Vulnerability Search?

[SupaRice]

Where is the best place for me to find any known vulnerabilities for application X and version Y?

[Sparda]

You go to website Z and search for X. ;)

[digip]

Google + Milw0rm = read more and learn on your own

[SupaRice]

Just asking.

[shonen]

+1

Milw0rm

[LauBen]

I have to say that I find Milw0rm and securityfocus are two of the best sites for vulnerabilities and exploit research. you could also try Metasploit and Canvas.

On a side note you never said whether you were after a full vulnerability (exploit code/POC) or just the ability detect them?

[digip]

Just asking.

Don't take offense, just saying. Those two sites will be a world of knowledge and keep you reading for a LONG time, just to get started with this stuff. Sometimes the answers are just that. I wasn't being cocky or sarcastic, and if you had bothered to look into this, a quick google would have yielded you tons more replies than any of us would. Read more and learn on your own was an encouragment, not a swipe at you. Next time it may be though...

[SupaRice]

Yeah, I didn't take offense, I was just trying to apologize if I caused offense. I guess I didn't explain myself very well either.

I have a customer that wants me to figure out what they may be vulnerable to without running a scanner like Nessus or something. So all I have is version numbers and such. I was just curious what sites everyone here used for research. I figured if I asked, there might be some really good sites that are not well known.

Sorry for being a dumbass n00b, but my main job function doesn't take me as deep into hacking as I'd like so I'm not as familiar as you guys are.

Thanks for the replies.

[digip]

Fsecure, Security Focus, ISC(Sans), google, google, google...

Usually just putting in a product and version number yields results from google.

example google searches:

advisory "apache 1.3.1"
vulnerability "apache 1.3.1"
weakness "apache 1.3.1"
fsecure "apache 1.3.1"
security focus "apache 1.3.1"
disclosure "apache 1.3.1"

That is, if you wanted to find something specific to apache 1.3.1, etc. replace that with your product or whatever, but the art of google-fu is one that can net you things you may not have even thought of.

[shawty]

Yeah, I didn't take offense, I was just trying to apologize if I caused offense. I guess I didn't explain myself very well either.

I have a customer that wants me to figure out what they may be vulnerable to without running a scanner like Nessus or something. So all I have is version numbers and such. I was just curious what sites everyone here used for research. I figured if I asked, there might be some really good sites that are not well known.

Sorry for being a dumbass n00b, but my main job function doesn't take me as deep into hacking as I'd like so I'm not as familiar as you guys are.

Thanks for the replies.

No offence, suparice but if your client wants a security audit without using industry standard tools such as nessus, then there not serious about the results.

If i get a client, and they ask me that (and there are some) i explain that nessus and co are the standard, basic tools that should be used first, if they disagree then i simply cant' do a through job.

We have these tools, through years of development, and they are deved for just such a reason.

Cheers

Shawty

[digip]

No offence, suparice but if your client wants a security audit without using industry standard tools such as nessus, then there not serious about the results.

If i get a client, and they ask me that (and there are some) i explain that nessus and co are the standard, basic tools that should be used first, if they disagree then i simply cant' do a through job.

We have these tools, through years of development, and they are deved for just such a reason.

Cheers

Shawty

I totally agree with that. If you want to pentest a system, something like Nessus or even BT are needed. Especially when they automate a lot of the work for you and BT can be set up to download updates directly from Milw0rm with respect to what they have in their db. These alone are not the end all be all though, and good security knows this as your weakest link might be an employee, not a piece of software.

[LauBen]

Morning all,

I forgot to mention www.securityforest.com they have some fab intel and a wonderful "Exploit Tree". For anyone not familiar with the concept of an exploit tree, it is best described by the explanation on security forest web page, why reinvent the wheel ^_^

"The ExploitTree is a categorized collection of ALL available exploit code. ExploitTree's ambition is to become the most organized, rich and up-to-date exploit repository on the internet. The ExploitTree is based on CVS (Concurrent Versioning System) (http://www.cvshome.org/) and therefore allows the user to keep an up-to-date offline mirror of the repository on their hard drive"

Anyway, the really good thing about this is you end up with a full collection of exploits on your local system, which is all nicely organised and segregated.

[DingleBerries]

I can understand them not wanting to have a live test done one their network if they do no have any production/test boxes. Some companies just cannot afford that, although it is a good practice to have backup/production/main. Darkcode has a milw0rm script for going threw vulns. but I find securityfocus.com to be better and easier to use.

[Destro]

Milw0rm,security focus, and metasploit has some built in.

cheers,

Destro

[operat0r_001]

http://feeds.rmccurdy.com :P