🛠️ Known vulnerabilities

Theory

Once all the useful information are gathered, it's time to find possible vulnerabilities associated with the components we found.

Practice

Tool

Searching exploits with searchsploit.

searchsploit $component_name

Two interesting commands related to searchsploit:

# Check what is inside a payload
searchsploit -x $payload_name.txt
# Update the searchsploit database
searchsploit -u

Searchsploit gets its database directly from exploit-db.

Manual research

CVE lists:

When a vulnerability is found, one can research a Proof-Of-Concept (POC) on the internet and more precisely, on GitHub.