Known vulnerabilities

Theory

This step ends the reconnaissance phase. The previous steps were aimed at gaining knowledge about the attack surface
Known vulnerabilities may then be identified depending on these information.

Practice

Known vulnerabilities can be found from the following resources
  • โ€‹exploit-db.com: an online exploit database
  • โ€‹searchsploit is a command-line utility that allows to do offline searches through the exploit-db
  • โ€‹CVE Details, NVD NIST and MITRE are online CVE (Common Vulnerabilities and Exposures) searches
# search exploits for a technology
searchsploit $technology
โ€‹
# Read an exploit
searchsploit -x $exploit_path
โ€‹
# Copy an exploit to the current directory
searchsploit -m $exploit_path
โ€‹
# Update the searchsploit database
searchsploit -u
When a vulnerability is found, one can research a Proof-Of-Concept (PoC) to try at exploiting the vulnerability. Most public PoCs can be found on GitHub.
Copy link
On this page
Theory
Practice