Comment on page
Known vulnerabilities
This step ends the reconnaissance phase. The previous steps were aimed at gaining knowledge about the attack surface
- Web server
- JavaScript Frameworks
- and other technologies
Known vulnerabilities may then be identified depending on these information.
Known vulnerabilities can be found from the following resources
# search exploits for a technology
searchsploit $technology
# Read an exploit
searchsploit -x $exploit_path
# Copy an exploit to the current directory
searchsploit -m $exploit_path
# Update the searchsploit database
searchsploit -u
When a vulnerability is found, one can research a Proof-Of-Concept (PoC) to try at exploiting the vulnerability. Most public PoCs can be found on GitHub.
Last modified 2yr ago