Hundreds of Windows 10, macOS, and Linux vulnerabilities are disclosed every single week, many of which elude mainstream attention. Most users aren't even aware that newly found exploits and vulnerabilities exist, nor that CVEs can be located by anyone in just a few clicks from a selection of websites online.
The numbered reference system used to catalog disclosed vulnerabilities and exploits is called the Common Vulnerabilities and Exposures (CVE) system.
For example, the Exploit Database uses CVEs to identify individual vulnerabilities which are associated with a particular version of a service like "SSH v7.7," as shown below with CVE-2018-15473. All exploit databases operate and index CVEs similarly or exactly like the CVE number assigned to this particular SSH username enumeration vulnerability.
- Don't Miss: How to Easily Detect CVEs with Nmap Scripts
CVEs and exploits are highly sought after by black hats and security professionals alike. They can be used to hack into outdated Windows versions, perform privilege escalation, and access routers without the target's knowledge, among other things.
Now that we know what a CVE is, let's see where we can find them.
The Computer Incident Response Center Luxembourg (CIRCL) is an information security organization designed to handle cyber threat detections and incidents. Its website features security research publications and a searchable CVE database.
For decades, the VulDB specialists have coordinated with large and independent information security communities to compile a searchable database of over 124,000 CVEs. Hundreds of new entries are added on a daily basis and scored (e.g., low, medium, high) based on the severity of the disclosed exploit.
0day.today (accessible via tor onion service), is an exploit database that also sells private exploits for as much as $5,000 USD. While there are several reports of scams occurring with private sales, the searchable public database is quite legitimate.
Rapid7, creators of the Metasploit Framework, have a searchable CVE database on its website. However, unlike other databases, Rapid7 very rarely features the actual exploit code. Instead, it offers advisories containing helpful reference links to relevant documentation for remediation, as well as links to msfconsole modules that automate the indexed exploit.
The National Institute of Standards and Technology (NIST) is one of the oldest physical science laboratories in the United States. It's currently involved in a myriad of technologies and research such as its national initiative for cybersecurity education, CVE archive, cutting-edge technology news, and quantum information science program. Anyone can search its CVE database.
Packet Storm Security isn't exactly intended to be a searchable database of exploits. Rather, it's a general resource of information pertaining to vulnerability advisories and remediations. The Packet Storm website also features hacker news, research whitepapers, and a feed of recently disclosed CVEs.
The Exploit Database is currently maintained by the Offensive Security organization which specializes in advanced Windows exploitation, web application security, and various prominent penetration tester certification training.
Its searchable database currently features a collection of over 40,000 remote, local, web application, and denial-of-service exploits, as well as a Google hacking database, research whitepapers, and a database search function.
Vulners, founded by Kir Ermakov, is a CVE database currently containing over 176,500 indexed exploits. Its website includes CVE statistics, a Linux vulnerability management auditor, and searchable CVE database.
MITRE is a US government-sponsored organization that manages federally funded research and development centers (FFRDC). Its website emphasizes commercial publications and information related to their FFRDCs such as the National Cybersecurity program. It also maintains one of the biggest and widely referenced CVE databases currently available, searchable by the public.
Some readers may be looking to explore recent OS-specific vulnerabilities — or simply trying to remain aware to better protect themselves. Most operating system distributions offer an advisory listing on their website. These are mostly application-specific vulnerabilities and bugs, but in many cases, can be easily exploited by attackers.
- Microsoft: Windows Security Update Guide
- Android: Monthly Security Bulletin
- Apple: Security Updates
- Ubuntu: Security Notices, CVE Tracker, Mailing List
- Debian: Recent Advisories, Mailing List
- RedHat: CVE Database, Security Advisories
- Arch Linux: Security Advisories
I hope you enjoyed this article. If we missed any noteworthy websites or databases you find vital to a penetration testers arsenal, be sure to leave a comment and share your picks.