trouver_des_exploits_publique

Ceci est une ancienne révision du document !

Le PAD pour proposer une amélioration à cette page : https://pad.zenk-security.com/p/merci

[Base de donnée d'Exploits et Vulnerabilités ]

offline :

SearchSploit https://www.exploit-db.com/documentation/Offsec-SearchSploit.pdf
→ git clone https://github.com/offensive-security/exploit-database.git
→ apt update && apt -y install exploitdb
→ searchsploit -u #update
→ searchsploit “linux Kernel”–exclude=”(PoC)|/dos/” #Example
→ searchsploit apache mod_ssl #Other example
→ searchsploit -m 7618 #Paste the exploit in current directory
→ searchsploit -p 7618[.c] #Show complete path
→ searchsploit -x 7618[.c] #Open vi to inspect the exploit
→ searchsploit –nmap file.xml #Search vulns inside an nmap xml result

MSF-Search
→ msf> search platform:windows port:135 target:XP type:exploit

Nmap vulners
→ nmap –script nmap-vulners -sV 127.0.0.1 -p 443

Nmap vuln
→ nmap -Pn -n -sV -oN vulnnmapoutput.txt –script vuln 127.0.0.1

Windows Exploit Suggester

> git clone https://github.com/AonCyberLabs/Windows-Exploit-Suggester
> pip install xlrd –upgrade
> apt install python3-xlrd
> ./windows-exploit-suggester.py –update
> python windows-exploit-suggester.py –database 2020-07-27-mssb.xls –systeminfo sysinfo.txt

Windows Exploit Suggester - Next Generation (WES-NG)

> git clone https://github.com/bitsadmin/wesng
> python wes.py –update
> python wes.py sysinfoTerget.txt

online :

http://www.securityfocus.com/
https://www.cvedetails.com/
https://www.exploit-db.com/
https://www.exploit-db.com/google-hacking-database/
google
→ firefox –search “Microsoft Edge site:exploit-db.com”
→ firefox –search “Microsoft Edge site:exploit-db.com” inurl:exploits intext:remote intitle:Browser
https://srcincite.io/exploits/
https://www.exploitalert.com/
https://github.com/qazbnm456/awesome-cve-poc
https://github.com/yeahhub/awesome-cve-poc
https://vulners.com/
https://sploitus.com/
→ https://github.com/rejoinder/sploitus-search
→ https://github.com/0xricksanchez/sploitGET
→ https://github.com/si9int/sploitus.py
https://www.github.com/
pastebin.com
→ http://pastehits.blogspot.com/2013/03/pastebincom-custom-search.html
→ https://pastebeen.com
→ https://psbdmp.cc/ https://psbdmp.ws/
Tor
→ http://xmh57jrzrnw6insl.onion/
→ http://hss3uro2hsxfogfq.onion/
→ http://gjobqjj7wyczbqie.onion/
→ https://ahmia.fi/
https://threatpost.com/
https://www.deepdotweb.com/
https://packetstormsecurity.com/
http://routerpwn.com/
https://www.rapid7.com/db/
http://0day.today/
https://cve.mitre.org/cve/
http://www.exploitalert.com
http://www.vulnerability-lab.com
https://www.rapid7.com/db/
http://it.0day.today
https://nvd.nist.gov
http://osvdb.org
https://cxsecurity.com
https://www.kb.cert.org/vuls
https://secunia.com/community/advisories/search/
http://lwn.net/Vulnerabilities/
https://www.owasp.org/index.php/Category:Vulnerability
http://xforce.iss.net
http://www.us-cert.gov/cas/techalerts/
http://www.securiteam.com
http://lab.mediaservice.net
http://www.intelligentexploit.com
http://osvdb.org/
https://wpvulndb.com/
http://repwn.com/wiki.html
https://www.vulncode-db.com/ Vulncode-DB - is a database for vulnerabilities and their corresponding source code if available.
https://cveapi.com/ cveapi - free API for CVE data.

http://securityvulns.com/

http://insecure.org/sploits_all.html

http://zerodayinitiative.com/advisories/published/

http://nmrc.org/pub/index.html

http://oval.mitre.org

Write-up :

https://github.com/ENOFLAG/writeups?files=1
Writeup de bug bounty : https://bugbountypoc.com/
Writeup de bug bounty : https://pentester.land/list-of-bug-bounty-writeups.html
Writeup de bug bounty : https://medium.com/bugbountywriteup/
Writeup de bug bounty : https://pentester.land/list-of-bug-bounty-writeups.
Writeup de bug bounty : https://github.com/djadmin/awesome-bug-bounty
Writeup de HackTheBox : https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
Writeup de HackTheBox : https://github.com/Hackplayers/hackthebox-writeups
Writeup de HackTheBox : https://veteransec.com/category/hack-the-box-write-ups/
Writeup de HackTheBox : https://www.youtube.com/watch?v=mEKRKgbodyA&list=PLESA5tKaGeu6WYcnVHDENsr2S6d_14HNX
Writeup de hackthebox de VM retired https://0xdf.gitlab.io/
Writeup de VulnHub :https://www.youtube.com/watch?v=7nk3xdWTnpI&list=PLESA5tKaGeu7u0uGn1yJ9IPx99l-JnKlx

trouver_des_exploits_publique.1595844089.txt.gz · Dernière modification: 2020/07/27 12:01 par M0N5T3R