Jump to content

Vulnerability Search?


SupaRice
 Share

Recommended Posts

Google + Milw0rm = read more and learn on your own

Link to comment
Share on other sites

I have to say that I find Milw0rm and securityfocus are two of the best sites for vulnerabilities and exploit research. you could also try Metasploit and Canvas.

On a side note you never said whether you were after a full vulnerability (exploit code/POC) or just the ability detect them?

Link to comment
Share on other sites

Just asking.

Don't take offense, just saying. Those two sites will be a world of knowledge and keep you reading for a LONG time, just to get started with this stuff. Sometimes the answers are just that. I wasn't being cocky or sarcastic, and if you had bothered to look into this, a quick google would have yielded you tons more replies than any of us would. Read more and learn on your own was an encouragment, not a swipe at you. Next time it may be though...

Link to comment
Share on other sites

Yeah, I didn't take offense, I was just trying to apologize if I caused offense. I guess I didn't explain myself very well either.

I have a customer that wants me to figure out what they may be vulnerable to without running a scanner like Nessus or something. So all I have is version numbers and such. I was just curious what sites everyone here used for research. I figured if I asked, there might be some really good sites that are not well known.

Sorry for being a dumbass n00b, but my main job function doesn't take me as deep into hacking as I'd like so I'm not as familiar as you guys are.

Thanks for the replies.

Link to comment
Share on other sites

Fsecure, Security Focus, ISC(Sans), google, google, google...

Usually just putting in a product and version number yields results from google.

example google searches:

advisory "apache 1.3.1"
vulnerability "apache 1.3.1"
weakness "apache 1.3.1"
fsecure "apache 1.3.1"
security focus "apache 1.3.1"
disclosure "apache 1.3.1"

That is, if you wanted to find something specific to apache 1.3.1, etc. replace that with your product or whatever, but the art of google-fu is one that can net you things you may not have even thought of.

Link to comment
Share on other sites

Yeah, I didn't take offense, I was just trying to apologize if I caused offense. I guess I didn't explain myself very well either.

I have a customer that wants me to figure out what they may be vulnerable to without running a scanner like Nessus or something. So all I have is version numbers and such. I was just curious what sites everyone here used for research. I figured if I asked, there might be some really good sites that are not well known.

Sorry for being a dumbass n00b, but my main job function doesn't take me as deep into hacking as I'd like so I'm not as familiar as you guys are.

Thanks for the replies.

No offence, suparice but if your client wants a security audit without using industry standard tools such as nessus, then there not serious about the results.

If i get a client, and they ask me that (and there are some) i explain that nessus and co are the standard, basic tools that should be used first, if they disagree then i simply cant' do a through job.

We have these tools, through years of development, and they are deved for just such a reason.

Cheers

Shawty

Link to comment
Share on other sites

No offence, suparice but if your client wants a security audit without using industry standard tools such as nessus, then there not serious about the results.

If i get a client, and they ask me that (and there are some) i explain that nessus and co are the standard, basic tools that should be used first, if they disagree then i simply cant' do a through job.

We have these tools, through years of development, and they are deved for just such a reason.

Cheers

Shawty

I totally agree with that. If you want to pentest a system, something like Nessus or even BT are needed. Especially when they automate a lot of the work for you and BT can be set up to download updates directly from Milw0rm with respect to what they have in their db. These alone are not the end all be all though, and good security knows this as your weakest link might be an employee, not a piece of software.

Link to comment
Share on other sites

Morning all,

I forgot to mention www.securityforest.com they have some fab intel and a wonderful "Exploit Tree". For anyone not familiar with the concept of an exploit tree, it is best described by the explanation on security forest web page, why reinvent the wheel ^_^

"The ExploitTree is a categorized collection of ALL available exploit code. ExploitTree's ambition is to become the most organized, rich and up-to-date exploit repository on the internet. The ExploitTree is based on CVS (Concurrent Versioning System) (http://www.cvshome.org/) and therefore allows the user to keep an up-to-date offline mirror of the repository on their hard drive"

Anyway, the really good thing about this is you end up with a full collection of exploits on your local system, which is all nicely organised and segregated.

Link to comment
Share on other sites

I can understand them not wanting to have a live test done one their network if they do no have any production/test boxes. Some companies just cannot afford that, although it is a good practice to have backup/production/main. Darkcode has a milw0rm script for going threw vulns. but I find securityfocus.com to be better and easier to use.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...