Red Team Guide: Search Exploits

Published Apr 5, 2022

Contents


Introduction

Once you know which services are running, and maybe their version, you have to search for known vulnerabilities. If there isn't any fancy exploit for any running service, you should look for common misconfigurations in each service running.

Browser

Always search in google or others: <service_name> [version] exploit

You should also try the shodan exploit search from https://exploits.shodan.io.

Searchsploit

Useful to search exploits for services in exploitdb from the console.

# Searchsploit tricks
searchsploit "linux Kernel" #Example
searchsploit apache mod_ssl #Other example
searchsploit -m 7618 #Paste the exploit in current directory
searchsploit -p 7618[.c] #Show complete path
searchsploit -x 7618[.c] #Open vi to inspect the exploit
searchsploit --nmap file.xml #Search vulns inside an nmap xml result

Pompem

Pompem is an open source tool, designed to automate the search for Exploits and Vulnerability in the most important databases. Developed in Python, has a system of advanced search, that help the work of pentesters and ethical hackers. In the current version, it performs searches in PacketStorm security, CXSecurity, ZeroDay, Vulners, National Vulnerability Database, WPScan Vulnerability Database, etc.

PacketStorm

packetstormsecurity.com is an information security website offering current and historical computer security tools, exploits, and security advisories. It is operated by a group of security enthusiasts that publish new security information and offer tools for educational and testing purposes.

Vulners

vulners.com is a security database containing descriptions for a large amount of software vulnerabilities in a machine-readable format. Cross-references between bulletins and continuously updating database keep you abreast of the latest security threats.

Sploitus

sploitus.com is a convenient central place for identifying the newest exploits and finding attacks that exploit known vulnerabilities.