Known vulnerabilities

Theory
This step ends the reconnaissance phase. The previous steps were aimed at gaining knowledge about the attack surface
Web server
​Content Management System (CMS)​
​Web Application Firewall (WAF)​
JavaScript Frameworks
and other technologies
Known vulnerabilities may then be identified depending on these information.
Practice
Known vulnerabilities can be found from the following resources
​exploit-db.com: an online exploit database
​searchsploit is a command-line utility that allows to do offline searches through the exploit-db
​CVE Details, NVD NIST and MITRE are online CVE (Common Vulnerabilities and Exposures) searches
# search exploits for a technology
searchsploit $technology
​
# Read an exploit
searchsploit -x $exploit_path
​
# Copy an exploit to the current directory
searchsploit -m $exploit_path
​
# Update the searchsploit database
searchsploit -u
When a vulnerability is found, one can research a Proof-Of-Concept (PoC) to try at exploiting the vulnerability. Most public PoCs can be found on GitHub.

Last modified 1yr ago