
+        "value": "GA1.2.402246368.1606169825",
+    },
+    {
+        "domain": ".web.archive.org",
+        "expirationDate": 1753446370.315621,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "_ga",
+        "path": "/web/20201123221659/http://orcid.org/",
+        "sameSite": None,
+        "secure": False,
+        "session": False,
+        "storeId": None,
+        "value": "GA1.2.1301409987.1606169825",
+    },
+    {
+        "domain": ".web.archive.org",
+        "expirationDate": 1750422367,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "_hjid",
+        "path": "/web/20201123221659/http://orcid.org/",
+        "sameSite": "lax",
+        "secure": False,
+        "session": False,
+        "storeId": None,
+        "value": "07f80263-a631-4bf4-8ffd-8fc8912085e2",
+    },
+    {
+        "domain": ".web.archive.org",
+        "expirationDate": 1718888167,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "_hjFirstSeen",
+        "path": "/web/20201123221659/http://orcid.org/",
+        "sameSite": "lax",
+        "secure": False,
+        "session": False,
+        "storeId": None,
+        "value": "1",
+    },
+]
+COOKIES_LIST += [
+    {
+        "domain": "orcid.org",
+        "hostOnly": True,
+        "httpOnly": False,
+        "name": "AWSELBCORS",
+        "path": "/",
+        "sameSite": "no_restriction",
+        "secure": True,
+        "session": True,
+        "storeId": None,
+        "value": "CBD1D7FF1216388FA48838CBCA4774FD22800B8FB548A40EF92BB0994D5B77A8410307CDEAA69C52236663F2BF89B252C17BC0FCDF790FD59771BDDF6EA8CA4CFD29D8733F",
+    },
+    {
+        "domain": ".orcid.org",
+        "expirationDate": 1753452454.637671,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "_ga_9R61FWK9H5",
+        "path": "/",
+        "sameSite": None,
+        "secure": False,
+        "session": False,
+        "storeId": None,
+        "value": "GS1.1.1718892454.1.0.1718892454.0.0.0",
+    },
+    {
+        "domain": ".orcid.org",
+        "expirationDate": 1753452454.63421,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "_ga",
+        "path": "/",
+        "sameSite": None,
+        "secure": False,
+        "session": False,
+        "storeId": None,
+        "value": "GA1.1.2021310691.1718892455",
+    },
+    {
+        "domain": "orcid.org",
+        "hostOnly": True,
+        "httpOnly": False,
+        "name": "AWSELB",
+        "path": "/",
+        "sameSite": None,
+        "secure": False,
+        "session": True,
+        "storeId": None,
+        "value": "CBD1D7FF1216388FA48838CBCA4774FD22800B8FB548A40EF92BB0994D5B77A8410307CDEAA69C52236663F2BF89B252C17BC0FCDF790FD59771BDDF6EA8CA4CFD29D8733F",
+    },
+    {
+        "domain": ".orcid.org",
+        "expirationDate": 1750428454,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "OptanonAlertBoxClosed",
+        "path": "/",
+        "sameSite": "lax",
+        "secure": False,
+        "session": False,
+        "storeId": None,
+        "value": "2024-06-20T14:07:34.583Z",
+    },
+    {
+        "domain": ".orcid.org",
+        "expirationDate": 1750428454,
+        "hostOnly": False,
+        "httpOnly": False,
+        "name": "OptanonConsent",
+        "path": "/",
+        "sameSite": "lax",
+        "secure": False,
+        "session": False,
+        "storeId": None,
+        "value": "isGpcEnabled=0&datestamp=Thu+Jun+20+2024+16%3A07%3A34+GMT%2B0200+(heure+d%E2%80%99%C3%A9t%C3%A9+d%E2%80%99Europe+centrale)&version=202310.2.0&browserGpcFlag=0&isIABGlobal=False&hosts=&landingPath=NotLandingPage&groups=C0001%3A1%2CC0003%3A1%2CC0002%3A1%2CC0004%3A1",
+    },
+    {
+        "domain": "orcid.org",
+        "hostOnly": True,
+        "httpOnly": False,
+        "name": "XSRF-TOKEN",
+        "path": "/",
+        "sameSite": None,
+        "secure": True,
+        "session": True,
+        "storeId": None,
+        "value": "6957be7a-bcb4-4d59-a522-ea9b6b210ed9",
+    },
+]
+
+# Create a RequestsCookieJar instance
+COOKIES = RequestsCookieJar()
+
+# Add cookies to the jar
+for cookie in COOKIES_LIST:
+    COOKIES.set(cookie["name"], cookie["value"], domain=cookie["domain"], path=cookie["path"])

scripts/cvedb_tool.py

@@ -0,0 +1,216 @@
+import requests
+from typing import Optional
+from smolagents import Tool
+
+class CVEDBTool(Tool):
+    """
+    Tool for searching vulnerabilities using Shodan's CVEDB API (free, no API key required).
+    """
+    
+    name = "cvedb_search"
+    description = """Tool for searching vulnerabilities using Shodan's CVEDB API (free, no API key required).
+    
+    REQUIRED PARAMETERS:
+    - search_type: Must be 'cve' for specific CVE ID or 'product' for product name search
+    - identifier: The CVE ID or product name to search for
+    
+    This tool allows searching for vulnerabilities in two ways:
+    1. For a specific CVE: cvedb_search(search_type="cve", identifier="CVE-2021-44228")
+    2. For a product: cvedb_search(search_type="product", identifier="microsoft")
+    
+    CRITICAL - Product name format for product search:
+    - ALWAYS use ONLY the base product name, NEVER include versions
+    - CORRECT examples: "log4j", "apache", "microsoft", "chrome", "tomcat", "nginx"
+    - INCORRECT examples: "log4j 2.14.1", "apache http server", "microsoft windows", "chrome 120.0.6099.109"
+    - When searching, strip version numbers and descriptive words
+    - Example: "Apache Tomcat 9.0.65" → search for "tomcat"
+    - Example: "Google Chrome 120.0.6099.109" → search for "chrome"
+    - Example: "Log4j 2.14.1" → search for "log4j"
+    
+    CORRECT Usage examples:
+    - cvedb_search(search_type="cve", identifier="CVE-2021-44228")
+    - cvedb_search(search_type="product", identifier="microsoft")
+    - cvedb_search(search_type="product", identifier="mobaxterm")
+    
+    INCORRECT Usage (will cause errors):
+    - cvedb_search(identifier="microsoft")  # Missing search_type
+    - cvedb_search(search_type="product")   # Missing identifier"""
+    
+    inputs = {
+        "search_type": {
+            "description": "Type of search to perform. Must be 'cve' for specific CVE ID or 'product' for product name search.",
+            "type": "string",
+        },
+        "identifier": {
+            "description": "The CVE ID (e.g., 'CVE-2021-44228') or product name (e.g., 'microsoft'). For products, use ONLY base product names without versions (e.g., 'microsoft' not 'microsoft windows').",
+            "type": "string",
+        },
+    }
+    
+    output_type = "string"
+    
+    def __init__(self):
+        super().__init__()
+
+    def forward(self, search_type: str, identifier: str) -> str:
+        """Search for vulnerabilities in CVEDB."""
+        try:
+            import requests
+            
+            if search_type == "cve":
+                return self._search_by_cve(identifier)
+            elif search_type == "product":
+                return self._search_by_product(identifier)
+            else:
+                return "Error: search_type must be 'cve' or 'product'"
+                
+        except Exception as e:
+            return f"Error searching CVEDB: {str(e)}"
+
+    def _search_by_cve(self, cve_id: str) -> str:
+        """Search for a specific CVE."""
+        import requests
+        
+        url = f"https://cvedb.shodan.io/cve/{cve_id}"
+        
+        try:
+            response = requests.get(url)
+            response.raise_for_status()
+            data = response.json()
+            
+            if not data:
+                return f"No vulnerabilities found for CVE {cve_id}"
+            
+            result = f"Vulnerability found for {cve_id}:\n\n"
+            result += f"- CVE ID: {data.get('cve_id', 'Not available')}\n"
+            result += f"- Summary: {data.get('summary', 'Not available')}\n"
+            result += f"- CVSS Score: {data.get('cvss', 'Not available')}\n"
+            result += f"- CVSS Version: {data.get('cvss_version', 'Not available')}\n"
+            result += f"- CVSS V2: {data.get('cvss_v2', 'Not available')}\n"
+            result += f"- CVSS V3: {data.get('cvss_v3', 'Not available')}\n"
+            result += f"- EPSS Score: {data.get('epss', 'Not available')}\n"
+            result += f"- EPSS Ranking: {data.get('ranking_epss', 'Not available')}\n"
+            result += f"- Known as exploitable (KEV): {'Yes' if data.get('kev') else 'No'}\n"
+            result += f"- Propose Action: {data.get('propose_action', 'Not available')}\n"
+            result += f"- Ransomware Campaign: {data.get('ransomware_campaign', 'Not available')}\n"
+            result += f"- Publication Date: {data.get('published_time', 'Not available')}\n"
+            
+            # Show references
+            references = data.get('references', [])
+            if references:
+                result += f"- References ({len(references)} total):\n"
+                for i, ref in enumerate(references[:10], 1):  # Show first 10 references
+                    result += f"  {i}. {ref}\n"
+                if len(references) > 10:
+                    result += f"  ... and {len(references) - 10} more references\n"
+            else:
+                result += "- References: None\n"
+            
+            # Show CPE count but not the full list
+            cpes = data.get('cpes', [])
+            if cpes:
+                result += f"- Affected CPEs: {len(cpes)} CPEs found (list omitted due to length)\n"
+            else:
+                result += "- Affected CPEs: None\n"
+            
+            return result
+            
+        except requests.exceptions.RequestException as e:
+            return f"Error accessing CVEDB API: {str(e)}"
+
+    def _search_by_product(self, product: str) -> str:
+        """Search for vulnerabilities by product."""
+        import requests
+        
+        # Convert product name to lowercase for consistent search
+        product = product.lower()
+        
+        url = f"https://cvedb.shodan.io/cves"
+        params = {"product": product}
+        
+        try:
+            response = requests.get(url, params=params)
+            response.raise_for_status()
+            data = response.json()
+            
+            if not data or not data.get('cves'):
+                return f"No vulnerabilities found for the product {product}"
+            
+            result = f"Vulnerabilities found for {product}:\n\n"
+            
+            # Show all vulnerabilities
+            for i, vuln in enumerate(data['cves']):
+                result += f"**Vulnerability {i+1}:**\n"
+                result += f"- CVE ID: {vuln.get('cve_id', vuln.get('id', 'Not available'))}\n"
+                result += f"- Summary: {vuln.get('summary', 'Not available')}\n"
+                result += f"- CVSS Score: {vuln.get('cvss', 'Not available')}\n"
+                result += f"- CVSS Version: {vuln.get('cvss_version', 'Not available')}\n"
+                result += f"- CVSS V2: {vuln.get('cvss_v2', 'Not available')}\n"
+                result += f"- CVSS V3: {vuln.get('cvss_v3', 'Not available')}\n"
+                result += f"- EPSS Score: {vuln.get('epss', 'Not available')}\n"
+                result += f"- EPSS Ranking: {vuln.get('ranking_epss', 'Not available')}\n"
+                result += f"- Known as exploitable (KEV): {'Yes' if vuln.get('kev') else 'No'}\n"
+                result += f"- Propose Action: {vuln.get('propose_action', 'Not available')}\n"
+                result += f"- Ransomware Campaign: {vuln.get('ransomware_campaign', 'Not available')}\n"
+                result += f"- Publication Date: {vuln.get('published_time', 'Not available')}\n"
+                
+                # Show references count
+                references = vuln.get('references', [])
+                if references:
+                    result += f"- References: {len(references)} references available\n"
+                else:
+                    result += "- References: None\n"
+                
+                # Show CPE count but not the full list
+                cpes = vuln.get('cpes', [])
+                if cpes:
+                    result += f"- Affected CPEs: {len(cpes)} CPEs found (list omitted due to length)\n"
+                else:
+                    result += "- Affected CPEs: None\n"
+                
+                result += "\n"
+            
+            return result
+            
+        except requests.exceptions.RequestException as e:
+            return f"Error accessing CVEDB API: {str(e)}"
+
+    def _format_context(self, data: dict, search_type: str, identifier: str) -> str:
+        """Format the data for context."""
+        context = []
+        
+        if search_type == "cve":
+            if not data:
+                return f"No vulnerabilities found for CVE {identifier}"
+            
+            context.append(f"CVSS Score: {data['cvss']}")
+            context.append(f"EPSS Score: {data['epss']}")
+            context.append(f"Known as exploitable (KEV): {'Yes' if data.get('kev') else 'No'}")
+            
+            # Important dates
+            if data.get('published_time'):
+                context.append(f"Publication Date: {data['published_time']}")
+            
+            context.append(f"Summary: {data.get('summary', 'Not available')}")
+            
+            # Important references
+            if data.get('references'):
+                context.append("\nImportant references:")
+                for ref in data['references'][:3]:  # Show first 3 references
+                    context.append(f"- {ref}")
+        
+        elif search_type == "product":
+            if not data or not data.get('cves'):
+                return "No vulnerabilities found for this product."
+            
+            context.append(f"Found {len(data['cves'])} vulnerabilities for this product.")
+            context.append("\nMost relevant vulnerabilities:")
+            
+            # Show all vulnerabilities
+            for i, vuln in enumerate(data['cves']):
+                context.append(f"{i+1}. {vuln.get('id', 'Unknown CVE')} - CVSS: {vuln.get('cvss', 'N/A')}")
+            
+            if len(data['cves']) > 5:
+                context.append(f"\n... and {len(data['cves']) - 5} more vulnerabilities")
+        
+        return "\n".join(context) 

scripts/epss_tool.py

@@ -0,0 +1,118 @@
+"""Tool for querying the Exploit Prediction Scoring System (EPSS)."""
+
+from smolagents import Tool
+import requests
+import json
+
+class EpsTool(Tool):
+    """
+    Tool for querying the Exploit Prediction Scoring System (EPSS).
+    """
+    
+    name = "epss_search"
+    description = """Tool for querying the Exploit Prediction Scoring System (EPSS).
+    
+    This tool allows obtaining EPSS scores for specific CVEs.
+    Usage: epss_search(cve_id="CVE-2022-26332", date="2022-03-05")
+    
+    Example: epss_search(cve_id="CVE-2022-26332", date="2022-03-05")
+    
+    The EPSS score indicates the probability that a vulnerability will be exploited in the next 30 days.
+    - Scores range from 0.0 to 1.0
+    - Higher scores indicate higher probability of exploitation
+    - Interpretation:
+      * 0.7+ (70%+): High probability of exploitation
+      * 0.4-0.7 (40-70%): Medium probability of exploitation  
+      * 0.0-0.4 (0-40%): Low probability of exploitation"""
+    
+    inputs = {
+        "cve_id": {
+            "description": "The CVE ID to search for EPSS score (e.g., 'CVE-2022-26332').",
+            "type": "string",
+        },
+        "date": {
+            "description": "Optional date for the EPSS score (format: YYYY-MM-DD).",
+            "type": "string",
+            "nullable": True,
+        },
+    }
+    
+    output_type = "string"
+    
+    def __init__(self):
+        super().__init__()
+        self.base_url = "https://api.first.org/data/v1/epss"
+
+    def forward(self, cve_id: str, date: str = None) -> str:
+        """Search for EPSS score for a specific CVE."""
+        try:
+            # Build the URL with parameters
+            params = {"cve": cve_id}
+            if date:
+                params["date"] = date
+            
+            url = f"{self.base_url}?{'&'.join([f'{k}={v}' for k, v in params.items()])}"
+            
+            response = requests.get(url)
+            response.raise_for_status()
+            data = response.json()
+            
+            if not data.get('data'):
+                return f"No EPSS data found for {cve_id}"
+            
+            epss_data = data['data'][0]
+            
+            result = f"EPSS Score for {cve_id}:\n\n"
+            result += f"- CVE ID: {epss_data.get('cve', 'Not available')}\n"
+            result += f"- EPSS Score: {epss_data.get('epss', 'Not available')}\n"
+            result += f"- Percentile: {epss_data.get('percentile', 'Not available')}\n"
+            result += f"- Date: {epss_data.get('date', 'Not available')}\n"
+            
+            # Add interpretation
+            epss_score = epss_data.get('epss')
+            if epss_score is not None:
+                try:
+                    score = float(epss_score)
+                    if score >= 0.7:
+                        result += f"- Interpretation: High probability of exploitation ({score:.1%})\n"
+                    elif score >= 0.4:
+                        result += f"- Interpretation: Medium probability of exploitation ({score:.1%})\n"
+                    else:
+                        result += f"- Interpretation: Low probability of exploitation ({score:.1%})\n"
+                except ValueError:
+                    pass
+            
+            return result
+            
+        except requests.exceptions.RequestException as e:
+            return f"Error accessing EPSS API: {str(e)}"
+        except Exception as e:
+            return f"Error processing EPSS data: {str(e)}"
+
+    def _format_context(self, data: dict, cve_id: str) -> str:
+        """Format the EPSS data for context."""
+        if not data or not data.get('data'):
+            return f"No EPSS data found for {cve_id}"
+        
+        epss_data = data['data'][0]
+        context = []
+        
+        context.append(f"EPSS Score: {epss_data.get('epss', 'Not available')}")
+        context.append(f"Percentile: {epss_data.get('percentile', 'Not available')}")
+        context.append(f"Date: {epss_data.get('date', 'Not available')}")
+        
+        # Add interpretation
+        epss_score = epss_data.get('epss')
+        if epss_score is not None:
+            try:
+                score = float(epss_score)
+                if score >= 0.7:
+                    context.append(f"Risk Level: High ({score:.1%} probability of exploitation)")
+                elif score >= 0.4:
+                    context.append(f"Risk Level: Medium ({score:.1%} probability of exploitation)")
+                else:
+                    context.append(f"Risk Level: Low ({score:.1%} probability of exploitation)")
+            except ValueError:
+                pass
+        
+        return "\n".join(context) 

scripts/gaia_scorer.py

@@ -0,0 +1,124 @@
+import re
+import string
+import warnings
+
+
+def normalize_number_str(number_str: str) -> float:
+    # we replace these common units and commas to allow
+    # conversion to float
+    for char in ["$", "%", ","]:
+        number_str = number_str.replace(char, "")
+    try:
+        return float(number_str)
+    except ValueError:
+        print(f"String {number_str} cannot be normalized to number str.")
+        return float("inf")
+
+
+def split_string(
+    s: str,
+    char_list: list[str] = [",", ";"],
+) -> list[str]:
+    pattern = f"[{''.join(char_list)}]"
+    return re.split(pattern, s)
+
+
+def is_float(element: any) -> bool:
+    try:
+        float(element)
+        return True
+    except ValueError:
+        return False
+
+
+def question_scorer(
+    model_answer: str,
+    ground_truth: str,
+) -> bool:
+    # if gt is a number
+    if is_float(ground_truth):
+        normalized_answer = normalize_number_str(str(model_answer))
+        return normalized_answer == float(ground_truth)
+
+    # if gt is a list
+    elif any(char in ground_truth for char in [",", ";"]):
+        # question with the fish: normalization removes punct
+
+        gt_elems = split_string(ground_truth)
+        ma_elems = split_string(model_answer)
+
+        # check length is the same
+        if len(gt_elems) != len(ma_elems):
+            warnings.warn("Answer lists have different lengths, returning False.", UserWarning)
+            return False
+
+        # compare each element as float or str
+        comparisons = []
+        for ma_elem, gt_elem in zip(ma_elems, gt_elems):
+            if is_float(gt_elem):
+                normalized_ma_elem = normalize_number_str(ma_elem)
+                comparisons.append(normalized_ma_elem == float(gt_elem))
+            else:
+                # we do not remove punct since comparisons can include punct
+                comparisons.append(
+                    normalize_str(ma_elem, remove_punct=False) == normalize_str(gt_elem, remove_punct=False)
+                )
+        return all(comparisons)
+
+    # if gt is a str
+    else:
+        return normalize_str(model_answer) == normalize_str(ground_truth)
+
+
+def check_prediction_contains_answer_letters_in_order(prediction, true_answer):
+    prediction = prediction.lower()
+    true_answer = true_answer.lower()
+    if len(prediction) > len(true_answer) * 3:
+        return False
+    i = 0
+    for letter in true_answer:
+        if letter in prediction[i:]:
+            i += prediction[i:].index(letter)
+        else:
+            return False
+    return True
+
+
+def check_close_call(prediction, true_answer, is_correct):
+    if is_correct:
+        return True
+    else:
+        if is_float(true_answer):
+            return is_correct
+        else:
+            if (
+                check_prediction_contains_answer_letters_in_order(str(prediction), str(true_answer))
+                and len(str(true_answer)) * 0.5 <= len(str(prediction)) <= len(str(true_answer)) * 2
+            ):
+                print(f"Close call: {prediction} vs {true_answer}")
+                return True
+            else:
+                return False
+
+
+def normalize_str(input_str, remove_punct=True) -> str:
+    """
+    Normalize a string by:
+    - Removing all white spaces
+    - Optionally removing punctuation (if remove_punct is True)
+    - Converting to lowercase
+    Parameters:
+    - input_str: str, the string to normalize
+    - remove_punct: bool, whether to remove punctuation (default: True)
+    Returns:
+    - str, the normalized string
+    """
+    # Remove all white spaces. Required e.g for seagull vs. sea gull
+    no_spaces = re.sub(r"\s", "", input_str)
+
+    # Remove punctuation, if specified.
+    if remove_punct:
+        translator = str.maketrans("", "", string.punctuation)
+        return no_spaces.lower().translate(translator)
+    else:
+        return no_spaces.lower()

scripts/kevin_tool.py

@@ -0,0 +1,228 @@
+"""Tool for searching known exploited vulnerabilities (KEV) using the KEVin API."""
+
+from smolagents import Tool
+import requests
+import json
+
+class KevinTool(Tool):
+    """
+    Tool for searching known exploited vulnerabilities (KEV) using the KEVin API.
+    """
+    
+    name = "kevin_search"
+    description = """Tool for searching known exploited vulnerabilities (KEV) using the KEVin API.
+    
+    This tool allows searching for known exploited vulnerabilities in multiple ways:
+    - By CVE ID: kevin_search(search_type="cve", identifier="CVE-2021-44228")
+    - By keyword: kevin_search(search_type="keyword", identifier="log4j")
+    - Check if CVE is in KEV: kevin_search(search_type="exists", identifier="CVE-2023-22527")
+    - Filter by ransomware: kevin_search(search_type="ransomware")
+    
+    CRITICAL - Product name format for keyword search:
+    - ALWAYS use ONLY the base product name, NEVER include versions
+    - CORRECT examples: "log4j", "apache", "microsoft", "chrome", "tomcat", "nginx"
+    - INCORRECT examples: "log4j 2.14.1", "apache http server", "microsoft windows", "chrome 120.0.6099.109"
+    - When searching, strip version numbers and descriptive words
+    - Example: "Apache Tomcat 9.0.65" → search for "tomcat"
+    - Example: "Google Chrome 120.0.6099.109" → search for "chrome"
+    - Example: "Log4j 2.14.1" → search for "log4j"
+    
+    IMPORTANT: The "exists" search type checks if a CVE is listed in the Known Exploited Vulnerabilities (KEV) database.
+    A CVE can exist in NVD or other databases but not be in KEV if it hasn't been actively exploited.
+    
+    Usage examples:
+    - kevin_search(search_type="cve", identifier="CVE-2021-44228")
+    - kevin_search(search_type="keyword", identifier="log4j")
+    - kevin_search(search_type="exists", identifier="CVE-2023-22527")
+    - kevin_search(search_type="ransomware")"""
+    
+    inputs = {
+        "search_type": {
+            "description": "Type of search to perform. Must be 'cve' for specific CVE ID, 'keyword' for keyword search, 'exists' to check if CVE is in KEV database, or 'ransomware' to filter ransomware vulnerabilities.",
+            "type": "string",
+        },
+        "identifier": {
+            "description": "The CVE ID (e.g., 'CVE-2021-44228') or keyword (e.g., 'log4j'). For keywords, use ONLY base product names without versions (e.g., 'log4j' not 'log4j 2.14.1'). Not required for 'ransomware' search type.",
+            "type": "string",
+            "nullable": True,
+        },
+    }
+    
+    output_type = "string"
+    
+    def __init__(self):
+        super().__init__()
+        self.base_url = "https://kevin.gtfkd.com"
+
+    def forward(self, search_type: str, identifier: str = None) -> str:
+        """Search for known exploited vulnerabilities."""
+        try:
+            if search_type == "cve":
+                if not identifier:
+                    return "Error: identifier is required for CVE search"
+                return self._search_by_cve(identifier)
+            elif search_type == "keyword":
+                if not identifier:
+                    return "Error: identifier is required for keyword search"
+                return self._search_by_keyword(identifier)
+            elif search_type == "exists":
+                if not identifier:
+                    return "Error: identifier is required for exists check"
+                return self._check_exists(identifier)
+            elif search_type == "ransomware":
+                return self._search_ransomware()
+            else:
+                return "Error: search_type must be 'cve', 'keyword', 'exists', or 'ransomware'"
+                
+        except Exception as e:
+            return f"Error searching KEVin: {str(e)}"
+
+    def _check_exists(self, cve_id: str) -> str:
+        """Check if a CVE is listed in the Known Exploited Vulnerabilities (KEV) database."""
+        url = f"{self.base_url}/kev/exists"
+        params = {"cve": cve_id}
+        
+        try:
+            response = requests.get(url, params=params)
+            response.raise_for_status()
+            data = response.json()
+            
+            if data:
+                return f"✅ CVE {cve_id} IS listed in the Known Exploited Vulnerabilities (KEV) database - this means it has been actively exploited in the wild."
+            else:
+                return f"❌ CVE {cve_id} is NOT listed in the Known Exploited Vulnerabilities (KEV) database - this means it has not been reported as actively exploited (though it may exist in other vulnerability databases)."
+            
+        except requests.exceptions.RequestException as e:
+            return f"Error checking KEVin existence: {str(e)}"
+
+    def _search_ransomware(self) -> str:
+        """Search for vulnerabilities known to be used in ransomware."""
+        url = f"{self.base_url}/kev"
+        params = {"filter": "ransomware"}
+        
+        try:
+            response = requests.get(url, params=params)
+            response.raise_for_status()
+            data = response.json()
+            
+            if not data:
+                return "No ransomware-related vulnerabilities found in KEV database."
+            
+            context = []
+            context.append(f"Found {len(data)} ransomware-related vulnerabilities in KEV database.")
+            context.append("\nRansomware vulnerabilities:")
+            
+            # Show all found vulnerabilities
+            for i, vuln in enumerate(data):
+                context.append(f"\n--- Vulnerability {i+1} ---")
+                context.append(f"CVE ID: {vuln.get('cveID', 'Not available')}")
+                context.append(f"Vendor: {vuln.get('vendorProject', 'Not available')}")
+                context.append(f"Product: {vuln.get('product', 'Not available')}")
+                context.append(f"Vulnerability Name: {vuln.get('vulnerabilityName', 'Not available')}")
+                
+                # Important dates
+                context.append(f"Date Added: {vuln.get('dateAdded', 'Not available')}")
+                if vuln.get('dueDate'):
+                    context.append(f"Due Date: {vuln['dueDate']}")
+                
+                context.append(f"Short Description: {vuln.get('shortDescription', 'Not available')}")
+                context.append(f"Required Action: {vuln.get('requiredAction', 'Not available')}")
+                
+                if vuln.get('notes'):
+                    context.append(f"Notes: {vuln['notes']}")
+                
+                context.append("-" * 50)  # Separator between vulnerabilities
+            
+            return "\n".join(context)
+            
+        except requests.exceptions.RequestException as e:
+            return f"Error accessing KEVin API: {str(e)}"
+
+    def _search_by_cve(self, cve_id: str) -> str:
+        """Search for a specific CVE in KEVin."""
+        url = f"{self.base_url}/kev/{cve_id}"
+        
+        try:
+            response = requests.get(url)
+            response.raise_for_status()
+            data = response.json()
+            
+            if not data:
+                return f"No vulnerabilities found for CVE {cve_id}"
+            
+            result = f"Known exploited vulnerability found for {cve_id}:\n\n"
+            result += f"- CVE ID: {data.get('cveID', 'Not available')}\n"
+            result += f"- Vendor: {data.get('vendorProject', 'Not available')}\n"
+            result += f"- Product: {data.get('product', 'Not available')}\n"
+            result += f"- Vulnerability Name: {data.get('vulnerabilityName', 'Not available')}\n"
+            result += f"- Date Added: {data.get('dateAdded', 'Not available')}\n"
+            result += f"- Short Description: {data.get('shortDescription', 'Not available')}\n"
+            result += f"- Required Action: {data.get('requiredAction', 'Not available')}\n"
+            result += f"- Due Date: {data.get('dueDate', 'Not available')}\n"
+            result += f"- Notes: {data.get('notes', 'Not available')}\n"
+            
+            return result
+            
+        except requests.exceptions.RequestException as e:
+            return f"Error accessing KEVin API: {str(e)}"
+
+    def _search_by_keyword(self, keyword: str) -> str:
+        """Search for vulnerabilities by keyword."""
+        url = f"{self.base_url}/kev"
+        params = {"search": keyword}
+        
+        try:
+            response = requests.get(url, params=params)
+            response.raise_for_status()
+            data = response.json()
+            
+            if not data:
+                return f"No vulnerabilities found for keyword '{keyword}'."
+            
+            context = []
+            context.append(f"Found {len(data)} vulnerabilities for keyword '{keyword}'.")
+            context.append("\nVulnerabilities found:")
+            
+            # Show all vulnerabilities
+            for i, vuln in enumerate(data):
+                context.append(f"{i+1}. {vuln.get('cveID', 'Unknown CVE')} - {vuln.get('product', 'Unknown Product')}")
+            
+            return "\n".join(context)
+            
+        except requests.exceptions.RequestException as e:
+            return f"Error accessing KEVin API: {str(e)}"
+
+    def _format_context(self, data: dict, search_type: str, identifier: str) -> str:
+        """Format the data for context."""
+        context = []
+        
+        if search_type == "cve":
+            if not data:
+                return f"No vulnerabilities found for CVE {identifier}"
+            
+            context.append(f"CVE ID: {data.get('cveID', 'Not available')}")
+            context.append(f"Vendor: {data.get('vendorProject', 'Not available')}")
+            context.append(f"Product: {data.get('product', 'Not available')}")
+            context.append(f"Vulnerability Name: {data.get('vulnerabilityName', 'Not available')}")
+            context.append(f"Date Added: {data.get('dateAdded', 'Not available')}")
+            context.append(f"Short Description: {data.get('shortDescription', 'Not available')}")
+            context.append(f"Required Action: {data.get('requiredAction', 'Not available')}")
+            
+            if data.get('dueDate'):
+                context.append(f"Due Date: {data['dueDate']}")
+            
+            if data.get('notes'):
+                context.append(f"Notes: {data['notes']}")
+        
+        elif search_type == "keyword":
+            if not data:
+                return "No vulnerabilities found for this search."
+            
+            context.append(f"Found {len(data)} vulnerabilities.")
+            context.append("\nMost relevant vulnerabilities:")
+            
+            # Show the 5 most relevant vulnerabilities
+            for i, vuln in enumerate(data[:5]):
+                context.append(f"{i+1}. {vuln.get('cveID', 'Unknown CVE')} - {vuln.get('product', 'Unknown Product')}")
+        
+        return "\n".join(context) 

scripts/mdconvert.py

@@ -0,0 +1,949 @@
+# This is copied from Magentic-one's great repo: https://github.com/microsoft/autogen/blob/v0.4.4/python/packages/autogen-magentic-one/src/autogen_magentic_one/markdown_browser/mdconvert.py
+# Thanks to Microsoft researchers for open-sourcing this!
+# type: ignore
+import base64
+import copy
+import html
+import json
+import mimetypes
+import os
+import re
+import shutil
+import subprocess
+import sys
+import tempfile
+import traceback
+from typing import Any, Dict, List, Optional, Union
+from urllib.parse import parse_qs, quote, unquote, urlparse, urlunparse
+
+import mammoth
+import markdownify
+import pandas as pd
+import pdfminer
+import pdfminer.high_level
+import pptx
+
+# File-format detection
+import puremagic
+import pydub
+import requests
+import speech_recognition as sr
+from bs4 import BeautifulSoup
+from youtube_transcript_api import YouTubeTranscriptApi
+from youtube_transcript_api.formatters import SRTFormatter
+
+
+class _CustomMarkdownify(markdownify.MarkdownConverter):
+    """
+    A custom version of markdownify's MarkdownConverter. Changes include:
+
+    - Altering the default heading style to use '#', '##', etc.
+    - Removing javascript hyperlinks.
+    - Truncating images with large data:uri sources.
+    - Ensuring URIs are properly escaped, and do not conflict with Markdown syntax
+    """
+
+    def __init__(self, **options: Any):
+        options["heading_style"] = options.get("heading_style", markdownify.ATX)
+        # Explicitly cast options to the expected type if necessary
+        super().__init__(**options)
+
+    def convert_hn(self, n: int, el: Any, text: str, convert_as_inline: bool) -> str:
+        """Same as usual, but be sure to start with a new line"""
+        if not convert_as_inline:
+            if not re.search(r"^\n", text):
+                return "\n" + super().convert_hn(n, el, text, convert_as_inline)  # type: ignore
+
+        return super().convert_hn(n, el, text, convert_as_inline)  # type: ignore
+
+    def convert_a(self, el: Any, text: str, convert_as_inline: bool):
+        """Same as usual converter, but removes Javascript links and escapes URIs."""
+        prefix, suffix, text = markdownify.chomp(text)  # type: ignore
+        if not text:
+            return ""
+        href = el.get("href")
+        title = el.get("title")
+
+        # Escape URIs and skip non-http or file schemes
+        if href:
+            try:
+                parsed_url = urlparse(href)  # type: ignore
+                if parsed_url.scheme and parsed_url.scheme.lower() not in ["http", "https", "file"]:  # type: ignore
+                    return "%s%s%s" % (prefix, text, suffix)
+                href = urlunparse(parsed_url._replace(path=quote(unquote(parsed_url.path))))  # type: ignore
+            except ValueError:  # It's not clear if this ever gets thrown
+                return "%s%s%s" % (prefix, text, suffix)
+
+        # For the replacement see #29: text nodes underscores are escaped
+        if (
+            self.options["autolinks"]
+            and text.replace(r"\_", "_") == href
+            and not title
+            and not self.options["default_title"]
+        ):
+            # Shortcut syntax
+            return "<%s>" % href
+        if self.options["default_title"] and not title:
+            title = href
+        title_part = ' "%s"' % title.replace('"', r"\"") if title else ""
+        return "%s[%s](%s%s)%s" % (prefix, text, href, title_part, suffix) if href else text
+
+    def convert_img(self, el: Any, text: str, convert_as_inline: bool) -> str:
+        """Same as usual converter, but removes data URIs"""
+
+        alt = el.attrs.get("alt", None) or ""
+        src = el.attrs.get("src", None) or ""
+        title = el.attrs.get("title", None) or ""
+        title_part = ' "%s"' % title.replace('"', r"\"") if title else ""
+        if convert_as_inline and el.parent.name not in self.options["keep_inline_images_in"]:
+            return alt
+
+        # Remove dataURIs
+        if src.startswith("data:"):
+            src = src.split(",")[0] + "..."
+
+        return "![%s](%s%s)" % (alt, src, title_part)
+
+    def convert_soup(self, soup: Any) -> str:
+        return super().convert_soup(soup)  # type: ignore
+
+
+class DocumentConverterResult:
+    """The result of converting a document to text."""
+
+    def __init__(self, title: Union[str, None] = None, text_content: str = ""):
+        self.title: Union[str, None] = title
+        self.text_content: str = text_content
+
+
+class DocumentConverter:
+    """Abstract superclass of all DocumentConverters."""
+
+    def convert(self, local_path: str, **kwargs: Any) -> Union[None, DocumentConverterResult]:
+        raise NotImplementedError()
+
+
+class PlainTextConverter(DocumentConverter):
+    """Anything with content type text/plain"""
+
+    def convert(self, local_path: str, **kwargs: Any) -> Union[None, DocumentConverterResult]:
+        # Guess the content type from any file extension that might be around
+        content_type, _ = mimetypes.guess_type("__placeholder" + kwargs.get("file_extension", ""))
+
+        # Only accept text files
+        if content_type is None:
+            return None
+        # elif "text/" not in content_type.lower():
+        #     return None
+
+        text_content = ""
+        with open(local_path, "rt", encoding="utf-8") as fh:
+            text_content = fh.read()
+        return DocumentConverterResult(
+            title=None,
+            text_content=text_content,
+        )
+
+
+class HtmlConverter(DocumentConverter):
+    """Anything with content type text/html"""
+
+    def convert(self, local_path: str, **kwargs: Any) -> Union[None, DocumentConverterResult]:
+        # Bail if not html
+        extension = kwargs.get("file_extension", "")
+        if extension.lower() not in [".html", ".htm"]:
+            return None
+
+        result = None
+        with open(local_path, "rt", encoding="utf-8") as fh:
+            result = self._convert(fh.read())
+
+        return result
+
+    def _convert(self, html_content: str) -> Union[None, DocumentConverterResult]:
+        """Helper function that converts and HTML string."""
+
+        # Parse the string
+        soup = BeautifulSoup(html_content, "html.parser")
+
+        # Remove javascript and style blocks
+        for script in soup(["script", "style"]):
+            script.extract()
+
+        # Print only the main content
+        body_elm = soup.find("body")
+        webpage_text = ""
+        if body_elm:
+            webpage_text = _CustomMarkdownify().convert_soup(body_elm)
+        else:
+            webpage_text = _CustomMarkdownify().convert_soup(soup)
+
+        assert isinstance(webpage_text, str)
+
+        return DocumentConverterResult(
+            title=None if soup.title is None else soup.title.string, text_content=webpage_text
+        )
+
+
+class WikipediaConverter(DocumentConverter):
+    """Handle Wikipedia pages separately, focusing only on the main document content."""
+
+    def convert(self, local_path: str, **kwargs: Any) -> Union[None, DocumentConverterResult]:
+        # Bail if not Wikipedia
+        extension = kwargs.get("file_extension", "")
+        if extension.lower() not in [".html", ".htm"]:
+            return None
+        url = kwargs.get("url", "")
+        if not re.search(r"^https?:\/\/[a-zA-Z]{2,3}\.wikipedia.org\/", url):
+            return None
+
+        # Parse the file
+        soup = None
+        with open(local_path, "rt", encoding="utf-8") as fh:
+            soup = BeautifulSoup(fh.read(), "html.parser")
+
+        # Remove javascript and style blocks
+        for script in soup(["script", "style"]):
+            script.extract()
+
+        # Print only the main content
+        body_elm = soup.find("div", {"id": "mw-content-text"})
+        title_elm = soup.find("span", {"class": "mw-page-title-main"})
+
+        webpage_text = ""
+        main_title = None if soup.title is None else soup.title.string
+
+        if body_elm:
+            # What's the title
+            if title_elm and len(title_elm) > 0:
+                main_title = title_elm.string  # type: ignore
+                assert isinstance(main_title, str)
+
+            # Convert the page
+            webpage_text = f"# {main_title}\n\n" + _CustomMarkdownify().convert_soup(body_elm)
+        else:
+            webpage_text = _CustomMarkdownify().convert_soup(soup)
+
+        return DocumentConverterResult(
+            title=main_title,
+            text_content=webpage_text,
+        )
+
+
+class YouTubeConverter(DocumentConverter):
+    """Handle YouTube specially, focusing on the video title, description, and transcript."""
+
+    def convert(self, local_path: str, **kwargs: Any) -> Union[None, DocumentConverterResult]:
+        # Bail if not YouTube
+        extension = kwargs.get("file_extension", "")
+        if extension.lower() not in [".html", ".htm"]:
+            return None
+        url = kwargs.get("url", "")
+        if not url.startswith("https://www.youtube.com/watch?"):
+            return None
+
+        # Parse the file
+        soup = None
+        with open(local_path, "rt", encoding="utf-8") as fh:
+            soup = BeautifulSoup(fh.read(), "html.parser")
+
+        # Read the meta tags
+        assert soup.title is not None and soup.title.string is not None
+        metadata: Dict[str, str] = {"title": soup.title.string}
+        for meta in soup(["meta"]):
+            for a in meta.attrs:
+                if a in ["itemprop", "property", "name"]:
+                    metadata[meta[a]] = meta.get("content", "")
+                    break
+
+        # We can also try to read the full description. This is more prone to breaking, since it reaches into the page implementation
+        try:
+            for script in soup(["script"]):
+                content = script.text
+                if "ytInitialData" in content:
+                    lines = re.split(r"\r?\n", content)
+                    obj_start = lines[0].find("{")
+                    obj_end = lines[0].rfind("}")
+                    if obj_start >= 0 and obj_end >= 0:
+                        data = json.loads(lines[0][obj_start : obj_end + 1])
+                        attrdesc = self._findKey(data, "attributedDescriptionBodyText")  # type: ignore
+                        if attrdesc:
+                            metadata["description"] = str(attrdesc["content"])
+                    break
+        except Exception:
+            pass
+
+        # Start preparing the page
+        webpage_text = "# YouTube\n"
+
+        title = self._get(metadata, ["title", "og:title", "name"])  # type: ignore
+        assert isinstance(title, str)
+
+        if title:
+            webpage_text += f"\n## {title}\n"
+
+        stats = ""
+        views = self._get(metadata, ["interactionCount"])  # type: ignore
+        if views:
+            stats += f"- **Views:** {views}\n"
+
+        keywords = self._get(metadata, ["keywords"])  # type: ignore
+        if keywords:
+            stats += f"- **Keywords:** {keywords}\n"
+
+        runtime = self._get(metadata, ["duration"])  # type: ignore
+        if runtime:
+            stats += f"- **Runtime:** {runtime}\n"
+
+        if len(stats) > 0:
+            webpage_text += f"\n### Video Metadata\n{stats}\n"
+
+        description = self._get(metadata, ["description", "og:description"])  # type: ignore
+        if description:
+            webpage_text += f"\n### Description\n{description}\n"
+
+        transcript_text = ""
+        parsed_url = urlparse(url)  # type: ignore
+        params = parse_qs(parsed_url.query)  # type: ignore
+        if "v" in params:
+            assert isinstance(params["v"][0], str)
+            video_id = str(params["v"][0])
+            try:
+                # Must be a single transcript.
+                transcript = YouTubeTranscriptApi.get_transcript(video_id)  # type: ignore
+                # transcript_text = " ".join([part["text"] for part in transcript])  # type: ignore
+                # Alternative formatting:
+                transcript_text = SRTFormatter().format_transcript(transcript)
+            except Exception:
+                pass
+        if transcript_text:
+            webpage_text += f"\n### Transcript\n{transcript_text}\n"
+
+        title = title if title else soup.title.string
+        assert isinstance(title, str)
+
+        return DocumentConverterResult(
+            title=title,
+            text_content=webpage_text,
+        )
+
+    def _get(self, metadata: Dict[str, str], keys: List[str], default: Union[str, None] = None) -> Union[str, None]:
+        for k in keys:
+            if k in metadata:
+                return metadata[k]
+        return default
+
+    def _findKey(self, json: Any, key: str) -> Union[str, None]:  # TODO: Fix json type
+        if isinstance(json, list):
+            for elm in json:
+                ret = self._findKey(elm, key)
+                if ret is not None:
+                    return ret
+        elif isinstance(json, dict):
+            for k in json:
+                if k == key:
+                    return json[k]
+                else:
+                    ret = self._findKey(json[k], key)
+                    if ret is not None:
+                        return ret
+        return None
+
+
+class PdfConverter(DocumentConverter):
+    """
+    Converts PDFs to Markdown. Most style information is ignored, so the results are essentially plain-text.
+    """
+
+    def convert(self, local_path, **kwargs) -> Union[None, DocumentConverterResult]:
+        # Bail if not a PDF
+        extension = kwargs.get("file_extension", "")
+        if extension.lower() != ".pdf":
+            return None
+
+        return DocumentConverterResult(
+            title=None,
+            text_content=pdfminer.high_level.extract_text(local_path),
+        )
+
+
+class DocxConverter(HtmlConverter):
+    """
+    Converts DOCX files to Markdown. Style information (e.g.m headings) and tables are preserved where possible.
+    """
+
+    def convert(self, local_path, **kwargs) -> Union[None, DocumentConverterResult]:
+        # Bail if not a DOCX
+        extension = kwargs.get("file_extension", "")
+        if extension.lower() != ".docx":
+            return None
+
+        result = None
+        with open(local_path, "rb") as docx_file:
+            result = mammoth.convert_to_html(docx_file)
+            html_content = result.value
+            result = self._convert(html_content)
+
+        return result
+
+
+class XlsxConverter(HtmlConverter):
+    """
+    Converts XLSX files to Markdown, with each sheet presented as a separate Markdown table.
+    """
+
+    def convert(self, local_path, **kwargs) -> Union[None, DocumentConverterResult]:
+        # Bail if not a XLSX
+        extension = kwargs.get("file_extension", "")
+        if extension.lower() not in [".xlsx", ".xls"]:
+            return None
+
+        sheets = pd.read_excel(local_path, sheet_name=None)
+        md_content = ""
+        for s in sheets:
+            md_content += f"## {s}\n"
+            html_content = sheets[s].to_html(index=False)
+            md_content += self._convert(html_content).text_content.strip() + "\n\n"
+
+        return DocumentConverterResult(
+            title=None,
+            text_content=md_content.strip(),
+        )
+
+
+class PptxConverter(HtmlConverter):
+    """
+    Converts PPTX files to Markdown. Supports heading, tables and images with alt text.
+    """
+
+    def convert(self, local_path, **kwargs) -> Union[None, DocumentConverterResult]:
+        # Bail if not a PPTX
+        extension = kwargs.get("file_extension", "")
+        if extension.lower() != ".pptx":
+            return None
+
+        md_content = ""
+
+        presentation = pptx.Presentation(local_path)
+        slide_num = 0
+        for slide in presentation.slides:
+            slide_num += 1
+
+            md_content += f"\n\n<!-- Slide number: {slide_num} -->\n"
+
+            title = slide.shapes.title
+            for shape in slide.shapes:
+                # Pictures
+                if self._is_picture(shape):
+                    # https://github.com/scanny/python-pptx/pull/512#issuecomment-1713100069
+                    alt_text = ""
+                    try:
+                        alt_text = shape._element._nvXxPr.cNvPr.attrib.get("descr", "")
+                    except Exception:
+                        pass
+
+                    # A placeholder name
+                    filename = re.sub(r"\W", "", shape.name) + ".jpg"
+                    md_content += "\n![" + (alt_text if alt_text else shape.name) + "](" + filename + ")\n"
+
+                # Tables
+                if self._is_table(shape):
+                    html_table = "<html><body><table>"
+                    first_row = True
+                    for row in shape.table.rows:
+                        html_table += "<tr>"
+                        for cell in row.cells:
+                            if first_row:
+                                html_table += "<th>" + html.escape(cell.text) + "</th>"
+                            else:
+                                html_table += "<td>" + html.escape(cell.text) + "</td>"
+                        html_table += "</tr>"
+                        first_row = False
+                    html_table += "</table></body></html>"
+                    md_content += "\n" + self._convert(html_table).text_content.strip() + "\n"
+
+                # Text areas
+                elif shape.has_text_frame:
+                    if shape == title:
+                        md_content += "# " + shape.text.lstrip() + "\n"
+                    else:
+                        md_content += shape.text + "\n"
+
+            md_content = md_content.strip()
+
+            if slide.has_notes_slide:
+                md_content += "\n\n### Notes:\n"
+                notes_frame = slide.notes_slide.notes_text_frame
+                if notes_frame is not None:
+                    md_content += notes_frame.text
+                md_content = md_content.strip()
+
+        return DocumentConverterResult(
+            title=None,
+            text_content=md_content.strip(),
+        )
+
+    def _is_picture(self, shape):
+        if shape.shape_type == pptx.enum.shapes.MSO_SHAPE_TYPE.PICTURE:
+            return True
+        if shape.shape_type == pptx.enum.shapes.MSO_SHAPE_TYPE.PLACEHOLDER:
+            if hasattr(shape, "image"):
+                return True
+        return False
+
+    def _is_table(self, shape):
+        if shape.shape_type == pptx.enum.shapes.MSO_SHAPE_TYPE.TABLE:
+            return True
+        return False
+
+
+class MediaConverter(DocumentConverter):
+    """
+    Abstract class for multi-modal media (e.g., images and audio)
+    """
+
+    def _get_metadata(self, local_path):
+        exiftool = shutil.which("exiftool")
+        if not exiftool:
+            return None
+        else:
+            try:
+                result = subprocess.run([exiftool, "-json", local_path], capture_output=True, text=True).stdout
+                return json.loads(result)[0]
+            except Exception:
+                return None
+
+
+class WavConverter(MediaConverter):
+    """
+    Converts WAV files to markdown via extraction of metadata (if `exiftool` is installed), and speech transcription (if `speech_recognition` is installed).
+    """
+
+    def convert(self, local_path, **kwargs) -> Union[None, DocumentConverterResult]:
+        # Bail if not a XLSX
+        extension = kwargs.get("file_extension", "")
+        if extension.lower() != ".wav":
+            return None
+
+        md_content = ""
+
+        # Add metadata
+        metadata = self._get_metadata(local_path)
+        if metadata:
+            for f in [
+                "Title",
+                "Artist",
+                "Author",
+                "Band",
+                "Album",
+                "Genre",
+                "Track",
+                "DateTimeOriginal",
+                "CreateDate",
+                "Duration",
+            ]:
+                if f in metadata:
+                    md_content += f"{f}: {metadata[f]}\n"
+
+        # Transcribe
+        try:
+            transcript = self._transcribe_audio(local_path)
+            md_content += "\n\n### Audio Transcript:\n" + ("[No speech detected]" if transcript == "" else transcript)
+        except Exception:
+            md_content += "\n\n### Audio Transcript:\nError. Could not transcribe this audio."
+
+        return DocumentConverterResult(
+            title=None,
+            text_content=md_content.strip(),
+        )
+
+    def _transcribe_audio(self, local_path) -> str:
+        recognizer = sr.Recognizer()
+        with sr.AudioFile(local_path) as source:
+            audio = recognizer.record(source)
+            return recognizer.recognize_google(audio).strip()
+
+
+class Mp3Converter(WavConverter):
+    """
+    Converts MP3 files to markdown via extraction of metadata (if `exiftool` is installed), and speech transcription (if `speech_recognition` AND `pydub` are installed).
+    """
+
+    def convert(self, local_path, **kwargs) -> Union[None, DocumentConverterResult]:
+        # Bail if not a MP3
+        extension = kwargs.get("file_extension", "")
+        if extension.lower() != ".mp3":
+            return None
+
+        md_content = ""
+
+        # Add metadata
+        metadata = self._get_metadata(local_path)
+        if metadata:
+            for f in [
+                "Title",
+                "Artist",
+                "Author",
+                "Band",
+                "Album",
+                "Genre",
+                "Track",
+                "DateTimeOriginal",
+                "CreateDate",
+                "Duration",
+            ]:
+                if f in metadata:
+                    md_content += f"{f}: {metadata[f]}\n"
+
+        # Transcribe
+        handle, temp_path = tempfile.mkstemp(suffix=".wav")
+        os.close(handle)
+        try:
+            sound = pydub.AudioSegment.from_mp3(local_path)
+            sound.export(temp_path, format="wav")
+
+            _args = dict()
+            _args.update(kwargs)
+            _args["file_extension"] = ".wav"
+
+            try:
+                transcript = super()._transcribe_audio(temp_path).strip()
+                md_content += "\n\n### Audio Transcript:\n" + (
+                    "[No speech detected]" if transcript == "" else transcript
+                )
+            except Exception:
+                md_content += "\n\n### Audio Transcript:\nError. Could not transcribe this audio."
+
+        finally:
+            os.unlink(temp_path)
+
+        # Return the result
+        return DocumentConverterResult(
+            title=None,
+            text_content=md_content.strip(),
+        )
+
+
+class ImageConverter(MediaConverter):
+    """
+    Converts images to markdown via extraction of metadata (if `exiftool` is installed), OCR (if `easyocr` is installed), and description via a multimodal LLM (if an mlm_client is configured).
+    """
+
+    def convert(self, local_path, **kwargs) -> Union[None, DocumentConverterResult]:
+        # Bail if not a XLSX
+        extension = kwargs.get("file_extension", "")
+        if extension.lower() not in [".jpg", ".jpeg", ".png"]:
+            return None
+
+        md_content = ""
+
+        # Add metadata
+        metadata = self._get_metadata(local_path)
+        if metadata:
+            for f in [
+                "ImageSize",
+                "Title",
+                "Caption",
+                "Description",
+                "Keywords",
+                "Artist",
+                "Author",
+                "DateTimeOriginal",
+                "CreateDate",
+                "GPSPosition",
+            ]:
+                if f in metadata:
+                    md_content += f"{f}: {metadata[f]}\n"
+
+        # Try describing the image with GPTV
+        mlm_client = kwargs.get("mlm_client")
+        mlm_model = kwargs.get("mlm_model")
+        if mlm_client is not None and mlm_model is not None:
+            md_content += (
+                "\n# Description:\n"
+                + self._get_mlm_description(
+                    local_path, extension, mlm_client, mlm_model, prompt=kwargs.get("mlm_prompt")
+                ).strip()
+                + "\n"
+            )
+
+        return DocumentConverterResult(
+            title=None,
+            text_content=md_content,
+        )
+
+    def _get_mlm_description(self, local_path, extension, client, model, prompt=None):
+        if prompt is None or prompt.strip() == "":
+            prompt = "Write a detailed caption for this image."
+
+        sys.stderr.write(f"MLM Prompt:\n{prompt}\n")
+
+        data_uri = ""
+        with open(local_path, "rb") as image_file:
+            content_type, encoding = mimetypes.guess_type("_dummy" + extension)
+            if content_type is None:
+                content_type = "image/jpeg"
+            image_base64 = base64.b64encode(image_file.read()).decode("utf-8")
+            data_uri = f"data:{content_type};base64,{image_base64}"
+
+        messages = [
+            {
+                "role": "user",
+                "content": [
+                    {"type": "text", "text": prompt},
+                    {
+                        "type": "image_url",
+                        "image_url": {
+                            "url": data_uri,
+                        },
+                    },
+                ],
+            }
+        ]
+
+        response = client.chat.completions.create(model=model, messages=messages)
+        return response.choices[0].message.content
+
+
+class FileConversionException(BaseException):
+    pass
+
+
+class UnsupportedFormatException(BaseException):
+    pass
+
+
+class MarkdownConverter:
+    """(In preview) An extremely simple text-based document reader, suitable for LLM use.
+    This reader will convert common file-types or webpages to Markdown."""
+
+    def __init__(
+        self,
+        requests_session: Optional[requests.Session] = None,
+        mlm_client: Optional[Any] = None,
+        mlm_model: Optional[Any] = None,
+    ):
+        if requests_session is None:
+            self._requests_session = requests.Session()
+        else:
+            self._requests_session = requests_session
+
+        self._mlm_client = mlm_client
+        self._mlm_model = mlm_model
+
+        self._page_converters: List[DocumentConverter] = []
+
+        # Register converters for successful browsing operations
+        # Later registrations are tried first / take higher priority than earlier registrations
+        # To this end, the most specific converters should appear below the most generic converters
+        self.register_page_converter(PlainTextConverter())
+        self.register_page_converter(HtmlConverter())
+        self.register_page_converter(WikipediaConverter())
+        self.register_page_converter(YouTubeConverter())
+        self.register_page_converter(DocxConverter())
+        self.register_page_converter(XlsxConverter())
+        self.register_page_converter(PptxConverter())
+        self.register_page_converter(WavConverter())
+        self.register_page_converter(Mp3Converter())
+        self.register_page_converter(ImageConverter())
+        self.register_page_converter(PdfConverter())
+
+    def convert(
+        self, source: Union[str, requests.Response], **kwargs: Any
+    ) -> DocumentConverterResult:  # TODO: deal with kwargs
+        """
+        Args:
+            - source: can be a string representing a path or url, or a requests.response object
+            - extension: specifies the file extension to use when interpreting the file. If None, infer from source (path, uri, content-type, etc.)
+        """
+
+        # Local path or url
+        if isinstance(source, str):
+            if source.startswith("http://") or source.startswith("https://") or source.startswith("file://"):
+                return self.convert_url(source, **kwargs)
+            else:
+                return self.convert_local(source, **kwargs)
+        # Request response
+        elif isinstance(source, requests.Response):
+            return self.convert_response(source, **kwargs)
+
+    def convert_local(self, path: str, **kwargs: Any) -> DocumentConverterResult:  # TODO: deal with kwargs
+        # Prepare a list of extensions to try (in order of priority)
+        ext = kwargs.get("file_extension")
+        extensions = [ext] if ext is not None else []
+
+        # Get extension alternatives from the path and puremagic
+        base, ext = os.path.splitext(path)
+        self._append_ext(extensions, ext)
+        self._append_ext(extensions, self._guess_ext_magic(path))
+
+        # Convert
+        return self._convert(path, extensions, **kwargs)
+
+    # TODO what should stream's type be?
+    def convert_stream(self, stream: Any, **kwargs: Any) -> DocumentConverterResult:  # TODO: deal with kwargs
+        # Prepare a list of extensions to try (in order of priority)
+        ext = kwargs.get("file_extension")
+        extensions = [ext] if ext is not None else []
+
+        # Save the file locally to a temporary file. It will be deleted before this method exits
+        handle, temp_path = tempfile.mkstemp()
+        fh = os.fdopen(handle, "wb")
+        result = None
+        try:
+            # Write to the temporary file
+            content = stream.read()
+            if isinstance(content, str):
+                fh.write(content.encode("utf-8"))
+            else:
+                fh.write(content)
+            fh.close()
+
+            # Use puremagic to check for more extension options
+            self._append_ext(extensions, self._guess_ext_magic(temp_path))
+
+            # Convert
+            result = self._convert(temp_path, extensions, **kwargs)
+        # Clean up
+        finally:
+            try:
+                fh.close()
+            except Exception:
+                pass
+            os.unlink(temp_path)
+
+        return result
+
+    def convert_url(self, url: str, **kwargs: Any) -> DocumentConverterResult:  # TODO: fix kwargs type
+        # Send a HTTP request to the URL
+        user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Edg/119.0.0.0"
+        response = self._requests_session.get(url, stream=True, headers={"User-Agent": user_agent})
+        response.raise_for_status()
+        return self.convert_response(response, **kwargs)
+
+    def convert_response(
+        self, response: requests.Response, **kwargs: Any
+    ) -> DocumentConverterResult:  # TODO fix kwargs type
+        # Prepare a list of extensions to try (in order of priority)
+        ext = kwargs.get("file_extension")
+        extensions = [ext] if ext is not None else []
+
+        # Guess from the mimetype
+        content_type = response.headers.get("content-type", "").split(";")[0]
+        self._append_ext(extensions, mimetypes.guess_extension(content_type))
+
+        # Read the content disposition if there is one
+        content_disposition = response.headers.get("content-disposition", "")
+        m = re.search(r"filename=([^;]+)", content_disposition)
+        if m:
+            base, ext = os.path.splitext(m.group(1).strip("\"'"))
+            self._append_ext(extensions, ext)
+
+        # Read from the extension from the path
+        base, ext = os.path.splitext(urlparse(response.url).path)
+        self._append_ext(extensions, ext)
+
+        # Save the file locally to a temporary file. It will be deleted before this method exits
+        handle, temp_path = tempfile.mkstemp()
+        fh = os.fdopen(handle, "wb")
+        result = None
+        try:
+            # Download the file
+            for chunk in response.iter_content(chunk_size=512):
+                fh.write(chunk)
+            fh.close()
+
+            # Use puremagic to check for more extension options
+            self._append_ext(extensions, self._guess_ext_magic(temp_path))
+
+            # Convert
+            result = self._convert(temp_path, extensions, url=response.url)
+        except Exception as e:
+            print(f"Error in converting: {e}")
+
+        # Clean up
+        finally:
+            try:
+                fh.close()
+            except Exception:
+                pass
+            os.unlink(temp_path)
+
+        return result
+
+    def _convert(self, local_path: str, extensions: List[Union[str, None]], **kwargs) -> DocumentConverterResult:
+        error_trace = ""
+        for ext in extensions + [None]:  # Try last with no extension
+            for converter in self._page_converters:
+                _kwargs = copy.deepcopy(kwargs)
+
+                # Overwrite file_extension appropriately
+                if ext is None:
+                    if "file_extension" in _kwargs:
+                        del _kwargs["file_extension"]
+                else:
+                    _kwargs.update({"file_extension": ext})
+
+                # Copy any additional global options
+                if "mlm_client" not in _kwargs and self._mlm_client is not None:
+                    _kwargs["mlm_client"] = self._mlm_client
+
+                if "mlm_model" not in _kwargs and self._mlm_model is not None:
+                    _kwargs["mlm_model"] = self._mlm_model
+
+                # If we hit an error log it and keep trying
+                try:
+                    res = converter.convert(local_path, **_kwargs)
+                except Exception:
+                    error_trace = ("\n\n" + traceback.format_exc()).strip()
+
+                if res is not None:
+                    # Normalize the content
+                    res.text_content = "\n".join([line.rstrip() for line in re.split(r"\r?\n", res.text_content)])
+                    res.text_content = re.sub(r"\n{3,}", "\n\n", res.text_content)
+
+                    # Todo
+                    return res
+
+        # If we got this far without success, report any exceptions
+        if len(error_trace) > 0:
+            raise FileConversionException(
+                f"Could not convert '{local_path}' to Markdown. File type was recognized as {extensions}. While converting the file, the following error was encountered:\n\n{error_trace}"
+            )
+
+        # Nothing can handle it!
+        raise UnsupportedFormatException(
+            f"Could not convert '{local_path}' to Markdown. The formats {extensions} are not supported."
+        )
+
+    def _append_ext(self, extensions, ext):
+        """Append a unique non-None, non-empty extension to a list of extensions."""
+        if ext is None:
+            return
+        ext = ext.strip()
+        if ext == "":
+            return
+        # if ext not in extensions:
+        if True:
+            extensions.append(ext)
+
+    def _guess_ext_magic(self, path):
+        """Use puremagic (a Python implementation of libmagic) to guess a file's extension based on the first few bytes."""
+        # Use puremagic to guess
+        try:
+            guesses = puremagic.magic_file(path)
+            if len(guesses) > 0:
+                ext = guesses[0].extension.strip()
+                if len(ext) > 0:
+                    return ext
+        except FileNotFoundError:
+            pass
+        except IsADirectoryError:
+            pass
+        except PermissionError:
+            pass
+        return None
+
+    def register_page_converter(self, converter: DocumentConverter) -> None:
+        """Register a page text converter."""
+        self._page_converters.insert(0, converter)

scripts/nvd_tool.py

@@ -0,0 +1,418 @@
+"""Tool for querying the National Vulnerability Database (NVD) of NIST.
+This tool allows obtaining detailed information about specific vulnerabilities.
+"""
+
+from smolagents import Tool
+import requests
+import json
+from urllib.parse import quote
+
+class NvdTool(Tool):
+    """
+    Tool for querying the National Vulnerability Database (NVD) of NIST.
+    """
+    
+    name = "nvd_search"
+    description = """Tool for querying the National Vulnerability Database (NVD) of NIST.
+    This tool allows searching for vulnerabilities in three ways:
+    1. By CVE ID: nvd_search(search_type="cve", identifier="CVE-2021-44228")
+    2. By keyword: nvd_search(search_type="keyword", identifier="log4j")
+    3. By keyword with exact match: nvd_search(search_type="keyword", identifier="log4j", exact_match=True)
+    
+    CRITICAL - Product name format for keyword search:
+    - ALWAYS use ONLY the base product name, NEVER include versions
+    - CORRECT examples: "log4j", "apache", "microsoft", "chrome", "tomcat", "nginx"
+    - INCORRECT examples: "log4j 2.14.1", "apache http server", "microsoft windows", "chrome 120.0.6099.109"
+    - When searching, strip version numbers and descriptive words
+    - Example: "Apache Tomcat 9.0.65" → search for "tomcat"
+    - Example: "Google Chrome 120.0.6099.109" → search for "chrome"
+    - Example: "Log4j 2.14.1" → search for "log4j"
+    
+    IMPORTANT: search_type must be EXACTLY 'cve' or 'keyword', not 'product' or any other value.
+    CORRECT: nvd_search(search_type="keyword", identifier="mobaxterm")
+    WRONG: nvd_search(search_type="product", identifier="mobaxterm")
+    
+    The exact_match parameter:
+    - When True: Searches for CVEs that contain the EXACT phrase in the description
+    - When False: Searches for CVEs that contain ANY of the words in the description
+    """
+    
+    inputs = {
+        "search_type": {
+            "description": "Type of search to perform. Must be 'cve' for specific CVE ID or 'keyword' for keyword search.",
+            "type": "string",
+        },
+        "identifier": {
+            "description": "The CVE ID (e.g., 'CVE-2021-44228') or keyword (e.g., 'log4j'). For keywords, use ONLY base product names without versions (e.g., 'log4j' not 'log4j 2.14.1').",
+            "type": "string",
+        },
+        "exact_match": {
+            "description": "For keyword searches, whether to match the exact phrase (True) or any word (False).",
+            "type": "boolean",
+            "default": False,
+            "nullable": True,
+        },
+    }
+    
+    output_type = "string"
+    
+    def __init__(self):
+        super().__init__()
+        self.base_url = "https://services.nvd.nist.gov/rest/json/cves/2.0"
+
+    def forward(self, search_type: str, identifier: str, exact_match: bool = False) -> str:
+        """Search for vulnerabilities in NVD."""
+        try:
+            if search_type == "cve":
+                return self._search_by_cve(identifier)
+            elif search_type == "keyword":
+                return self._search_by_keyword(identifier, exact_match)
+            else:
+                return "Error: search_type must be 'cve' or 'keyword'"
+                
+        except Exception as e:
+            return f"Error searching NVD: {str(e)}"
+
+    def _search_by_cve(self, cve_id: str) -> str:
+        """Search for a specific CVE."""
+        url = f"{self.base_url}?cveId={cve_id}"
+        
+        try:
+            response = requests.get(url)
+            response.raise_for_status()
+            data = response.json()
+            
+            if not data.get('vulnerabilities'):
+                return f"No vulnerabilities found for {cve_id}"
+            
+            vuln_data = data['vulnerabilities'][0]['cve']
+            return self._format_cve_data(vuln_data)
+            
+        except requests.exceptions.RequestException as e:
+            return f"Error accessing NVD API: {str(e)}"
+
+    def _search_by_keyword(self, keyword: str, exact_match: bool = False) -> str:
+        """Search for vulnerabilities by keyword."""
+        # Convert keyword to lowercase and encode spaces properly
+        keyword = keyword.lower()
+        encoded_keyword = quote(keyword)
+        
+        # Build the URL based on exact_match parameter
+        if exact_match:
+            # For exact match, use keywordExactMatch parameter
+            url = f"{self.base_url}?keywordSearch={encoded_keyword}&keywordExactMatch"
+        else:
+            # For partial match, just use keywordSearch
+            url = f"{self.base_url}?keywordSearch={encoded_keyword}"
+        
+        try:
+            response = requests.get(url)
+            response.raise_for_status()
+            data = response.json()
+            
+            if not data.get('vulnerabilities'):
+                return f"No vulnerabilities found for '{keyword}'"
+            
+            vulnerabilities = data['vulnerabilities']
+            context = []
+            context.append(f"Found {len(vulnerabilities)} vulnerabilities for search '{keyword}'")
+            context.append("\nVulnerabilities found:")
+            
+            # Show all vulnerabilities
+            for i, vuln in enumerate(vulnerabilities):
+                vuln_data = vuln['cve']
+                context.append(f"\n--- Vulnerability {i+1} ---")
+                context.append(f"CVE ID: {vuln_data.get('id', 'Not available')}")
+                context.append(f"Source Identifier: {vuln_data.get('sourceIdentifier', 'Not available')}")
+                context.append(f"Vulnerability Status: {vuln_data.get('vulnStatus', 'Not available')}")
+                
+                # CVE Tags
+                cve_tags = vuln_data.get('cveTags', [])
+                if cve_tags:
+                    context.append(f"CVE Tags: {', '.join(cve_tags)}")
+                else:
+                    context.append("CVE Tags: None")
+                
+                # Description - show all languages
+                descriptions = vuln_data.get('descriptions', [])
+                if descriptions:
+                    for desc in descriptions:
+                        lang = desc.get('lang', 'unknown')
+                        value = desc.get('value', 'Not available')
+                        context.append(f"Description ({lang}): {value}")
+                else:
+                    context.append("Description: Not available")
+                
+                # CVSS Metrics - show all available versions
+                metrics = vuln_data.get('metrics', {})
+                if metrics:
+                    context.append("\nCVSS Metrics:")
+                    
+                    # CVSS V3.1
+                    if 'cvssMetricV31' in metrics:
+                        cvss_data = metrics['cvssMetricV31'][0]
+                        cvss_info = cvss_data['cvssData']
+                        context.append(f"CVSS V3.1:")
+                        context.append(f"  Base Score: {cvss_info['baseScore']}")
+                        context.append(f"  Base Severity: {cvss_info['baseSeverity']}")
+                        context.append(f"  Vector String: {cvss_info['vectorString']}")
+                        context.append(f"  Attack Vector: {cvss_info['attackVector']}")
+                        context.append(f"  Attack Complexity: {cvss_info['attackComplexity']}")
+                        context.append(f"  Privileges Required: {cvss_info['privilegesRequired']}")
+                        context.append(f"  User Interaction: {cvss_info['userInteraction']}")
+                        context.append(f"  Scope: {cvss_info['scope']}")
+                        context.append(f"  Confidentiality Impact: {cvss_info['confidentialityImpact']}")
+                        context.append(f"  Integrity Impact: {cvss_info['integrityImpact']}")
+                        context.append(f"  Availability Impact: {cvss_info['availabilityImpact']}")
+                        context.append(f"  Exploitability Score: {cvss_data['exploitabilityScore']}")
+                        context.append(f"  Impact Score: {cvss_data['impactScore']}")
+                    
+                    # CVSS V3.0
+                    if 'cvssMetricV30' in metrics:
+                        cvss_data = metrics['cvssMetricV30'][0]
+                        cvss_info = cvss_data['cvssData']
+                        context.append(f"CVSS V3.0:")
+                        context.append(f"  Base Score: {cvss_info['baseScore']}")
+                        context.append(f"  Base Severity: {cvss_info['baseSeverity']}")
+                        context.append(f"  Vector String: {cvss_info['vectorString']}")
+                        context.append(f"  Attack Vector: {cvss_info['attackVector']}")
+                        context.append(f"  Attack Complexity: {cvss_info['attackComplexity']}")
+                        context.append(f"  Privileges Required: {cvss_info['privilegesRequired']}")
+                        context.append(f"  User Interaction: {cvss_info['userInteraction']}")
+                        context.append(f"  Scope: {cvss_info['scope']}")
+                        context.append(f"  Confidentiality Impact: {cvss_info['confidentialityImpact']}")
+                        context.append(f"  Integrity Impact: {cvss_info['integrityImpact']}")
+                        context.append(f"  Availability Impact: {cvss_info['availabilityImpact']}")
+                        context.append(f"  Exploitability Score: {cvss_data['exploitabilityScore']}")
+                        context.append(f"  Impact Score: {cvss_data['impactScore']}")
+                    
+                    # CVSS V2
+                    if 'cvssMetricV2' in metrics:
+                        cvss_data = metrics['cvssMetricV2'][0]
+                        cvss_info = cvss_data['cvssData']
+                        context.append(f"CVSS V2:")
+                        context.append(f"  Base Score: {cvss_info['baseScore']}")
+                        context.append(f"  Base Severity: {cvss_data['baseSeverity']}")
+                        context.append(f"  Vector String: {cvss_info['vectorString']}")
+                        context.append(f"  Access Vector: {cvss_info['accessVector']}")
+                        context.append(f"  Access Complexity: {cvss_info['accessComplexity']}")
+                        context.append(f"  Authentication: {cvss_info['authentication']}")
+                        context.append(f"  Confidentiality Impact: {cvss_info['confidentialityImpact']}")
+                        context.append(f"  Integrity Impact: {cvss_info['integrityImpact']}")
+                        context.append(f"  Availability Impact: {cvss_info['availabilityImpact']}")
+                        context.append(f"  Exploitability Score: {cvss_data['exploitabilityScore']}")
+                        context.append(f"  Impact Score: {cvss_data['impactScore']}")
+                else:
+                    context.append("CVSS Metrics: Not available")
+                
+                # Weaknesses - show all CWEs
+                weaknesses = vuln_data.get('weaknesses', [])
+                if weaknesses:
+                    context.append("\nWeaknesses:")
+                    for weakness in weaknesses:
+                        source = weakness.get('source', 'Unknown')
+                        w_type = weakness.get('type', 'Unknown')
+                        context.append(f"  Source: {source}, Type: {w_type}")
+                        descriptions = weakness.get('description', [])
+                        for desc in descriptions:
+                            lang = desc.get('lang', 'unknown')
+                            value = desc.get('value', 'Not available')
+                            context.append(f"    CWE ({lang}): {value}")
+                else:
+                    context.append("\nWeaknesses: Not available")
+                
+                # Configurations
+                configurations = vuln_data.get('configurations', [])
+                if configurations:
+                    context.append("\nAffected Configurations:")
+                    for config in configurations:
+                        nodes = config.get('nodes', [])
+                        for node in nodes:
+                            operator = node.get('operator', 'Unknown')
+                            negate = node.get('negate', False)
+                            context.append(f"  Operator: {operator}, Negate: {negate}")
+                            cpe_matches = node.get('cpeMatch', [])
+                            for match in cpe_matches:
+                                vulnerable = match.get('vulnerable', False)
+                                criteria = match.get('criteria', 'Not available')
+                                version_end = match.get('versionEndIncluding', 'Not specified')
+                                context.append(f"    CPE: {criteria}")
+                                context.append(f"    Vulnerable: {vulnerable}")
+                                if version_end != 'Not specified':
+                                    context.append(f"    Version End Including: {version_end}")
+                else:
+                    context.append("\nAffected Configurations: Not available")
+                
+                # Dates
+                context.append(f"\nPublished: {vuln_data.get('published', 'Not available')}")
+                context.append(f"Last Modified: {vuln_data.get('lastModified', 'Not available')}")
+                
+                # References - show all with tags
+                references = vuln_data.get('references', [])
+                if references:
+                    context.append("\nReferences:")
+                    for ref in references:
+                        url = ref.get('url', 'Not available')
+                        source = ref.get('source', 'Unknown')
+                        tags = ref.get('tags', [])
+                        context.append(f"  URL: {url}")
+                        context.append(f"  Source: {source}")
+                        if tags:
+                            context.append(f"  Tags: {', '.join(tags)}")
+                        context.append("")
+                else:
+                    context.append("\nReferences: Not available")
+                
+                context.append("-" * 50)  # Separator between vulnerabilities
+            
+            return "\n".join(context)
+            
+        except requests.exceptions.RequestException as e:
+            return f"Error accessing NVD API: {str(e)}"
+
+    def _format_cve_data(self, vuln_data: dict) -> str:
+        """Format CVE data for display."""
+        context = []
+        
+        context.append(f"CVE ID: {vuln_data.get('id', 'Not available')}")
+        context.append(f"Source Identifier: {vuln_data.get('sourceIdentifier', 'Not available')}")
+        context.append(f"Vulnerability Status: {vuln_data.get('vulnStatus', 'Not available')}")
+        
+        # CVE Tags
+        cve_tags = vuln_data.get('cveTags', [])
+        if cve_tags:
+            context.append(f"CVE Tags: {', '.join(cve_tags)}")
+        else:
+            context.append("CVE Tags: None")
+        
+        # Description - show all languages
+        descriptions = vuln_data.get('descriptions', [])
+        if descriptions:
+            for desc in descriptions:
+                lang = desc.get('lang', 'unknown')
+                value = desc.get('value', 'Not available')
+                context.append(f"Description ({lang}): {value}")
+        else:
+            context.append("Description: Not available")
+        
+        # CVSS Metrics - show all available versions
+        metrics = vuln_data.get('metrics', {})
+        if metrics:
+            context.append("\nCVSS Metrics:")
+            
+            # CVSS V3.1
+            if 'cvssMetricV31' in metrics:
+                cvss_data = metrics['cvssMetricV31'][0]
+                cvss_info = cvss_data['cvssData']
+                context.append(f"CVSS V3.1:")
+                context.append(f"  Base Score: {cvss_info['baseScore']}")
+                context.append(f"  Base Severity: {cvss_info['baseSeverity']}")
+                context.append(f"  Vector String: {cvss_info['vectorString']}")
+                context.append(f"  Attack Vector: {cvss_info['attackVector']}")
+                context.append(f"  Attack Complexity: {cvss_info['attackComplexity']}")
+                context.append(f"  Privileges Required: {cvss_info['privilegesRequired']}")
+                context.append(f"  User Interaction: {cvss_info['userInteraction']}")
+                context.append(f"  Scope: {cvss_info['scope']}")
+                context.append(f"  Confidentiality Impact: {cvss_info['confidentialityImpact']}")
+                context.append(f"  Integrity Impact: {cvss_info['integrityImpact']}")
+                context.append(f"  Availability Impact: {cvss_info['availabilityImpact']}")
+                context.append(f"  Exploitability Score: {cvss_data['exploitabilityScore']}")
+                context.append(f"  Impact Score: {cvss_data['impactScore']}")
+            
+            # CVSS V3.0
+            if 'cvssMetricV30' in metrics:
+                cvss_data = metrics['cvssMetricV30'][0]
+                cvss_info = cvss_data['cvssData']
+                context.append(f"CVSS V3.0:")
+                context.append(f"  Base Score: {cvss_info['baseScore']}")
+                context.append(f"  Base Severity: {cvss_info['baseSeverity']}")
+                context.append(f"  Vector String: {cvss_info['vectorString']}")
+                context.append(f"  Attack Vector: {cvss_info['attackVector']}")
+                context.append(f"  Attack Complexity: {cvss_info['attackComplexity']}")
+                context.append(f"  Privileges Required: {cvss_info['privilegesRequired']}")
+                context.append(f"  User Interaction: {cvss_info['userInteraction']}")
+                context.append(f"  Scope: {cvss_info['scope']}")
+                context.append(f"  Confidentiality Impact: {cvss_info['confidentialityImpact']}")
+                context.append(f"  Integrity Impact: {cvss_info['integrityImpact']}")
+                context.append(f"  Availability Impact: {cvss_info['availabilityImpact']}")
+                context.append(f"  Exploitability Score: {cvss_data['exploitabilityScore']}")
+                context.append(f"  Impact Score: {cvss_data['impactScore']}")
+            
+            # CVSS V2
+            if 'cvssMetricV2' in metrics:
+                cvss_data = metrics['cvssMetricV2'][0]
+                cvss_info = cvss_data['cvssData']
+                context.append(f"CVSS V2:")
+                context.append(f"  Base Score: {cvss_info['baseScore']}")
+                context.append(f"  Base Severity: {cvss_data['baseSeverity']}")
+                context.append(f"  Vector String: {cvss_info['vectorString']}")
+                context.append(f"  Access Vector: {cvss_info['accessVector']}")
+                context.append(f"  Access Complexity: {cvss_info['accessComplexity']}")
+                context.append(f"  Authentication: {cvss_info['authentication']}")
+                context.append(f"  Confidentiality Impact: {cvss_info['confidentialityImpact']}")
+                context.append(f"  Integrity Impact: {cvss_info['integrityImpact']}")
+                context.append(f"  Availability Impact: {cvss_info['availabilityImpact']}")
+                context.append(f"  Exploitability Score: {cvss_data['exploitabilityScore']}")
+                context.append(f"  Impact Score: {cvss_data['impactScore']}")
+        else:
+            context.append("CVSS Metrics: Not available")
+        
+        # Weaknesses - show all CWEs
+        weaknesses = vuln_data.get('weaknesses', [])
+        if weaknesses:
+            context.append("\nWeaknesses:")
+            for weakness in weaknesses:
+                source = weakness.get('source', 'Unknown')
+                w_type = weakness.get('type', 'Unknown')
+                context.append(f"  Source: {source}, Type: {w_type}")
+                descriptions = weakness.get('description', [])
+                for desc in descriptions:
+                    lang = desc.get('lang', 'unknown')
+                    value = desc.get('value', 'Not available')
+                    context.append(f"    CWE ({lang}): {value}")
+        else:
+            context.append("\nWeaknesses: Not available")
+        
+        # Configurations
+        configurations = vuln_data.get('configurations', [])
+        if configurations:
+            context.append("\nAffected Configurations:")
+            for config in configurations:
+                nodes = config.get('nodes', [])
+                for node in nodes:
+                    operator = node.get('operator', 'Unknown')
+                    negate = node.get('negate', False)
+                    context.append(f"  Operator: {operator}, Negate: {negate}")
+                    cpe_matches = node.get('cpeMatch', [])
+                    for match in cpe_matches:
+                        vulnerable = match.get('vulnerable', False)
+                        criteria = match.get('criteria', 'Not available')
+                        version_end = match.get('versionEndIncluding', 'Not specified')
+                        context.append(f"    CPE: {criteria}")
+                        context.append(f"    Vulnerable: {vulnerable}")
+                        if version_end != 'Not specified':
+                            context.append(f"    Version End Including: {version_end}")
+        else:
+            context.append("\nAffected Configurations: Not available")
+        
+        # Dates
+        context.append(f"\nPublished: {vuln_data.get('published', 'Not available')}")
+        context.append(f"Last Modified: {vuln_data.get('lastModified', 'Not available')}")
+        
+        # References - show all with tags
+        references = vuln_data.get('references', [])
+        if references:
+            context.append("\nReferences:")
+            for ref in references:
+                url = ref.get('url', 'Not available')
+                source = ref.get('source', 'Unknown')
+                tags = ref.get('tags', [])
+                context.append(f"  URL: {url}")
+                context.append(f"  Source: {source}")
+                if tags:
+                    context.append(f"  Tags: {', '.join(tags)}")
+                context.append("")
+        else:
+            context.append("\nReferences: Not available")
+        
+        return "\n".join(context) 

scripts/reformulator.py

@@ -0,0 +1,86 @@
+# Shamelessly stolen from Microsoft Autogen team: thanks to them for this great resource!
+# https://github.com/microsoft/autogen/blob/gaia_multiagent_v01_march_1st/autogen/browser_utils.py
+import copy
+
+from smolagents.models import MessageRole, Model
+
+
+def prepare_response(original_task: str, inner_messages, reformulation_model: Model) -> str:
+    messages = [
+        {
+            "role": MessageRole.SYSTEM,
+            "content": [
+                {
+                    "type": "text",
+                    "text": f"""Earlier you were asked the following:
+
+{original_task}
+
+Your team then worked diligently to address that request. Read below a transcript of that conversation:""",
+                }
+            ],
+        }
+    ]
+
+    # The first message just repeats the question, so remove it
+    # if len(inner_messages) > 1:
+    #    del inner_messages[0]
+
+    # copy them to this context
+    try:
+        for message in inner_messages:
+            if not message.get("content"):
+                continue
+            message = copy.deepcopy(message)
+            message["role"] = MessageRole.USER
+            messages.append(message)
+    except Exception:
+        messages += [{"role": MessageRole.ASSISTANT, "content": str(inner_messages)}]
+
+    # ask for the final answer
+    messages.append(
+        {
+            "role": MessageRole.USER,
+            "content": [
+                {
+                    "type": "text",
+                    "text": f"""
+Read the above conversation and output a FINAL ANSWER to the question. The question is repeated here for convenience:
+
+{original_task}
+
+To output the final answer, use the following template: FINAL ANSWER: [YOUR FINAL ANSWER]
+Your FINAL ANSWER should be a number OR as few words as possible OR a comma separated list of numbers and/or strings.
+ADDITIONALLY, your FINAL ANSWER MUST adhere to any formatting instructions specified in the original question (e.g., alphabetization, sequencing, units, rounding, decimal places, etc.)
+If you are asked for a number, express it numerically (i.e., with digits rather than words), don't use commas, and DO NOT INCLUDE UNITS such as $ or USD or percent signs unless specified otherwise.
+If you are asked for a string, don't use articles or abbreviations (e.g. for cities), unless specified otherwise. Don't output any final sentence punctuation such as '.', '!', or '?'.
+If you are asked for a comma separated list, apply the above rules depending on whether the elements are numbers or strings.
+If you are unable to determine the final answer, output 'FINAL ANSWER: Unable to determine'
+""",
+                }
+            ],
+        }
+    )
+
+    response = reformulation_model(messages).content
+
+    final_answer = response.split("FINAL ANSWER: ")[-1].strip()
+    print("> Reformulated answer: ", final_answer)
+
+    #     if "unable to determine" in final_answer.lower():
+    #         messages.append({"role": MessageRole.ASSISTANT, "content": response })
+    #         messages.append({"role": MessageRole.USER, "content": [{"type": "text", "text": """
+    # I understand that a definitive answer could not be determined. Please make a well-informed EDUCATED GUESS based on the conversation.
+
+    # To output the educated guess, use the following template: EDUCATED GUESS: [YOUR EDUCATED GUESS]
+    # Your EDUCATED GUESS should be a number OR as few words as possible OR a comma separated list of numbers and/or strings. DO NOT OUTPUT 'I don't know', 'Unable to determine', etc.
+    # ADDITIONALLY, your EDUCATED GUESS MUST adhere to any formatting instructions specified in the original question (e.g., alphabetization, sequencing, units, rounding, decimal places, etc.)
+    # If you are asked for a number, express it numerically (i.e., with digits rather than words), don't use commas, and don't include units such as $ or percent signs unless specified otherwise.
+    # If you are asked for a string, don't use articles or abbreviations (e.g. cit for cities), unless specified otherwise. Don't output any final sentence punctuation such as '.', '!', or '?'.
+    # If you are asked for a comma separated list, apply the above rules depending on whether the elements are numbers or strings.
+    # """.strip()}]})
+
+    #         response = model(messages).content
+    #         print("\n>>>Making an educated guess.\n", response)
+    #         final_answer = response.split("EDUCATED GUESS: ")[-1].strip()
+    return final_answer

scripts/report_generator.py

@@ -0,0 +1,276 @@
+import json
+import os
+from datetime import datetime
+from typing import Dict, List, Optional
+from smolagents import Tool
+import plotly.graph_objects as go
+import plotly.express as px
+from jinja2 import Template
+
+class ReportGeneratorTool(Tool):
+    """Tool for generating interactive HTML vulnerability reports with charts."""
+    
+    name = "generate_vulnerability_report"
+    description = "Generates an interactive HTML report with charts and vulnerability analysis. The report is generated from CVEDB search results."
+    inputs = {
+        "vulnerability_data": {
+            "type": "string",
+            "description": "Vulnerability data in JSON format",
+        },
+        "report_type": {
+            "type": "string",
+            "description": "Report type: 'cve' for a specific CVE or 'product' for a product",
+        }
+    }
+    output_type = "string"
+    
+    def __init__(self):
+        super().__init__()
+        
+        # Base HTML template
+        self.html_template = """
+        <!DOCTYPE html>
+        <html>
+        <head>
+            <title>Vulnerability Report</title>
+            <script src="https://cdn.plot.ly/plotly-latest.min.js"></script>
+            <style>
+                body { font-family: Arial, sans-serif; margin: 20px; }
+                .container { max-width: 1200px; margin: 0 auto; }
+                .header { text-align: center; margin-bottom: 30px; }
+                .section { margin-bottom: 40px; }
+                .chart { margin: 20px 0; }
+                .summary { background-color: #f5f5f5; padding: 20px; border-radius: 5px; }
+                .critical { color: #dc3545; }
+                .high { color: #fd7e14; }
+                .medium { color: #ffc107; }
+                .low { color: #28a745; }
+            </style>
+        </head>
+        <body>
+            <div class="container">
+                <div class="header">
+                    <h1>Vulnerability Report</h1>
+                    <p>Generated on {{ generation_date }}</p>
+                </div>
+                
+                <div class="section">
+                    <h2>Summary</h2>
+                    <div class="summary">
+                        {{ summary }}
+                    </div>
+                </div>
+                
+                <div class="section">
+                    <h2>Severity Distribution (CVSS)</h2>
+                    <div id="cvss_chart" class="chart"></div>
+                </div>
+                
+                <div class="section">
+                    <h2>Temporal Trend</h2>
+                    <div id="timeline_chart" class="chart"></div>
+                </div>
+                
+                <div class="section">
+                    <h2>Vulnerability Details</h2>
+                    {{ vulnerabilities_table }}
+                </div>
+            </div>
+            
+            <script>
+                {{ plotly_js }}
+            </script>
+        </body>
+        </html>
+        """
+
+    def forward(self, vulnerability_data: str, report_type: str) -> str:
+        """Generates an HTML report with interactive charts from vulnerability data."""
+        try:
+            data = json.loads(vulnerability_data)
+            
+            # Generate charts with Plotly
+            cvss_chart = self._generate_cvss_chart(data)
+            timeline_chart = self._generate_timeline_chart(data)
+            
+            # Generate vulnerability table
+            vulnerabilities_table = self._generate_vulnerabilities_table(data)
+            
+            # Generate summary
+            summary = self._generate_summary(data, report_type)
+            
+            # Render template
+            template = Template(self.html_template)
+            html = template.render(
+                generation_date=datetime.now().strftime("%Y-%m-%d %H:%M:%S"),
+                summary=summary,
+                vulnerabilities_table=vulnerabilities_table,
+                plotly_js=f"""
+                    var cvssData = {cvss_chart};
+                    var timelineData = {timeline_chart};
+                    Plotly.newPlot('cvss_chart', cvssData.data, cvssData.layout);
+                    Plotly.newPlot('timeline_chart', timelineData.data, timelineData.layout);
+                """
+            )
+            
+            # Save the report to the reports folder
+            # NOTE: Only saves to folder when running locally
+            # If deployed on a Hugging Face Space, it doesn't save files
+            timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
+            filename = f"vulnerability_report_{report_type}_{timestamp}.html"
+            
+            # Create the reports folder if it doesn't exist
+            reports_dir = "reports"
+            if not os.path.exists(reports_dir):
+                os.makedirs(reports_dir)
+            
+            # Save the file
+            filepath = os.path.join(reports_dir, filename)
+            with open(filepath, 'w', encoding='utf-8') as f:
+                f.write(html)
+            
+            return f"Report generated and saved as: {filepath}\n\n{html}"
+            
+        except Exception as e:
+            return f"Error generating report: {str(e)}"
+
+    def _generate_cvss_chart(self, data: Dict) -> Dict:
+        """Generates a CVSS score distribution chart."""
+        if isinstance(data, list):
+            cvss_scores = [v.get('cvss', 0) for v in data if 'cvss' in v]
+        else:
+            cvss_scores = [data.get('cvss', 0)] if 'cvss' in data else []
+            
+        fig = go.Figure()
+        fig.add_trace(go.Histogram(
+            x=cvss_scores,
+            nbinsx=10,
+            name='CVSS Scores'
+        ))
+        
+        fig.update_layout(
+            title='CVSS Score Distribution',
+            xaxis_title='CVSS Score',
+            yaxis_title='Number of Vulnerabilities',
+            showlegend=False
+        )
+        
+        return fig.to_json()
+
+    def _generate_timeline_chart(self, data: Dict) -> Dict:
+        """Generates a vulnerability timeline chart."""
+        if isinstance(data, list):
+            dates = [v.get('published_time', '') for v in data if 'published_time' in v]
+        else:
+            dates = [data.get('published_time', '')] if 'published_time' in data else []
+            
+        # Convert dates to datetime format and count by month
+        from collections import Counter
+        from datetime import datetime
+        
+        date_counts = Counter()
+        for date_str in dates:
+            try:
+                date = datetime.strptime(date_str, "%Y-%m-%dT%H:%M:%S")
+                month_key = date.strftime("%Y-%m")
+                date_counts[month_key] += 1
+            except:
+                continue
+                
+        months = sorted(date_counts.keys())
+        counts = [date_counts[m] for m in months]
+        
+        fig = go.Figure()
+        fig.add_trace(go.Scatter(
+            x=months,
+            y=counts,
+            mode='lines+markers',
+            name='Vulnerabilities'
+        ))
+        
+        fig.update_layout(
+            title='Vulnerability Timeline Trend',
+            xaxis_title='Month',
+            yaxis_title='Number of Vulnerabilities',
+            showlegend=False
+        )
+        
+        return fig.to_json()
+
+    def _generate_vulnerabilities_table(self, data: Dict) -> str:
+        """Generates an HTML table with vulnerability details."""
+        if isinstance(data, list):
+            vulnerabilities = data
+        else:
+            vulnerabilities = [data]
+            
+        if not vulnerabilities:
+            return "<p>No vulnerability data available.</p>"
+            
+        table_html = """
+        <table border="1" style="width: 100%; border-collapse: collapse;">
+            <thead>
+                <tr style="background-color: #f2f2f2;">
+                    <th style="padding: 8px; text-align: left;">CVE ID</th>
+                    <th style="padding: 8px; text-align: left;">CVSS Score</th>
+                    <th style="padding: 8px; text-align: left;">EPSS Score</th>
+                    <th style="padding: 8px; text-align: left;">Known Exploitable</th>
+                    <th style="padding: 8px; text-align: left;">Publication Date</th>
+                    <th style="padding: 8px; text-align: left;">Summary</th>
+                </tr>
+            </thead>
+            <tbody>
+        """
+        
+        for vuln in vulnerabilities:
+            cvss = vuln.get('cvss', 'Not available')
+            epss = vuln.get('epss', 'Not available')
+            kev = vuln.get('kev', False)
+            
+            # Determine risk class based on CVSS score
+            risk_class = ""
+            if cvss != 'Not available' and isinstance(cvss, (int, float)):
+                if cvss >= 7.0:
+                    risk_class = "critical"
+                elif cvss >= 4.0:
+                    risk_class = "high"
+                else:
+                    risk_class = "low"
+            
+            table_html += f"""
+                <tr class="{risk_class}">
+                    <td style="padding: 8px;">{vuln.get('id', 'Not available')}</td>
+                    <td style="padding: 8px;">{cvss}</td>
+                    <td style="padding: 8px;">{epss}</td>
+                    <td style="padding: 8px;">{'Yes' if kev else 'No'}</td>
+                    <td style="padding: 8px;">{vuln.get('published_time', 'Not available')}</td>
+                    <td style="padding: 8px;">{vuln.get('summary', 'Not available')[:100]}...</td>
+                </tr>
+            """
+        
+        table_html += """
+            </tbody>
+        </table>
+        """
+        
+        return table_html
+
+    def _generate_summary(self, data: Dict, report_type: str) -> str:
+        """Generates a summary of the vulnerability data."""
+        if isinstance(data, list):
+            total_vulns = len(data)
+            exploited = sum(1 for v in data if v.get('kev', False))
+            avg_cvss = sum(v.get('cvss', 0) for v in data if 'cvss' in v) / max(1, sum(1 for v in data if 'cvss' in v))
+        else:
+            total_vulns = 1
+            exploited = 1 if data.get('kev', False) else 0
+            avg_cvss = data.get('cvss', 0)
+        
+        summary_html = f"""
+        <p>Found <strong>{total_vulns}</strong> vulnerabilities.</p>
+        <p>Exploited vulnerabilities: <strong>{exploited}</strong></p>
+        <p>Average CVSS Score: <strong>{avg_cvss:.2f}</strong></p>
+        <p>Publication date: <strong>{data.get('published_time', 'N/A')}</strong></p>
+        """
+        
+        return summary_html 

scripts/run_agents.py

@@ -0,0 +1,87 @@
+import json
+import os
+import shutil
+import textwrap
+from pathlib import Path
+
+# import tqdm.asyncio
+from smolagents.utils import AgentError
+
+
+def serialize_agent_error(obj):
+    if isinstance(obj, AgentError):
+        return {"error_type": obj.__class__.__name__, "message": obj.message}
+    else:
+        return str(obj)
+
+
+def get_image_description(file_name: str, question: str, visual_inspection_tool) -> str:
+    prompt = f"""Write a caption of 5 sentences for this image. Pay special attention to any details that might be useful for someone answering the following question:
+{question}. But do not try to answer the question directly!
+Do not add any information that is not present in the image."""
+    return visual_inspection_tool(image_path=file_name, question=prompt)
+
+
+def get_document_description(file_path: str, question: str, document_inspection_tool) -> str:
+    prompt = f"""Write a caption of 5 sentences for this document. Pay special attention to any details that might be useful for someone answering the following question:
+{question}. But do not try to answer the question directly!
+Do not add any information that is not present in the document."""
+    return document_inspection_tool.forward_initial_exam_mode(file_path=file_path, question=prompt)
+
+
+def get_single_file_description(file_path: str, question: str, visual_inspection_tool, document_inspection_tool):
+    file_extension = file_path.split(".")[-1]
+    if file_extension in ["png", "jpg", "jpeg"]:
+        file_description = f" - Attached image: {file_path}"
+        file_description += (
+            f"\n     -> Image description: {get_image_description(file_path, question, visual_inspection_tool)}"
+        )
+        return file_description
+    elif file_extension in ["pdf", "xls", "xlsx", "docx", "doc", "xml"]:
+        file_description = f" - Attached document: {file_path}"
+        image_path = file_path.split(".")[0] + ".png"
+        if os.path.exists(image_path):
+            description = get_image_description(image_path, question, visual_inspection_tool)
+        else:
+            description = get_document_description(file_path, question, document_inspection_tool)
+        file_description += f"\n     -> File description: {description}"
+        return file_description
+    elif file_extension in ["mp3", "m4a", "wav"]:
+        return f" - Attached audio: {file_path}"
+    else:
+        return f" - Attached file: {file_path}"
+
+
+def get_zip_description(file_path: str, question: str, visual_inspection_tool, document_inspection_tool):
+    folder_path = file_path.replace(".zip", "")
+    os.makedirs(folder_path, exist_ok=True)
+    shutil.unpack_archive(file_path, folder_path)
+
+    prompt_use_files = ""
+    for root, dirs, files in os.walk(folder_path):
+        for file in files:
+            file_path = os.path.join(root, file)
+            prompt_use_files += "\n" + textwrap.indent(
+                get_single_file_description(file_path, question, visual_inspection_tool, document_inspection_tool),
+                prefix="    ",
+            )
+    return prompt_use_files
+
+
+def get_tasks_to_run(data, total: int, base_filename: Path, tasks_ids: list[int]):
+    f = base_filename.parent / f"{base_filename.stem}_answers.jsonl"
+    done = set()
+    if f.exists():
+        with open(f, encoding="utf-8") as fh:
+            done = {json.loads(line)["task_id"] for line in fh if line.strip()}
+
+    tasks = []
+    for i in range(total):
+        task_id = int(data[i]["task_id"])
+        if task_id not in done:
+            if tasks_ids is not None:
+                if task_id in tasks_ids:
+                    tasks.append(data[i])
+            else:
+                tasks.append(data[i])
+    return tasks

scripts/run_mcp_chatbot.py

@@ -0,0 +1,28 @@
+"""MCP chatbot runner with vulnerability search tools."""
+
+from gradio_mcp import GradioMCP
+from scripts.tools_mcp import (
+    search_cvedb,
+    search_nvd,
+    search_kevin,
+    search_epss,
+    generate_vulnerability_report
+)
+
+def main():
+    """Main function to run the MCP chatbot."""
+    # Initialize the Gradio MCP interface
+    mcp = GradioMCP()
+    
+    # Register tools
+    mcp.register_tool(search_cvedb)
+    mcp.register_tool(search_nvd)
+    mcp.register_tool(search_kevin)
+    mcp.register_tool(search_epss)
+    mcp.register_tool(generate_vulnerability_report)
+    
+    # Launch the interface
+    mcp.launch()
+
+if __name__ == "__main__":
+    main() 

scripts/text_inspector_tool.py

@@ -0,0 +1,122 @@
+from typing import Optional
+
+from smolagents import Tool
+from smolagents.models import MessageRole, Model
+
+from .mdconvert import MarkdownConverter
+
+
+class TextInspectorTool(Tool):
+    name = "inspect_file_as_text"
+    description = """
+You cannot load files yourself: instead call this tool to read a file as markdown text and ask questions about it.
+This tool handles the following file extensions: [".html", ".htm", ".xlsx", ".pptx", ".wav", ".mp3", ".flac", ".pdf", ".docx"], and all other types of text files. IT DOES NOT HANDLE IMAGES."""
+
+    inputs = {
+        "file_path": {
+            "description": "The path to the file you want to read as text. Must be a '.something' file, like '.pdf'. If it is an image, use the visualizer tool instead! DO NOT use this tool for an HTML webpage: use the web_search tool instead!",
+            "type": "string",
+        },
+        "question": {
+            "description": "[Optional]: Your question, as a natural language sentence. Provide as much context as possible. Do not pass this parameter if you just want to directly return the content of the file.",
+            "type": "string",
+            "nullable": True,
+        },
+    }
+    output_type = "string"
+    md_converter = MarkdownConverter()
+
+    def __init__(self, model: Model, text_limit: int):
+        super().__init__()
+        self.model = model
+        self.text_limit = text_limit
+
+    def forward_initial_exam_mode(self, file_path, question):
+        result = self.md_converter.convert(file_path)
+
+        if file_path[-4:] in [".png", ".jpg"]:
+            raise Exception("Cannot use inspect_file_as_text tool with images: use visualizer instead!")
+
+        if ".zip" in file_path:
+            return result.text_content
+
+        if not question:
+            return result.text_content
+
+        if len(result.text_content) < 4000:
+            return "Document content: " + result.text_content
+
+        messages = [
+            {
+                "role": MessageRole.SYSTEM,
+                "content": [
+                    {
+                        "type": "text",
+                        "text": "Here is a file:\n### "
+                        + str(result.title)
+                        + "\n\n"
+                        + result.text_content[: self.text_limit],
+                    }
+                ],
+            },
+            {
+                "role": MessageRole.USER,
+                "content": [
+                    {
+                        "type": "text",
+                        "text": "Now please write a short, 5 sentence caption for this document, that could help someone asking this question: "
+                        + question
+                        + "\n\nDon't answer the question yourself! Just provide useful notes on the document",
+                    }
+                ],
+            },
+        ]
+        return self.model(messages).content
+
+    def forward(self, file_path, question: Optional[str] = None) -> str:
+        result = self.md_converter.convert(file_path)
+
+        if file_path[-4:] in [".png", ".jpg"]:
+            raise Exception("Cannot use inspect_file_as_text tool with images: use visualizer instead!")
+
+        if ".zip" in file_path:
+            return result.text_content
+
+        if not question:
+            return result.text_content
+
+        messages = [
+            {
+                "role": MessageRole.SYSTEM,
+                "content": [
+                    {
+                        "type": "text",
+                        "text": "You will have to write a short caption for this file, then answer this question:"
+                        + question,
+                    }
+                ],
+            },
+            {
+                "role": MessageRole.USER,
+                "content": [
+                    {
+                        "type": "text",
+                        "text": "Here is the complete file:\n### "
+                        + str(result.title)
+                        + "\n\n"
+                        + result.text_content[: self.text_limit],
+                    }
+                ],
+            },
+            {
+                "role": MessageRole.USER,
+                "content": [
+                    {
+                        "type": "text",
+                        "text": "Now answer the question below. Use these three headings: '1. Short answer', '2. Extremely detailed answer', '3. Additional Context on the document and question asked'."
+                        + question,
+                    }
+                ],
+            },
+        ]
+        return self.model(messages).content

scripts/text_web_browser.py

@@ -0,0 +1,564 @@
+# Shamelessly stolen from Microsoft Autogen team: thanks to them for this great resource!
+# https://github.com/microsoft/autogen/blob/gaia_multiagent_v01_march_1st/autogen/browser_utils.py
+import mimetypes
+import os
+import pathlib
+import re
+import time
+import uuid
+from typing import Any, Dict, List, Optional, Tuple, Union
+from urllib.parse import unquote, urljoin, urlparse
+
+import pathvalidate
+import requests
+from serpapi import GoogleSearch
+# from serpapi.google_search import GoogleSearch
+
+from smolagents import Tool
+
+from .cookies import COOKIES
+from .mdconvert import FileConversionException, MarkdownConverter, UnsupportedFormatException
+
+
+class SimpleTextBrowser:
+    """(In preview) An extremely simple text-based web browser comparable to Lynx. Suitable for Agentic use."""
+
+    def __init__(
+        self,
+        start_page: Optional[str] = None,
+        viewport_size: Optional[int] = 1024 * 8,
+        downloads_folder: Optional[Union[str, None]] = None,
+        serpapi_key: Optional[Union[str, None]] = None,
+        request_kwargs: Optional[Union[Dict[str, Any], None]] = None,
+    ):
+        self.start_page: str = start_page if start_page else "about:blank"
+        self.viewport_size = viewport_size  # Applies only to the standard uri types
+        self.downloads_folder = downloads_folder
+        self.history: List[Tuple[str, float]] = list()
+        self.page_title: Optional[str] = None
+        self.viewport_current_page = 0
+        self.viewport_pages: List[Tuple[int, int]] = list()
+        self.set_address(self.start_page)
+        self.serpapi_key = serpapi_key
+        self.request_kwargs = request_kwargs
+        self.request_kwargs["cookies"] = COOKIES
+        self._mdconvert = MarkdownConverter()
+        self._page_content: str = ""
+
+        self._find_on_page_query: Union[str, None] = None
+        self._find_on_page_last_result: Union[int, None] = None  # Location of the last result
+
+    @property
+    def address(self) -> str:
+        """Return the address of the current page."""
+        return self.history[-1][0]
+
+    def set_address(self, uri_or_path: str, filter_year: Optional[int] = None) -> None:
+        # TODO: Handle anchors
+        self.history.append((uri_or_path, time.time()))
+
+        # Handle special URIs
+        if uri_or_path == "about:blank":
+            self._set_page_content("")
+        elif uri_or_path.startswith("google:"):
+            self._serpapi_search(uri_or_path[len("google:") :].strip(), filter_year=filter_year)
+        else:
+            if (
+                not uri_or_path.startswith("http:")
+                and not uri_or_path.startswith("https:")
+                and not uri_or_path.startswith("file:")
+            ):
+                if len(self.history) > 1:
+                    prior_address = self.history[-2][0]
+                    uri_or_path = urljoin(prior_address, uri_or_path)
+                    # Update the address with the fully-qualified path
+                    self.history[-1] = (uri_or_path, self.history[-1][1])
+            self._fetch_page(uri_or_path)
+
+        self.viewport_current_page = 0
+        self.find_on_page_query = None
+        self.find_on_page_viewport = None
+
+    @property
+    def viewport(self) -> str:
+        """Return the content of the current viewport."""
+        bounds = self.viewport_pages[self.viewport_current_page]
+        return self.page_content[bounds[0] : bounds[1]]
+
+    @property
+    def page_content(self) -> str:
+        """Return the full contents of the current page."""
+        return self._page_content
+
+    def _set_page_content(self, content: str) -> None:
+        """Sets the text content of the current page."""
+        self._page_content = content
+        self._split_pages()
+        if self.viewport_current_page >= len(self.viewport_pages):
+            self.viewport_current_page = len(self.viewport_pages) - 1
+
+    def page_down(self) -> None:
+        self.viewport_current_page = min(self.viewport_current_page + 1, len(self.viewport_pages) - 1)
+
+    def page_up(self) -> None:
+        self.viewport_current_page = max(self.viewport_current_page - 1, 0)
+
+    def find_on_page(self, query: str) -> Union[str, None]:
+        """Searches for the query from the current viewport forward, looping back to the start if necessary."""
+
+        # Did we get here via a previous find_on_page search with the same query?
+        # If so, map to find_next
+        if query == self._find_on_page_query and self.viewport_current_page == self._find_on_page_last_result:
+            return self.find_next()
+
+        # Ok it's a new search start from the current viewport
+        self._find_on_page_query = query
+        viewport_match = self._find_next_viewport(query, self.viewport_current_page)
+        if viewport_match is None:
+            self._find_on_page_last_result = None
+            return None
+        else:
+            self.viewport_current_page = viewport_match
+            self._find_on_page_last_result = viewport_match
+            return self.viewport
+
+    def find_next(self) -> Union[str, None]:
+        """Scroll to the next viewport that matches the query"""
+
+        if self._find_on_page_query is None:
+            return None
+
+        starting_viewport = self._find_on_page_last_result
+        if starting_viewport is None:
+            starting_viewport = 0
+        else:
+            starting_viewport += 1
+            if starting_viewport >= len(self.viewport_pages):
+                starting_viewport = 0
+
+        viewport_match = self._find_next_viewport(self._find_on_page_query, starting_viewport)
+        if viewport_match is None:
+            self._find_on_page_last_result = None
+            return None
+        else:
+            self.viewport_current_page = viewport_match
+            self._find_on_page_last_result = viewport_match
+            return self.viewport
+
+    def _find_next_viewport(self, query: str, starting_viewport: int) -> Union[int, None]:
+        """Search for matches between the starting viewport looping when reaching the end."""
+
+        if query is None:
+            return None
+
+        # Normalize the query, and convert to a regular expression
+        nquery = re.sub(r"\*", "__STAR__", query)
+        nquery = " " + (" ".join(re.split(r"\W+", nquery))).strip() + " "
+        nquery = nquery.replace(" __STAR__ ", "__STAR__ ")  # Merge isolated stars with prior word
+        nquery = nquery.replace("__STAR__", ".*").lower()
+
+        if nquery.strip() == "":
+            return None
+
+        idxs = list()
+        idxs.extend(range(starting_viewport, len(self.viewport_pages)))
+        idxs.extend(range(0, starting_viewport))
+
+        for i in idxs:
+            bounds = self.viewport_pages[i]
+            content = self.page_content[bounds[0] : bounds[1]]
+
+            # TODO: Remove markdown links and images
+            ncontent = " " + (" ".join(re.split(r"\W+", content))).strip().lower() + " "
+            if re.search(nquery, ncontent):
+                return i
+
+        return None
+
+    def visit_page(self, path_or_uri: str, filter_year: Optional[int] = None) -> str:
+        """Update the address, visit the page, and return the content of the viewport."""
+        self.set_address(path_or_uri, filter_year=filter_year)
+        return self.viewport
+
+    def _split_pages(self) -> None:
+        # Do not split search results
+        if self.address.startswith("google:"):
+            self.viewport_pages = [(0, len(self._page_content))]
+            return
+
+        # Handle empty pages
+        if len(self._page_content) == 0:
+            self.viewport_pages = [(0, 0)]
+            return
+
+        # Break the viewport into pages
+        self.viewport_pages = []
+        start_idx = 0
+        while start_idx < len(self._page_content):
+            end_idx = min(start_idx + self.viewport_size, len(self._page_content))  # type: ignore[operator]
+            # Adjust to end on a space
+            while end_idx < len(self._page_content) and self._page_content[end_idx - 1] not in [" ", "\t", "\r", "\n"]:
+                end_idx += 1
+            self.viewport_pages.append((start_idx, end_idx))
+            start_idx = end_idx
+
+    def _serpapi_search(self, query: str, filter_year: Optional[int] = None) -> None:
+        if self.serpapi_key is None:
+            raise ValueError("Missing SerpAPI key.")
+
+        params = {
+            "engine": "google",
+            "q": query,
+            "api_key": self.serpapi_key,
+        }
+        if filter_year is not None:
+            params["tbs"] = f"cdr:1,cd_min:01/01/{filter_year},cd_max:12/31/{filter_year}"
+
+        search = GoogleSearch(params)
+        results = search.get_dict()
+        self.page_title = f"{query} - Search"
+        if "organic_results" not in results.keys():
+            raise Exception(f"No results found for query: '{query}'. Use a less specific query.")
+        if len(results["organic_results"]) == 0:
+            year_filter_message = f" with filter year={filter_year}" if filter_year is not None else ""
+            self._set_page_content(
+                f"No results found for '{query}'{year_filter_message}. Try with a more general query, or remove the year filter."
+            )
+            return
+
+        def _prev_visit(url):
+            for i in range(len(self.history) - 1, -1, -1):
+                if self.history[i][0] == url:
+                    return f"You previously visited this page {round(time.time() - self.history[i][1])} seconds ago.\n"
+            return ""
+
+        web_snippets: List[str] = list()
+        idx = 0
+        if "organic_results" in results:
+            for page in results["organic_results"]:
+                idx += 1
+                date_published = ""
+                if "date" in page:
+                    date_published = "\nDate published: " + page["date"]
+
+                source = ""
+                if "source" in page:
+                    source = "\nSource: " + page["source"]
+
+                snippet = ""
+                if "snippet" in page:
+                    snippet = "\n" + page["snippet"]
+
+                redacted_version = f"{idx}. [{page['title']}]({page['link']}){date_published}{source}\n{_prev_visit(page['link'])}{snippet}"
+
+                redacted_version = redacted_version.replace("Your browser can't play this video.", "")
+                web_snippets.append(redacted_version)
+
+        content = (
+            f"A Google search for '{query}' found {len(web_snippets)} results:\n\n## Web Results\n"
+            + "\n\n".join(web_snippets)
+        )
+
+        self._set_page_content(content)
+
+    def _fetch_page(self, url: str) -> None:
+        download_path = ""
+        try:
+            if url.startswith("file://"):
+                download_path = os.path.normcase(os.path.normpath(unquote(url[7:])))
+                res = self._mdconvert.convert_local(download_path)
+                self.page_title = res.title
+                self._set_page_content(res.text_content)
+            else:
+                # Prepare the request parameters
+                request_kwargs = self.request_kwargs.copy() if self.request_kwargs is not None else {}
+                request_kwargs["stream"] = True
+
+                # Send a HTTP request to the URL
+                response = requests.get(url, **request_kwargs)
+                response.raise_for_status()
+
+                # If the HTTP request was successful
+                content_type = response.headers.get("content-type", "")
+
+                # Text or HTML
+                if "text/" in content_type.lower():
+                    res = self._mdconvert.convert_response(response)
+                    self.page_title = res.title
+                    self._set_page_content(res.text_content)
+                # A download
+                else:
+                    # Try producing a safe filename
+                    fname = None
+                    download_path = None
+                    try:
+                        fname = pathvalidate.sanitize_filename(os.path.basename(urlparse(url).path)).strip()
+                        download_path = os.path.abspath(os.path.join(self.downloads_folder, fname))
+
+                        suffix = 0
+                        while os.path.exists(download_path) and suffix < 1000:
+                            suffix += 1
+                            base, ext = os.path.splitext(fname)
+                            new_fname = f"{base}__{suffix}{ext}"
+                            download_path = os.path.abspath(os.path.join(self.downloads_folder, new_fname))
+
+                    except NameError:
+                        pass
+
+                    # No suitable name, so make one
+                    if fname is None:
+                        extension = mimetypes.guess_extension(content_type)
+                        if extension is None:
+                            extension = ".download"
+                        fname = str(uuid.uuid4()) + extension
+                        download_path = os.path.abspath(os.path.join(self.downloads_folder, fname))
+
+                    # Open a file for writing
+                    with open(download_path, "wb") as fh:
+                        for chunk in response.iter_content(chunk_size=512):
+                            fh.write(chunk)
+
+                    # Render it
+                    local_uri = pathlib.Path(download_path).as_uri()
+                    self.set_address(local_uri)
+
+        except UnsupportedFormatException as e:
+            print(e)
+            self.page_title = ("Download complete.",)
+            self._set_page_content(f"# Download complete\n\nSaved file to '{download_path}'")
+        except FileConversionException as e:
+            print(e)
+            self.page_title = ("Download complete.",)
+            self._set_page_content(f"# Download complete\n\nSaved file to '{download_path}'")
+        except FileNotFoundError:
+            self.page_title = "Error 404"
+            self._set_page_content(f"## Error 404\n\nFile not found: {download_path}")
+        except requests.exceptions.RequestException as request_exception:
+            try:
+                self.page_title = f"Error {response.status_code}"
+
+                # If the error was rendered in HTML we might as well render it
+                content_type = response.headers.get("content-type", "")
+                if content_type is not None and "text/html" in content_type.lower():
+                    res = self._mdconvert.convert(response)
+                    self.page_title = f"Error {response.status_code}"
+                    self._set_page_content(f"## Error {response.status_code}\n\n{res.text_content}")
+                else:
+                    text = ""
+                    for chunk in response.iter_content(chunk_size=512, decode_unicode=True):
+                        text += chunk
+                    self.page_title = f"Error {response.status_code}"
+                    self._set_page_content(f"## Error {response.status_code}\n\n{text}")
+            except NameError:
+                self.page_title = "Error"
+                self._set_page_content(f"## Error\n\n{str(request_exception)}")
+
+    def _state(self) -> Tuple[str, str]:
+        header = f"Address: {self.address}\n"
+        if self.page_title is not None:
+            header += f"Title: {self.page_title}\n"
+
+        current_page = self.viewport_current_page
+        total_pages = len(self.viewport_pages)
+
+        address = self.address
+        for i in range(len(self.history) - 2, -1, -1):  # Start from the second last
+            if self.history[i][0] == address:
+                header += f"You previously visited this page {round(time.time() - self.history[i][1])} seconds ago.\n"
+                break
+
+        header += f"Viewport position: Showing page {current_page + 1} of {total_pages}.\n"
+        return (header, self.viewport)
+
+
+class SearchInformationTool(Tool):
+    name = "web_search"
+    description = "Perform a web search query (think a google search) and returns the search results."
+    inputs = {"query": {"type": "string", "description": "The web search query to perform."}}
+    inputs["filter_year"] = {
+        "type": "string",
+        "description": "[Optional parameter]: filter the search results to only include pages from a specific year. For example, '2020' will only include pages from 2020. Make sure to use this parameter if you're trying to search for articles from a specific date!",
+        "nullable": True,
+    }
+    output_type = "string"
+
+    def __init__(self, browser):
+        super().__init__()
+        self.browser = browser
+
+    def forward(self, query: str, filter_year: Optional[int] = None) -> str:
+        self.browser.visit_page(f"google: {query}", filter_year=filter_year)
+        header, content = self.browser._state()
+        return header.strip() + "\n=======================\n" + content
+
+
+class VisitTool(Tool):
+    name = "visit_page"
+    description = "Visit a webpage at a given URL and return its text. Given a url to a YouTube video, this returns the transcript."
+    inputs = {"url": {"type": "string", "description": "The relative or absolute url of the webapge to visit."}}
+    output_type = "string"
+
+    def __init__(self, browser):
+        super().__init__()
+        self.browser = browser
+
+    def forward(self, url: str) -> str:
+        self.browser.visit_page(url)
+        header, content = self.browser._state()
+        return header.strip() + "\n=======================\n" + content
+
+
+class DownloadTool(Tool):
+    name = "download_file"
+    description = """
+Download a file at a given URL. The file should be of this format: [".xlsx", ".pptx", ".wav", ".mp3", ".png", ".docx"]
+After using this tool, for further inspection of this page you should return the download path to your manager via final_answer, and they will be able to inspect it.
+DO NOT use this tool for .pdf or .txt or .htm files: for these types of files use visit_page with the file url instead."""
+    inputs = {"url": {"type": "string", "description": "The relative or absolute url of the file to be downloaded."}}
+    output_type = "string"
+
+    def __init__(self, browser):
+        super().__init__()
+        self.browser = browser
+
+    def forward(self, url: str) -> str:
+        if "arxiv" in url:
+            url = url.replace("abs", "pdf")
+        response = requests.get(url)
+        content_type = response.headers.get("content-type", "")
+        extension = mimetypes.guess_extension(content_type)
+        if extension and isinstance(extension, str):
+            new_path = f"./downloads/file{extension}"
+        else:
+            new_path = "./downloads/file.object"
+
+        with open(new_path, "wb") as f:
+            f.write(response.content)
+
+        if "pdf" in extension or "txt" in extension or "htm" in extension:
+            raise Exception("Do not use this tool for pdf or txt or html files: use visit_page instead.")
+
+        return f"File was downloaded and saved under path {new_path}."
+
+
+class ArchiveSearchTool(Tool):
+    name = "find_archived_url"
+    description = "Given a url, searches the Wayback Machine and returns the archived version of the url that's closest in time to the desired date."
+    inputs = {
+        "url": {"type": "string", "description": "The url you need the archive for."},
+        "date": {
+            "type": "string",
+            "description": "The date that you want to find the archive for. Give this date in the format 'YYYYMMDD', for instance '27 June 2008' is written as '20080627'.",
+        },
+    }
+    output_type = "string"
+
+    def __init__(self, browser):
+        super().__init__()
+        self.browser = browser
+
+    def forward(self, url, date) -> str:
+        no_timestamp_url = f"https://archive.org/wayback/available?url={url}"
+        archive_url = no_timestamp_url + f"&timestamp={date}"
+        response = requests.get(archive_url).json()
+        response_notimestamp = requests.get(no_timestamp_url).json()
+        if "archived_snapshots" in response and "closest" in response["archived_snapshots"]:
+            closest = response["archived_snapshots"]["closest"]
+            print("Archive found!", closest)
+
+        elif "archived_snapshots" in response_notimestamp and "closest" in response_notimestamp["archived_snapshots"]:
+            closest = response_notimestamp["archived_snapshots"]["closest"]
+            print("Archive found!", closest)
+        else:
+            raise Exception(f"Your {url=} was not archived on Wayback Machine, try a different url.")
+        target_url = closest["url"]
+        self.browser.visit_page(target_url)
+        header, content = self.browser._state()
+        return (
+            f"Web archive for url {url}, snapshot taken at date {closest['timestamp'][:8]}:\n"
+            + header.strip()
+            + "\n=======================\n"
+            + content
+        )
+
+
+class PageUpTool(Tool):
+    name = "page_up"
+    description = "Scroll the viewport UP one page-length in the current webpage and return the new viewport content."
+    inputs = {}
+    output_type = "string"
+
+    def __init__(self, browser):
+        super().__init__()
+        self.browser = browser
+
+    def forward(self) -> str:
+        self.browser.page_up()
+        header, content = self.browser._state()
+        return header.strip() + "\n=======================\n" + content
+
+
+class PageDownTool(Tool):
+    name = "page_down"
+    description = (
+        "Scroll the viewport DOWN one page-length in the current webpage and return the new viewport content."
+    )
+    inputs = {}
+    output_type = "string"
+
+    def __init__(self, browser):
+        super().__init__()
+        self.browser = browser
+
+    def forward(self) -> str:
+        self.browser.page_down()
+        header, content = self.browser._state()
+        return header.strip() + "\n=======================\n" + content
+
+
+class FinderTool(Tool):
+    name = "find_on_page_ctrl_f"
+    description = "Scroll the viewport to the first occurrence of the search string. This is equivalent to Ctrl+F."
+    inputs = {
+        "search_string": {
+            "type": "string",
+            "description": "The string to search for on the page. This search string supports wildcards like '*'",
+        }
+    }
+    output_type = "string"
+
+    def __init__(self, browser):
+        super().__init__()
+        self.browser = browser
+
+    def forward(self, search_string: str) -> str:
+        find_result = self.browser.find_on_page(search_string)
+        header, content = self.browser._state()
+
+        if find_result is None:
+            return (
+                header.strip()
+                + f"\n=======================\nThe search string '{search_string}' was not found on this page."
+            )
+        else:
+            return header.strip() + "\n=======================\n" + content
+
+
+class FindNextTool(Tool):
+    name = "find_next"
+    description = "Scroll the viewport to next occurrence of the search string. This is equivalent to finding the next match in a Ctrl+F search."
+    inputs = {}
+    output_type = "string"
+
+    def __init__(self, browser):
+        super().__init__()
+        self.browser = browser
+
+    def forward(self) -> str:
+        find_result = self.browser.find_next()
+        header, content = self.browser._state()
+
+        if find_result is None:
+            return header.strip() + "\n=======================\nThe search string was not found on this page."
+        else:
+            return header.strip() + "\n=======================\n" + content

scripts/tools_mcp.py

@@ -0,0 +1,44 @@
+"""MCP tools for vulnerability search and report generation."""
+
+from smolagents import Tool
+import json
+import os
+from datetime import datetime
+from gradio_mcp import tool
+from scripts.cvedb_tool import CVEDBTool
+from scripts.nvd_tool import NvdTool
+from scripts.kevin_tool import KevinTool
+from scripts.epss_tool import EpsTool
+from scripts.report_generator import ReportGeneratorTool
+
+# Instancias de las herramientas existentes
+cvedb_tool = CVEDBTool()
+nvd_tool = NvdTool()
+kevin_tool = KevinTool()
+epss_tool = EpsTool()
+report_tool = ReportGeneratorTool()
+
+@tool
+def search_cvedb(search_type: str, identifier: str) -> str:
+    """Search for vulnerabilities in CVEDB by CVE or product."""
+    return cvedb_tool.forward(search_type, identifier)
+
+@tool
+def search_nvd(search_type: str, identifier: str, exact_match: bool = False) -> str:
+    """Search for vulnerabilities in NVD by CVE or keyword."""
+    return nvd_tool.forward(search_type, identifier, exact_match)
+
+@tool
+def search_kevin(search_type: str, identifier: str) -> str:
+    """Search for known exploited vulnerabilities (KEV) by CVE or keyword."""
+    return kevin_tool.forward(search_type, identifier)
+
+@tool
+def search_epss(cve_id: str, date: str) -> str:
+    """Search for EPSS score for a specific CVE."""
+    return epss_tool.forward(cve_id, date)
+
+@tool
+def generate_vulnerability_report(vulnerability_data: str, report_type: str) -> str:
+    """Generate an interactive HTML vulnerability report from JSON data."""
+    return report_tool.forward(vulnerability_data, report_type) 

scripts/visual_qa.py

@@ -0,0 +1,120 @@
+import base64
+import json
+import mimetypes
+import os
+import uuid
+from io import BytesIO
+from typing import Optional
+
+import requests
+from dotenv import load_dotenv
+from PIL import Image
+
+from smolagents import Tool, tool
+
+
+load_dotenv(override=True)
+
+
+def encode_image(image_path):
+    if image_path.startswith("http"):
+        user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Edg/119.0.0.0"
+        request_kwargs = {
+            "headers": {"User-Agent": user_agent},
+            "stream": True,
+        }
+
+        # Send a HTTP request to the URL
+        response = requests.get(image_path, **request_kwargs)
+        response.raise_for_status()
+        content_type = response.headers.get("content-type", "")
+
+        extension = mimetypes.guess_extension(content_type)
+        if extension is None:
+            extension = ".download"
+
+        fname = str(uuid.uuid4()) + extension
+        download_path = os.path.abspath(os.path.join("downloads", fname))
+
+        with open(download_path, "wb") as fh:
+            for chunk in response.iter_content(chunk_size=512):
+                fh.write(chunk)
+
+        image_path = download_path
+
+    with open(image_path, "rb") as image_file:
+        return base64.b64encode(image_file.read()).decode("utf-8")
+
+
+def resize_image(image_path):
+    img = Image.open(image_path)
+    width, height = img.size
+    img = img.resize((int(width / 2), int(height / 2)))
+    new_image_path = f"resized_{image_path}"
+    img.save(new_image_path)
+    return new_image_path
+
+
+@tool
+def visualizer(image_path: str, question: Optional[str] = None) -> str:
+    """A tool that can answer questions about attached images.
+
+    Args:
+        image_path: The path to the image on which to answer the question. This should be a local path to downloaded image.
+        question: The question to answer.
+    """
+    if not isinstance(image_path, str):
+        raise Exception("You should provide at least `image_path` string argument to this tool!")
+
+    add_note = False
+    if not question:
+        add_note = True
+        question = "Please write a detailed caption for this image."
+
+    mime_type, _ = mimetypes.guess_type(image_path)
+    base64_image = encode_image(image_path)
+
+    # Configuración para Ollama
+    model_id = os.getenv("MODEL_ID", "qwen2.5-coder:3b")
+    api_base = os.getenv("OPENAI_API_BASE", "http://localhost:11434/v1")
+    api_key = os.getenv("OPENAI_API_KEY", "ollama")
+
+    headers = {
+        "Content-Type": "application/json",
+        "Authorization": f"Bearer {api_key}"
+    }
+
+    payload = {
+        "model": model_id,
+        "messages": [
+            {
+                "role": "user",
+                "content": [
+                    {"type": "text", "text": question},
+                    {"type": "image_url", "image_url": {"url": f"data:{mime_type};base64,{base64_image}"}},
+                ],
+            }
+        ],
+        "max_tokens": 1000,
+    }
+
+    try:
+        response = requests.post(f"{api_base}/chat/completions", headers=headers, json=payload)
+        response.raise_for_status()
+        output = response.json()["choices"][0]["message"]["content"]
+    except Exception as e:
+        print(f"Error processing image: {str(e)}")
+        if "Payload Too Large" in str(e):
+            new_image_path = resize_image(image_path)
+            base64_image = encode_image(new_image_path)
+            payload["messages"][0]["content"][1]["image_url"]["url"] = f"data:{mime_type};base64,{base64_image}"
+            response = requests.post(f"{api_base}/chat/completions", headers=headers, json=payload)
+            response.raise_for_status()
+            output = response.json()["choices"][0]["message"]["content"]
+        else:
+            raise Exception(f"Error processing image: {str(e)}")
+
+    if add_note:
+        output = f"You did not provide a particular question, so here is a detailed caption for the image: {output}"
+
+    return output

set-env.bat

@@ -0,0 +1,11 @@
+REM siliconflow rate limited, wont work for deep-research
+REM set OPENAI_API_BASE=https://api.siliconflow.cn/v1
+REM set OPENAI_API_KEY=%SILICONFLOW_API_KEY%
+REM set MODEL_ID=openai/deepseek-ai/DeepSeek-V3
+
+set OPENAI_API_BASE=https://litellm.dattw.eu.org/v1
+set OPENAI_API_KEY=%LITELLM_API_KEY%
+set MODEL_ID=Qwen/Qwen2.5-Coder-32B-Instruct
+
+REM set SERPAPI_API_KEY=b84...
+REM set HF_TOKEN=hf_yC...

try-litellm.py

@@ -0,0 +1,25 @@
+import os
+
+from smolagents import (
+    # MANAGED_AGENT_PROMPT,
+    CodeAgent,
+    HfApiModel,
+    LiteLLMModel,
+    Model,
+    ToolCallingAgent,
+)
+
+custom_role_conversions = {"tool-call": "assistant", "tool-response": "user"}
+
+model = LiteLLMModel(
+    # "gpt-4o",
+    # os.getenv("MODEL_ID", "gpt-4o-mini"),
+    os.getenv("MODEL_ID", "deepseek-ai/DeepSeek-V3"),
+    custom_role_conversions=custom_role_conversions,
+    api_base=os.getenv("OPENAI_API_BASE"),
+    api_key=os.getenv("OPENAI_API_KEY"),
+)
+
+print(model)
+
+print(model.invoke("Say this is a test"))