diff --git a/.gitignore b/.gitignore
index 2fc4abd..2699056 100644
--- a/.gitignore
+++ b/.gitignore
@@ -81,3 +81,6 @@ target/
 
 #Ipython Notebook
 .ipynb_checkpoints
+
+# webmap PDF report
+static/*.pdf
diff --git a/api.py b/api.py
index 2174ee5..5f394b7 100644
--- a/api.py
+++ b/api.py
@@ -1,6 +1,6 @@
 from django.shortcuts import render
 from django.http import HttpResponse
-import xmltodict, json, html, os, hashlib, re
+import xmltodict, json, html, os, hashlib, re, requests
 from collections import OrderedDict
 
 def rmNotes(request, hashstr):
@@ -103,3 +103,27 @@ def genPDF(request):
 		os.popen('/opt/wkhtmltox/bin/wkhtmltopdf --cookie sessionid '+request.session._session_key+' --enable-javascript --javascript-delay 6000 http://127.0.0.1:8000/view/pdf/ /opt/nmapdashboard/nmapreport/static/'+pdffile+'.pdf')
 		res = {'ok':'PDF created', 'file':'/static/'+pdffile+'.pdf'}
 		return HttpResponse(json.dumps(res), content_type="application/json")
+
+def getCVE(request):
+	res = {}
+
+	if request.method == "POST":
+		scanfilemd5 = hashlib.md5(str(request.session['scanfile']).encode('utf-8')).hexdigest()
+		hostmd5 = hashlib.md5(str(request.POST['host']).encode('utf-8')).hexdigest()
+		portmd5 = hashlib.md5(str(request.POST['port']).encode('utf-8')).hexdigest()
+
+		# request.POST['host']
+		r = requests.get('http://cve.circl.lu/api/cvefor/'+request.POST['cpe'])
+
+		if request.POST['host'] not in res:
+			res[request.POST['host']] = {}
+
+		cvejson = r.json()
+
+		if type(cvejson) is list and len(cvejson) > 0:
+			res[request.POST['host']][request.POST['port']] = cvejson[0]
+			f = open('/opt/notes/'+scanfilemd5+'_'+hostmd5+'.'+request.POST['port']+'.cve', 'w')
+			f.write(json.dumps(cvejson))
+			f.close()
+
+		return HttpResponse(json.dumps(res), content_type="application/json")
diff --git a/pdf.py b/pdf.py
index 738b7ea..3f66d12 100644
--- a/pdf.py
+++ b/pdf.py
@@ -22,6 +22,21 @@ def reportPDFView(request):
 	counters = {'po':0,'pc':0,'pf':0,'hostsup':0,'ostype':{},'pi':{},'ss':{}}
 
 	scanmd5 = hashlib.md5(str(request.session['scanfile']).encode('utf-8')).hexdigest()
+
+	# collect all cve in cvehost dict
+	cvehost = {}
+	cvefiles = os.listdir('/opt/notes')
+	for cf in cvefiles:
+		m = re.match('^('+scanmd5+')_([a-z0-9]{32,32})\.([0-9]+)\.cve$', cf)
+		if m is not None:
+			if m.group(1) not in cvehost:
+				cvehost[m.group(1)] = {}
+
+			if m.group(2) not in cvehost[m.group(1)]:
+				cvehost[m.group(1)][m.group(2)] = {}
+
+			cvehost[m.group(1)][m.group(2)][m.group(3)] = open('/opt/notes/'+cf, 'r').read()
+
 	for ik in o['host']:
 
 		# this fix single host report
@@ -184,6 +199,35 @@ def reportPDFView(request):
 				'</div>'
 
 
+		cveout,cveout_html = '',''
+		if scanmd5 in cvehost:
+			if addressmd5 in cvehost[scanmd5]:
+				for cveport in cvehost[scanmd5][addressmd5]:
+					cvejson = json.loads(cvehost[scanmd5][addressmd5][cveport])
+					for cveobj in cvejson:
+
+						cverefout = ''
+						for cveref in cveobj['references']:
+							cverefout += '<a href="'+cveref+'">'+cveref+'</a><br>'
+
+						cveexdbout = ''
+						if 'exploit-db' in cveobj:
+							cveexdbout = '<br><div class="small" style="line-height:20px;"><b>Exploit DB:</b><br>'
+							for cveexdb in cveobj['exploit-db']:
+								if 'title' in cveexdb:
+									cveexdbout += '<a href="'+cveexdb['source']+'">'+html.escape(cveexdb['title'])+'</a><br>'
+							cveexdbout += '</div>'
+
+						cveout += '<div style="line-height:28px;padding:10px;margin-top:10px;border-bottom:solid #ccc 1px;">'+\
+						'	<span class="label red">'+html.escape(cveobj['id'])+'</span> '+html.escape(cveobj['summary'])+'<br><br>'+\
+						'	<div class="small" style="line-height:20px;"><b>References:</b><br>'+cverefout+'</div>'+\
+						cveexdbout+\
+						'</div>'
+
+				cveout_html = '<div style="page-break-before: always;">'+\
+				'	<h3>CVE List for '+saddress+':</h3>'+\
+				cveout+\
+				'</div>'
 
 		if i['status']['@state'] == 'up':
 			hostdetails_html += '<div class="row margintb">'+\
@@ -196,7 +240,8 @@ def reportPDFView(request):
 			hostdetails_html_tr+\
 			'</tbody></table></div>'+\
 			'<div class="">'+portdetails_html_tr+'</div>'+\
-			notesout
+			notesout+\
+			cveout_html
 
 		if portsfound is True:
 			# r['out'] += '1,'
@@ -334,7 +379,7 @@ def reportPDFView(request):
 	r['html'] += ''+\
 	'<div style="page-break-before: always;">'+\
 	'	<div>'+\
-	'		<div style="text-align:center;padding-top:600px;"><b>Generated with</b><br>'+\
+	'		<div style="text-align:center;padding-top:600px;"><b>Generated by</b><br>'+\
 	'			<img src="/static/logoblack.png" style="height:60px;" /><br>'+\
 	'			<a href="https://github.com/Rev3rseSecurity/WebMap">https://github.com/Rev3rseSecurity/WebMap</a>'+\
 	'		</div>'+\
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..5109f05
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,2 @@
+requests
+xmltodict
diff --git a/static/async.js b/static/async.js
index 14fb5b5..67d4e9c 100644
--- a/static/async.js
+++ b/static/async.js
@@ -2,6 +2,74 @@ $(document).ready(function() {
 	// doc ready
 });
 
+var cpetot = 0;
+var cpetimer;
+function checkCVE() {
+	cpe = JSON.parse(atob(decodeURIComponent($('#cpestring').val())));
+	csrftoken = $('input[name="csrfmiddlewaretoken"]').val();
+	console.log(cpe);
+	/* $.get('http://cve.circl.lu/api/cvefor/cpe:/a:openbsd:openssh:7.6').done(function(d) {
+		console.log(d);
+	}); */
+
+	$('#modal1').css('background-color','#3e3e3e');
+	$('#modaltitle').html('Looking for CVE and Exploits');
+	$('#modalbody').html(
+		'This process could take a while, please wait...'+
+		'<div class="progress"><div class="indeterminate"></div></div>'
+	);
+	$('#modalfooter').html('');
+	$('#modal1').modal('open');
+
+	cpetot = Object.keys(cpe).length;
+	console.log(cpetot);
+
+	for(host in cpe) {
+		for(port in cpe[host]) {
+			for(cpestr in cpe[host][port]) {
+				if(/^cpe:.+:.+:.+:.*$/.test(cpestr)) {
+					console.log(cpestr);
+					$.post('/report/api/getcve/', {
+						'cpe': cpestr,
+						'host':host,
+						'port':port,
+						'csrfmiddlewaretoken': csrftoken
+					}).done(function(d) {
+						console.log(d);
+						for(rhost in d) {
+							for(rport in d[rhost]) {
+								$('#modalbody').append('<div class="small"><i>Received: '+d[rhost][rport]['id']+' host:'+rhost+' port:'+rport+'</i></div>');
+							}
+						}
+					}).always(function() { cpetot = (cpetot - 1); });
+				} else {
+					cpetot = (cpetot - 1);
+				}
+
+				console.log(cpetot);
+			}
+		}
+	}
+
+	cpetimer = setInterval(function() {
+		if(checkCPETOT()) {
+			console.log('END');
+			window.clearInterval(cpetimer);
+			$('#modalbody').html('Done. Please, reload this page by clicking on Reload button.');
+			$('#modalfooter').html('<button class="btn blue" onclick="javascript:location.reload();">Reload</button>');
+		}
+	}, 2000);
+
+}
+
+function checkCPETOT() {
+	if(cpetot <= 0) {
+		return true;
+	} else {
+		return false;
+	}
+}
+
 function genPDF(md5scan) {
 	if(/^[a-f0-9]{32,32}$/.test(md5scan)) {
 		$.get('/report/api/pdf/').done(function(data) {
diff --git a/urls.py b/urls.py
index e2e3626..17924dd 100644
--- a/urls.py
+++ b/urls.py
@@ -11,6 +11,7 @@
 	path('api/setlabel/<objtype>/<label>/<hashstr>/', api.label, name='api_label'),
 	path('api/rmlabel/<objtype>/<hashstr>/', api.rmlabel, name='api_rmlabel'),
 	path('api/pdf/', api.genPDF, name='genPDF'),
+	path('api/getcve/', api.getCVE, name='getCVE'),
 	path('api/savenotes/', api.saveNotes, name='genPDF'),
 	path('api/rmnotes/<hashstr>/', api.rmNotes, name='api_rmnotes'),
 	path('api/<address>/<portid>/', api.port_details, name='api_port'),
diff --git a/views.py b/views.py
index 846f43e..f8c6dfc 100644
--- a/views.py
+++ b/views.py
@@ -55,6 +55,21 @@ def details(request, address):
 				noteshost[m.group(1)] = {}
 			noteshost[m.group(1)][m.group(2)] = open('/opt/notes/'+nf, 'r').read()
 
+	# collect all cve in cvehost dict
+	cvehost = {}
+	cvefiles = os.listdir('/opt/notes')
+	for cf in cvefiles:
+		m = re.match('^('+scanmd5+')_([a-z0-9]{32,32})\.([0-9]+)\.cve$', cf)
+		if m is not None:
+			if m.group(1) not in cvehost:
+				cvehost[m.group(1)] = {}
+
+			if m.group(2) not in cvehost[m.group(1)]:
+				cvehost[m.group(1)][m.group(2)] = {}
+
+			cvehost[m.group(1)][m.group(2)][m.group(3)] = open('/opt/notes/'+cf, 'r').read()
+
+
 
 	r['trhead'] = '<tr><th>Port</th><th style="width:300px;">Product / Version</th><th>Extra Info</th><th>&nbsp;</th></tr>'
 	pel=0
@@ -182,11 +197,12 @@ def details(request, address):
 		if type(ik) is not dict:
 			break;
 
+	r['table'] = ''
 	notesout,notesb64,removenotes = '','',''
 	if scanmd5 in noteshost:
 		if addressmd5 in noteshost[scanmd5]:
 			notesb64 = noteshost[scanmd5][addressmd5]
-			r['table'] = '<div class="card" style="background-color:#3e3e3e;">'+\
+			r['table'] += '<div class="card" style="background-color:#3e3e3e;">'+\
 			'	<div class="card-content"><h5>Notes</h5>'+\
 			'		'+base64.b64decode(urllib.parse.unquote(notesb64)).decode('ascii')+\
 			'	</div>'+\
@@ -195,8 +211,37 @@ def details(request, address):
 			#notesout = '<br><a id="noteshost'+str(hostindex)+'" href="#!" onclick="javascript:openNotes(\''+hashlib.md5(str(address).encode('utf-8')).hexdigest()+'\', \''+notesb64+'\');" class="small"><i class="fas fa-comment"></i> contains notes</a>'
 			#removenotes = '<li><a href="#!" onclick="javascript:removeNotes(\''+addressmd5+'\', \''+str(hostindex)+'\');">Remove notes</a></li>'
 
-
-
+	cveout = ''
+	if scanmd5 in cvehost:
+		if addressmd5 in cvehost[scanmd5]:
+			for cveport in cvehost[scanmd5][addressmd5]:
+				cvejson = json.loads(cvehost[scanmd5][addressmd5][cveport])
+				r['out'] = json.dumps(cvejson, indent=4)
+				for cveobj in cvejson:
+
+					cverefout = ''
+					for cveref in cveobj['references']:
+						cverefout += '<a href="'+cveref+'">'+cveref+'</a><br>'
+
+					cveexdbout = ''
+					if 'exploit-db' in cveobj:
+						cveexdbout = '<br><div class="small" style="line-height:20px;"><b>Exploit DB:</b><br>'
+						for cveexdb in cveobj['exploit-db']:
+							if 'title' in cveexdb:
+								cveexdbout += '<a href="'+cveexdb['source']+'">'+html.escape(cveexdb['title'])+'</a><br>'
+						cveexdbout += '</div>'
+
+					cveout += '<div style="line-height:28px;padding:10px;border:solid #333 1px;border-radius:4px;margin-top:10px;">'+\
+					'	<span class="label red">'+html.escape(cveobj['id'])+'</span> '+html.escape(cveobj['summary'])+'<br><br>'+\
+					'	<div class="small" style="line-height:20px;"><b>References:</b><br>'+cverefout+'</div>'+\
+					cveexdbout+\
+					'</div>'
+
+			r['table'] += '<div class="card" style="background-color:#3e3e3e;">'+\
+			'	<div class="card-content"><span class="card-title">CVE LIST:</span>'+\
+			cveout+\
+			'	</div>'+\
+			'</div>'
 
 	r['pretable'] = '<script> '+\
 	'$(document).ready(function() { '+\
@@ -225,7 +270,6 @@ def index(request, filterservice="", filterportid=""):
 		# no file selected
 		xmlfiles = os.listdir('/opt/xml')
 
-
 		r['table'] = '<div class="" style="border-top:solid #444 1px;"><br>'+\
 		'		Put your Nmap XML files in <span class="tmlabel grey-text" style="background-color:transparent;">/opt/xml/</span> directory, example:<br><br>'+\
 		'		<div class="tmlabel black grey-text" style="padding:10px;font-size:14px;">nmap -A -T4 -oX myscan.xml 192.168.1.0/24<br>'+\
@@ -251,7 +295,6 @@ def index(request, filterservice="", filterportid=""):
 		'	</div>'+\
 		'</div>'
 
-
 		r['scaninfo'] = '<span class="card-title">Select a Nmap XML file</span><p>Nmap XML files: '+ str(len(xmlfiles)) +'</p>'
 
 		r['trhost'] = ''
@@ -294,6 +337,7 @@ def index(request, filterservice="", filterportid=""):
 	'	<ul>'+\
 	'		<li><a class="btn-floating red tooltipped" data-position="left" data-tooltip="PDF Report" onclick="javascript:genPDF(\''+scanmd5+'\');"><i class="material-icons">insert_chart</i></a></li>'+\
 	'		<li><a class="btn-floating blue darken-1 tooltipped" data-position="left" data-tooltip="Hide/Show hosts with no open ports" onclick="javascript:$(\'.zeroportopen\').fadeToggle();"><i class="material-icons">view_day</i></a></li>'+\
+	'		<li><a class="btn-floating orange tooltipped" data-position="left" data-tooltip="Check for CVE and Exploits on all hosts" onclick="javascript:checkCVE();"><i class="fas fa-bolt"></i></a></li>'+\
 	'	</ul>'+\
 	'</div>'
 
@@ -317,13 +361,25 @@ def index(request, filterservice="", filterportid=""):
 				noteshost[m.group(1)] = {}
 			noteshost[m.group(1)][m.group(2)] = open('/opt/notes/'+nf, 'r').read()
 
+	# collect all cve in cvehost dict
+	cvehost = {}
+	cvefiles = os.listdir('/opt/notes')
+	for cf in cvefiles:
+		m = re.match('^('+scanmd5+')_([a-z0-9]{32,32})\.([0-9]+)\.cve$', cf)
+		if m is not None:
+			if m.group(1) not in cvehost:
+				cvehost[m.group(1)] = {}
+
+			if m.group(2) not in cvehost[m.group(1)]:
+				cvehost[m.group(1)][m.group(2)] = {}
+
+			cvehost[m.group(1)][m.group(2)][m.group(3)] = open('/opt/notes/'+cf, 'r').read()
+
 	tableout = ''
 	hostsup = 0
-	ports = { 'open': 0, 'closed': 0, 'filtered': 0 }
-	allostypelist = {}
-	sscount = {}
-	picount = {}
 	hostindex = 1
+	ports = { 'open': 0, 'closed': 0, 'filtered': 0 }
+	allostypelist, sscount, picount, cpe = {}, {}, {}, {}
 
 	r['trhost'] = ''
 	r['trhead'] = '<tr><th width="260">Host</th><th>Port State</th><th width="160" style="text-align:center;">Tot Ports</th><th width="200">Services</th><th width="200">Ports</th><th>&nbsp;</th></tr>'
@@ -348,6 +404,15 @@ def index(request, filterservice="", filterportid=""):
 		ss,pp,ost = {},{},{}
 		lastportid = 0
 
+		if '@addr' in i['address']:
+			address = i['address']['@addr']
+		elif type(i['address']) is list:
+			for ai in i['address']:
+				if ai['@addrtype'] == 'ipv4':
+					address = ai['@addr'] 
+
+		addressmd5 = hashlib.md5(str(address).encode('utf-8')).hexdigest()
+
 		striggered = False
 		if 'ports' in i and 'port' in i['ports']:
 			for pobj in i['ports']['port']:
@@ -370,6 +435,21 @@ def index(request, filterservice="", filterportid=""):
 				ss[p['service']['@name']] = p['service']['@name']
 				pp[p['@portid']] = p['@portid']
 
+				# cpehtml = ''
+				cpe[address] = {}
+				if 'cpe' in p['service']:
+					if type(p['service']['cpe']) is list:
+						for cpei in p['service']['cpe']:
+							if p['@portid'] not in cpe[address]:
+								cpe[address][p['@portid']] = {}
+
+							cpe[address][p['@portid']][cpei] = cpei
+					else:
+						if p['@portid'] not in cpe[address]:
+							cpe[address][p['@portid']] = {}
+
+						cpe[address][p['@portid']][p['service']['cpe']] = p['service']['cpe']
+
 				if '@ostype' in p['service']:
 					if p['service']['@ostype'] in allostypelist:
 						allostypelist[p['service']['@ostype']] = (allostypelist[p['service']['@ostype']] +1)
@@ -387,7 +467,6 @@ def index(request, filterservice="", filterportid=""):
 					picount[p['@portid']] = (picount[p['@portid']] + 1)
 				else:
 					picount[p['@portid']] = 1
-
 					
 				if p['state']['@state'] == 'closed':
 					ports['closed'] = (ports['closed'] + 1)
@@ -421,14 +500,6 @@ def index(request, filterservice="", filterportid=""):
 			if po == 0:
 				poclass = 'zeroportopen'
 
-			if '@addr' in i['address']:
-				address = i['address']['@addr']
-			elif type(i['address']) is list:
-				for ai in i['address']:
-					if ai['@addrtype'] == 'ipv4':
-						address = ai['@addr'] 
-
-			addressmd5 = hashlib.md5(str(address).encode('utf-8')).hexdigest()
 			labelout = '<span id="hostlabel'+str(hostindex)+'"></span>'
 			if scanmd5 in labelhost:
 				if addressmd5 in labelhost[scanmd5]:
@@ -443,6 +514,18 @@ def index(request, filterservice="", filterportid=""):
 					notesout = '<br><a id="noteshost'+str(hostindex)+'" href="#!" onclick="javascript:openNotes(\''+hashlib.md5(str(address).encode('utf-8')).hexdigest()+'\', \''+notesb64+'\');" class="small"><i class="fas fa-comment"></i> contains notes</a>'
 					removenotes = '<li><a href="#!" onclick="javascript:removeNotes(\''+addressmd5+'\', \''+str(hostindex)+'\');">Remove notes</a></li>'
 
+			cveout = ''
+			cvecount = 0
+			if scanmd5 in cvehost:
+				if addressmd5 in cvehost[scanmd5]:
+					for cveport in cvehost[scanmd5][addressmd5]:
+						cvejson = json.loads(cvehost[scanmd5][addressmd5][cveport])
+						for cveobj in cvejson:
+							cvecount = (cvecount + 1)
+
+					cveout = '<br><span class="small grey-text"><i class="fas fa-exclamation-triangle orange-text"></i> '+str(cvecount)+' CVE found</span>'
+					# removenotes = '<li><a href="#!" onclick="javascript:removeNotes(\''+addressmd5+'\', \''+str(hostindex)+'\');">Remove notes</a></li>'
+
 			if (filterservice != "" and striggered is True) or (filterportid != "" and striggered is True) or (filterservice == "" and filterportid == ""):
 				portstateout = '<td style="font-size:10px;color:#999;width:300px;"><div style="overflow:none;background-color:#666;" class="tooltipped" data-position="top" data-tooltip="'+str(po)+' open, '+str(pc)+' closed, '+str(pf)+' filtered">'+\
 				'		<div class="perco" data-po="'+str(po)+'" style="padding-left:16px;padding-right:20px;">'+str(po)+'</div>'+\
@@ -458,6 +541,7 @@ def index(request, filterservice="", filterportid=""):
 				'		'+ostype+'<br>'+\
 				'		<b><a href="/report/'+str(address)+'">'+str(address)+'</a></b>'+hostname+''+\
 				notesout+\
+				cveout+\
 				'	</td>'+\
 				portstateout+\
 				'	<td style="font-family:monospace;text-align:center;">'+str((po + pf + pc))+'</td>'+\
@@ -612,6 +696,6 @@ def index(request, filterservice="", filterportid=""):
 	#'	<button class="btn red" onclick="javascript:genPDF(\''+scanmd5+'\');">PDF</button>'+\
 	#'<br><br>'
 
-	return render(request, 'nmapreport/index.html', r)
-
+	r['pretable'] += ' <input type="hidden" id="cpestring" value="'+urllib.parse.quote_plus(base64.b64encode(json.dumps(cpe).encode()))+'" /> '
 
+	return render(request, 'nmapreport/index.html', r)