Hundreds of Windows 10, MacOS, and Linux vulnerabilities are released each week, many of which miss the attention of the mainstream. Most users are unaware that there are newly discovered exploits and vulnerabilities, or that CVEs can be found online from just a few clicks on a few websites.
What is a CVE?
The Numbered Reference System The tools used to catalog disclosed vulnerabilities and exploits are called Common Vulnerabilities and Exposures (CVE) systems.
For example, the exploit database uses CVEs to identify individual vulnerabilities associated with a particular version of a service such as "SSH v7.7" as shown below with CVE-2018-15473. All Exploit Databases operate and index CVEs similar or similar to the CVE number assigned to this specific vulnerability in SSH usernames.
CVEs and exploits are generated by Black-Hats and They can be used to hack into out-of-date versions of Windows, increase privilege, and access routers without knowledge of the target.
Now that we know what a CVE is, let's see where we find it
The Computer Incident Response Center Luxembourg (CIRCL) is an information security organization responsible for the settlement of on cyber threat detection and incidents. The site provides security research publications and a searchable CVE database.
For decades, VulDB specialists have coordinated with large and independent information security communities to create a searchable database of over 124,000 CVEs. Hundreds of new entries are added daily and rated based on the severity of the disclosed exploit (eg, low, medium, high).
SecurityFocus has reported incidents related to cybersecurity and published white papers in the past. Today, it keeps track of software bug reports and since 1999 has been building a searchable archive of CVEs.
0day.today (reachable via the onion service) is an exploit database that also sells private exploits for up to $ 5,000. While there are several reports of private sales scams, the searchable public database is quite legitimate.
Rapid7, founders of the Metasploit Framework, have a searchable CVE database on their website. Unlike other databases, however, Rapid7 rarely has the actual exploit code. Instead, it offers advisories that provide helpful reference links to relevant documentation for troubleshooting and links to msfconsole modules that automate the indexed exploit.
For example, since the public disclosure of CVE-2018-15473 exploited the previously mentioned SSH username enumeration, the hack can be found in msfconsole and executed with ease.
The National Institute of Standards and Technology (NIST) is one of the oldest physical science laboratories in the United States. It is currently involved in a variety of technologies and research, including the National Cybersecurity Initiative, the CVE Archive, the latest technology news and the Quantum Information Science Program. Everyone can search their CVE database.
7. Packet Storm Security
Packet Storm Security is not necessarily intended as a searchable database for exploits. Rather, it is a general source of information about vulnerability indications and remedies. The Packet Storm website also provides information on hackers, research whitepapers, and a feed of recently published CVEs.
8. Exploit Database
The exploit database is currently managed by the Offensive Security Organization which specializes in advanced Windows usage, web application security, and several prominent penetration tester certification courses.
The searchable database currently has a collection of data about 40,000 remote, local, web, and denial-of-service exploits, as well as a Google hacking database, white papers for searches, and a database browser.
Vulners, founded by Kir Ermakov, is a CVE database that currently contains over 176,500 indexed exploits. The site includes CVE statistics, an auditor for Linux vulnerability management, and a searchable CVE database.
MITER is a US government-sponsored organization that manages state-funded Research and Development Centers (FFRDCs). Its website highlights commercial releases and information about its FFRDCs, such as the National Cybersecurity Program. It also maintains one of the largest and most widely referenced CVE databases that can currently be searched by the public.
Operating System Advisory and CVE Databases (Bonus)
Some readers may be looking for the latest operating system-specific vulnerabilities – or simply trying to be aware of them to protect yourself better. Most operating system distributions offer an advisory list on their website. These are mostly application-specific vulnerabilities and bugs, but in many cases they can easily be exploited by attackers.
I hope you enjoyed this article. If you have not missed any significant sites or databases that you consider essential to an arsenal of penetration testers, leave a comment and share your selection.