Back to course

Introduction to Exploit Databases (Exploit-DB, CVE)

Cyber Security Mastery: From Zero to Hero

Finding Known Exploits

Once you identify a service and version (e.g., Apache 2.2.8), you search public databases to see if an exploit already exists for that flaw.

1. CVE (Common Vulnerabilities and Exposures)

  • Purpose: A standardized naming system for publicly known information security vulnerabilities. (CVE-2021-12345).
  • Function: CVE is a list of vulnerabilities. It does not typically contain exploit code.

2. Exploit-DB

  • Purpose: A public archive of exploits and vulnerable software, maintained by Offensive Security (the creators of Kali Linux).
  • Function: Contains the actual proof-of-concept code and instructions for how to run the exploit.

Using Searchsploit (Kali Tool)

Kali includes searchsploit, a command-line tool that allows you to search the local copy of the Exploit-DB database, speeding up the process.

bash

Search for known exploits for vsftpd

searchsploit vsftpd

Get the full path to the exploit code

searchsploit -p 37889