# Exploit Research

## Top Resources

* <https://attackerkb.com/>
* <https://ippsec.rocks/?#>
* Google the service and add exploit to the end!!!

## Search services vulnerabilities

```
searchsploit --exclude=dos -t apache 2.2.3
msfconsole; > search apache 2.2.3
```

### CVE Database

```
https://cve.mitre.org/cve/search_cve_list.html
```

### National Vulnerability Database (NVD)

* U.S. Government Repository of standards based vulnerability management data represented using the Security Content Automation Protocol.

```
https://mvd.mist.gov/
https://nvd.nist.gov/general/visualizations
```

* To show a visualization of CVSS’s Severity over time.

```
https://nvd.nist.gov/vuln/data-feeds
```

### CVE Details

```
https://www.cvedetails.com
```

### Exploit Database

* Search by CVE and OSVDB identifier.

```
https://www.exploit-db.com
```

### Searchsploit by Exploit-db

* Offline source for finding vulnerabilities and exploits.
* To update the database:

```
searchsploit -u
searchsploit 
searchsploit [key word or service/service version]
```

* Copy a searchsploit result to your present working directory

```
searchsploit -m 39446 win_x86-64/local/39525.py
```

* Alternative copy method

```
locate 35513.py 
cp /usr/share/exploitdb/platforms/linux/remote/35513.py /root/Desktop/35513.py
```

* Exclude certain results like DOS or POC

```
searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"
```

* Can print the file for an exploit

```
cat /usr/share/exploitdb/exploits/linux/remote/16922.rb
```

* Exact match to your keyword input

```
searchsploit -e  
```

* Always start with specific and move to more general

## Working with exploits

* Shebang

```
Python #!/usr/bin/python
Bash #!/bin/bash
Bourne shell #!/bin/sh
Perl #!/usr/bin/perl
```