HECTOR is a cybersecurity tool that converts raw Nmap scan results into prioritized, explainable risk insights.
Unlike traditional scanners that only list open ports, HECTOR identifies: what is risky, why it is risky, and what should be prioritized for remediation.
HECTOR uses a hybrid risk scoring model combining:
- Heuristic risk (H) — domain knowledge of services
- CVSS score (C) — real-time CVE data from NVD
- Port weight (W) — contextual exposure relevance
Final Score = (0.4H + 0.6C) × W (with fallback logic when data is unavailable)
The primary contribution of this project is the design and implementation of an explainable hybrid risk-scoring engine.
The model combines:
- Heuristic service risk knowledge (domain-specific rules)
- CVSS-based vulnerability intelligence (NVD integration)
- Port-level contextual weighting (practical exposure sensitivity)
These components are fused into a single normalized risk score, which is further mapped to operational severity levels (LOW, MEDIUM, HIGH, CRITICAL).
This approach ensures that the system:
- Accounts for real-world context, not just theoretical severity
- Maintains interpretability, with full visibility into scoring factors
- Supports prioritization, enabling efficient remediation decisions
The system follows a modular pipeline:
For each open port:
- Risk score (0–10)
- Severity (LOW → CRITICAL)
- CVE mapping
- Attack classification
- Full scoring breakdown (transparent and auditable)
- Combines heuristics, CVSS, and contextual weighting
- Produces more realistic prioritization than single-source models
- Complete visibility into scoring components
- No black-box logic; fully reproducible results
- Live NVD integration
- Service-to-vulnerability mapping
- Contextual enrichment of scan findings
- Snapshot-based scan history
- Tracks evolution of risk over time
- Nmap-based scanning engine
- Supports IPs, domains, and URLs
- Input normalization with single-target enforcement
| Layer | Technology | Rationale |
|---|---|---|
| Frontend | React | Structured, modular UI for analytical workflows |
| Backend | Flask (Python) | Lightweight API layer for orchestration |
| Scanning | Nmap | Industry-standard network discovery tool |
| Risk Engine | Python | Flexibility for custom scoring logic |
| Data Source | NVD (CVE) | Authoritative vulnerability intelligence |
| Storage | Local persistence | Efficient snapshot-based history tracking |
- Hybrid scoring model (heuristics + CVE + context)
- Fully explainable risk computation
- Temporal tracking of exposure
- Converts scan results into actionable priorities
- Reduces manual analysis overhead
- Enables consistent and auditable risk assessment
- Supports continuous monitoring of security posture
HECTOR is an explainable vulnerability triage system that integrates scanning, enrichment, and scoring into a single pipeline.
Its value lies in interpreting and prioritizing exposure with clarity, context, and transparency.
HECTOR does not just detect vulnerabilities — it prioritizes and explains them.