Vulnerabilities are found every day, and they don't discriminate from one operating system to another. They're present on all operating systems used on electronic devices, from mobile phones to smart TVs, from the IoT to computers.
In the same way that new CVEs are disclosed, new proof-of-concept scripts and exploits are released by the hour from researchers around the world.
And for infosec beginners who are just now beginning to explore this fascinating world, a common question is: Where can I find exploits to test CVEs?
The answer is simple: program your own exploit, or check one of the various exploit databases we have at our disposal. Today we're not going to teach you how to program exploits, but how to find them, by exploring the most popular exploit databases.
- What is an exploit?
- Top 8 exploit databases
What is an exploit?
Before getting into the list, let's review what an exploit is, in technical terms.
An exploit, also known as a software exploit, is an application or script created to make full use of known bugs and vulnerabilities of 3rd party applications or services, which may lead the affected software to behave in an unexpected way.
Most exploits are related to vulnerabilities found by server-based scanners as well as online vulnerability scanners, the first line of contact for any CVE.
Now that you know what an exploit is, let's jump right into the action, by exploring the most popular exploit databases.
Top 8 exploit databases
While many cybersecurity blogs and media sites include both CVE databases and exploit databases on the same list, we must clarify that these are two different things.
This list only includes exploit databases. For a full list of CVE databases, please visit our article Top 4 CVE databases.
This is one of the most popular free exploit databases around, known as 'Exploit DB.' This project from Offensive Security aims to be a collection of public exploits and vulnerable software available for vulnerability research and penetration testing purposes.
Day by day, the exploit list is built by gathering exploits from public and private sources, and presented in a user-friendly interface that allows you to search the database quickly. From this area you'll be able to search for exploits exclusively, or for both exploits and vulnerable apps, and even create filters to customize your search by author, type of platform, tags, and much more.
The people behind Metasploit are known for high quality in their infosec products, and the same goes for their website's vulnerability and exploit database.
Rapid7 offers a quick and handy way to search for vulnerabilities and exploits (modules), allowing you to explore the results for any given query, as shown in the following screenshot:
Once you get the results, you'll be able to discover more information about the vulnerability, with exact instructions for running this exploit from the metasploit console:
This database offers direct access to latest exploits from a web-based interface, where you'll be able to filter and find exploits for local or remote vulnerabilities, get risk level and other details, such as author and publishing date.
Clicking on any of the exploits allows you to access the full code to copy and reproduce the exploit in your local environment, as well as PoC instructions and more, depending on the exploit.
Vulnerability Lab offers access to a large vulnerability database complete with exploits and PoCs for research purposes.
It includes full details about the vulnerability such as date, risk score, affected version, type of vulnerability (remote or local), author, estimated price, vulnerability class and more.
Also known as Inj3ct0r, 0day.today claims to be the biggest exploit DB in the world, a full-service way to discover, buy and sell exploits anonymously to anyone by using digital currencies such as Bitcoin, Litecoin and Ethereum.
The type of exploits you can find in this database include local, remote DoS, PoC, shellcode and others.
By browsing their database, you'll see common exploit details such as publishing date, description, affected platform, hits, risk score, cost of the exploit, and author.
The website is translated into more than a dozen languages, and states that it was published for educational purposes only.
SecurityFocus is a Symantec-based community created to share general CVE and exploit information with developers and security researchers in a centralized location.
It offers direct access to CVEs and exploits from an easy-to-browse web interface where you can find vulnerabilities and filter the results by vendor, title and software version.
While SecurityFocus is a useful service, it hasn't been updated since July 2019. You won't find the latest exploits with it.
Packet Storm Security
Packet Storm Security is an exploit community dedicated to sharing vulnerabilities and advisories, as well as information about PoCs, demos and working exploits for local and remote vulnerabilities.
One of the things we love about this site is that it's always updated to include the latest exploits for a wide range of software apps.
Google Hacking Database
While these aren't official "exploits" but rather Google Dorks, they work in much the same way as a traditional exploit—but instead of using software code on your own apps or services, you rely on Google's search engine syntax language to execute commands and get the information you need.
The Google Hacking Database is a project from the Exploit-DB.com domain name, an alternative way to find vulnerable apps and extract information or to gain privileges.
Vulnerabilities, bugs and exploits are always tied to software development. In order to help research teams, software engineers, and blue and red teams, exploit databases offer direct access to safe code that will help developers test, patch, secure and mitigate CVEs.
However, your vulnerabilities don't always come from the application or software side. Sometimes they start in the infrastructure, beginning with all the data you're exposing to the Internet.
Analyzing your exposed assets and critical data can reveal weak areas of your companies, services or apps, as well as help you detect running services, open ports, SSL certificates, subdomains and associated domains in seconds.
Jump to the next level of infosec analysis with Attack Surface Intelligence - ASI, the ultimate infrastructure surface analyzer, and discover all the critical infosec data you're sharing on the Internet. Start today! Contact our sales team for more information.