Hundreds of Windows 10, MacOS and Linux vulnerabilities are unveiled weekly, many of which deviate from mainstream attention. Most users are not even aware that recent exploits and vulnerabilities exist, or that CVEs can be located by someone in just a few clicks from a selection of websites online.
What is a CVE?
The numbered reference system used to catalog sensitive vulnerabilities and exploits is called Common Vulnerabilities and Exposures (CNS).
The usage database uses CVEs to identify individual vulnerabilities associated with a particular version of a service such as "SSH v7.7," as shown below with CVE-201
CVEs and exploits are sought after by black hats and security personnel alike. They can be used to hack into obsolete windows versions, perform privileges escalation and access routers without the knowledge of the target.
Now that we know what a CVE is, let's see where we can find them.
Computer Incident Response Center Luxembourg (CIRCL) is an information security organization designed to deal with threats and incidents of cyber threats. The site contains security research publications and a searchable CVE database.
For several decades, VulDB specialists have coordinated with large and independent information security communities to compile a searchable database with over 124,000 CVEs. Hundreds of new records are added daily and made (eg, low, medium, high) based on the severity of the displayed utilization.
0day.today (available via tor onion service), is an exploit database that also sells private exploits for as much as $ 5,000 USD. Although there are several reports of fraud involving private sales, the searchable public database is quite legitimate.
Rapid7, creator of the Metasploit Framework has a searchable CVE database on its site. Unlike other databases, Rapid7 rarely has the actual utilization code. Instead, it provides advice that contains useful reference links to relevant documentation for remediation as well as links to msfconsole modules that automate indexed utilization.
For example, since the publication of CVE-2018-15473, the previously mentioned SSH user name calculation utilizes, the hack can be found in msfconsole and executed with great ease.
The National Institute of Standards and Technology (NIST) is one of the oldest physical laboratories in the United States. It is currently involved in a variety of technologies and research, such as the National Initiative for Cyber Security Training, CVE Archive, Advanced Technology, and Quantum Information Science. Anyone can search their CVE database.
7. Packet Storm Security
Packet Storm Security is not exactly intended to be a searchable database of exploaters. It is rather a general source of information for vulnerability counseling and remedies. The Packet Storm site also contains hackery news, research forms and a flow of recently published CVEs.
8. Exploit Database
Exploit Database is currently maintained by Offensive Security Organization specializing in advanced Windows exploitation, web application security and various prominent certificate training for penetration tests.
The searchable database currently contains a collection of over 40,000 remote, local, web application and exploitation refusals, as well as a database for Google hacking, research forms, and a database search feature.
Vulners, founded by Kir Ermakov, is a CVE database that currently contains over 176,500 indexed utilizations. Its website contains CVE statistics, a Linux vulnerability management account and searchable CVE database.
MITER is a US government-consolidated organization that manages federally funded research and development centers (FFRDC). Its website emphasizes commercial publications and information related to their FFRDCs, such as the National Cybersecurity Program. It also contains one of the largest and most referenced CVE databases currently available, can be searched by the public.
Operating System Counseling and CVE Databases (Bonus)
Some browsers can look to explore the latest OS-specific vulnerabilities – or simply try to be aware of better protection. Most operating system distributions offer an advisory listing on their website. These are mostly application-specific vulnerabilities and errors, but in many cases they can be easily exploited by attackers.
I hope you enjoyed this article. If we lack any remarkable sites or databases that you think are crucial to an arsenal for penetration testers, be sure to leave a comment and share your choices.