Known vulnerabilities

Theory

This step ends the reconnaissance phase. The previous steps were aimed at gaining knowledge about the attack surface

Web server
Content Management System (CMS)
Web Application Firewall (WAF)
JavaScript Frameworks
and other technologies

Known vulnerabilities may then be identified depending on these information.

Practice

Known vulnerabilities can be found from the following resources

exploit-db.com: an online exploit database
searchsploit is a command-line utility that allows to do offline searches through the exploit-db
CVE Details, NVD NIST and MITRE are online CVE (Common Vulnerabilities and Exposures) searches

# search exploits for a technology
searchsploit $technology

# Read an exploit
searchsploit -x $exploit_path

# Copy an exploit to the current directory
searchsploit -m $exploit_path

# Update the searchsploit database
searchsploit -u

When a vulnerability is found, one can research a Proof-Of-Concept (PoC) to try at exploiting the vulnerability. Most public PoCs can be found on GitHub.

PreviousOther technologies NextConfiguration

Last updated 3 years ago

Was this helpful?