How To: Top 10 Exploit Databases for Finding Vulnerabilities

Top 10 Exploit Databases for Finding Vulnerabilities

Hundreds of Windows 10, macOS, and Linux vulnerabilities are disclosed every single week, many of which elude mainstream attention. Most users aren't even aware that newly found exploits and vulnerabilities exist, nor that CVEs can be located by anyone in just a few clicks from a selection of websites online.

What Is a CVE?

The numbered reference system used to catalog disclosed vulnerabilities and exploits is called the Common Vulnerabilities and Exposures (CVE) system.

For example, the Exploit Database uses CVEs to identify individual vulnerabilities which are associated with a particular version of a service like "SSH v7.7," as shown below with CVE-2018-15473. All exploit databases operate and index CVEs similarly or exactly like the CVE number assigned to this particular SSH username enumeration vulnerability.

CVEs and exploits are highly sought after by black hats and security professionals alike. They can be used to hack into outdated Windows versions, perform privilege escalation, and access routers without the target's knowledge, among other things.

Now that we know what a CVE is, let's see where we can find them.

1. CIRCL

The Computer Incident Response Center Luxembourg (CIRCL) is an information security organization designed to handle cyber threat detections and incidents. Its website features security research publications and a searchable CVE database.

2. VulDB

For decades, the VulDB specialists have coordinated with large and independent information security communities to compile a searchable database of over 124,000 CVEs. Hundreds of new entries are added on a daily basis and scored (e.g., low, medium, high) based on the severity of the disclosed exploit.

3. SecurityFocus

SecurityFocus has reported on cybersecurity incidents and published whitepapers in the past. These days, it tracks software bug reports and has been compiling a searchable archive of CVEs since 1999.

4. 0day.today

0day.today (accessible via tor onion service), is an exploit database that also sells private exploits for as much as $5,000 USD. While there are several reports of scams occurring with private sales, the searchable public database is quite legitimate.

5. Rapid7

Rapid7, creators of the Metasploit Framework, have a searchable CVE database on its website. However, unlike other databases, Rapid7 very rarely features the actual exploit code. Instead, it offers advisories containing helpful reference links to relevant documentation for remediation, as well as links to msfconsole modules that automate the indexed exploit.

For example, since the public disclosure of CVE-2018-15473, the aforementioned SSH username enumeration exploit, the hack can be found in msfconsole and executed with great ease.

6. NIST

The National Institute of Standards and Technology (NIST) is one of the oldest physical science laboratories in the United States. It's currently involved in a myriad of technologies and research such as its national initiative for cybersecurity education, CVE archive, cutting-edge technology news, and quantum information science program. Anyone can search its CVE database.

7. Packet Storm Security

Packet Storm Security isn't exactly intended to be a searchable database of exploits. Rather, it's a general resource of information pertaining to vulnerability advisories and remediations. The Packet Storm website also features hacker news, research whitepapers, and a feed of recently disclosed CVEs.

8. Exploit Database

The Exploit Database is currently maintained by the Offensive Security organization which specializes in advanced Windows exploitation, web application security, and various prominent penetration tester certification training.

Its searchable database currently features a collection of over 40,000 remote, local, web application, and denial-of-service exploits, as well as a Google hacking database, research whitepapers, and a database search function.

9. Vulners

Vulners, founded by Kir Ermakov, is a CVE database currently containing over 176,500 indexed exploits. Its website includes CVE statistics, a Linux vulnerability management auditor, and searchable CVE database.

10. MITRE

MITRE is a US government-sponsored organization that manages federally funded research and development centers (FFRDC). Its website emphasizes commercial publications and information related to their FFRDCs such as the National Cybersecurity program. It also maintains one of the biggest and widely referenced CVE databases currently available, searchable by the public.

Operating System Advisory & CVE Databases (Bonus)

Some readers may be looking to explore recent OS-specific vulnerabilities — or simply trying to remain aware to better protect themselves. Most operating system distributions offer an advisory listing on their website. These are mostly application-specific vulnerabilities and bugs, but in many cases, can be easily exploited by attackers.

I hope you enjoyed this article. If we missed any noteworthy websites or databases you find vital to a penetration testers arsenal, be sure to leave a comment and share your picks.

Cover photo and screenshots by distortion/Null Byte

Be the First to Comment

Share Your Thoughts

  • Hot
  • Latest