Saturday, 14 January 2012

Searching for reported vulnerabilities

During the information gathering phase of a pentest, it is very important to check for already reported vulnerabilities. If you know the exact version of the application, operating system, framework, $foo after the usage of different tools (like nmap for example), this version string should be checked on different public available ressources:


Exploit-db.com (is using the exploit archive of milw0rm.com, that was shout down in late 2009)


You can search all of these sites after a vendor or product and you've got a free search. 

Also a good ressource for researching public available exploits is securitytube.net. You can find a lot of different attacks and their descriptions to exploit known vulnerabilities, presented in a video.

There are also some mailing-liste available that can be searched through:

Full Disclosure (very good source for the latest vulnerabilities)

Security Focus (BugTraq archive, not possible to search mail archive)


The search engine at nist.gov is quite useful if you are looking for a certain CVE number. You will get all the information associated with this vulnerability. 

cvedetails.com is also a great ressource if you're looking for a particular CVE number. You will get even more information as on nist.gov and also a link to an exploit, if available. The most important thing for me is, that you can execute a search of a specific product version. 

For example let's say you discover an apache webserver during information gathering phase, that is also supporting PHP in version 5.3.5. Now you want to know what vulnerabilities are known for this PHP version. Just click on "Version Search" and enter the data. 


As a result you will get a listing of all CVE results that are related to PHP 5.3.5 (21 vulnerabilities right now). In this view you can also see if there is an exploit available (marked with a red circle).



But there is more to discover. If you click on PHP (red circle in screenshot above) you will get a lot of statistics about all the vulnerabilities in PHP. When we click on "Browse all versions", the next view will list a table with all versions of PHP that are known for vulnerabilities. 





If you know more public available resources, leave a comment. Thx.

No comments:

Post a comment