Security practitioners face challenges in assessing exploit samples from public vulnerability databases due to inconsistent sample quality and inefficient evaluation: existing metrics such as CVSS and EPSS fail to reflect practical exploitability, while manual triage is time-consuming and unscalable. This paper introduces the first automated scoring system for exploit actionability—i.e., the feasibility of deploying an exploit in real-world environments—integrating static code analysis with multi-dimensional feature modeling. The system generates interpretable, structured quantitative scores across three dimensions: usability, functional correctness, and deployment complexity, explicitly accounting for both exploit logic and environmental dependencies—avoiding opaque probabilistic estimation. Evaluated on a dataset of over 5,000 vulnerabilities, the approach achieves 100% top-3 recommendation accuracy and strong agreement with expert assessments, significantly outperforming CVSS and EPSS.

Security practitioners face growing challenges in exploit assessment, as public vulnerability repositories are increasingly populated with inconsistent and low-quality exploit artifacts. Existing scoring systems, such as CVSS and EPSS, offer limited support for this task. They either rely on theoretical metrics or produce opaque probability estimates without assessing whether usable exploit code exists. In practice, security teams often resort to manual triage of exploit repositories, which is time-consuming, error-prone, and difficult to scale. We present AEAS, an automated system designed to assess and prioritize actionable exploits through static analysis. AEAS analyzes both exploit code and associated documentation to extract a structured set of features reflecting exploit availability, functionality, and setup complexity. It then computes an actionability score for each exploit and produces ranked exploit recommendations. We evaluate AEAS on a dataset of over 5,000 vulnerabilities derived from 600+ real-world applications frequently encountered by red teams. Manual validation and expert review on representative subsets show that AEAS achieves a 100% top-3 success rate in recommending functional exploits and shows strong alignment with expert-validated rankings. These results demonstrate the effectiveness of AEAS in supporting exploit-driven vulnerability prioritization.