Skip to content

Known vulnerabilities

Theory

This step ends the reconnaissance phase. The previous steps were aimed at gaining knowledge about the attack surface

Known vulnerabilities may then be identified depending on these information.

Practice

Known vulnerabilities can be found from the following resources

bash
# search exploits for a technology
searchsploit $technology

# Read an exploit
searchsploit -x $exploit_path

# Copy an exploit to the current directory
searchsploit -m $exploit_path

# Update the searchsploit database
searchsploit -u

When a vulnerability is found, one can research a Proof-Of-Concept (PoC) to try at exploiting the vulnerability. Most public PoCs can be found on GitHub.