Exploits Back

Security related information and use within the scope of pentesting


Exploits

An exploit is a peace of data (mostly written in Python/Ruby) that takes advantage of exploiting a bug or vulnerability automatically. There are several methods of classifying exploits. The most common is: remote exploit (works over a network) and local exploit (requires prior access to the vulnerable system; usually increases the privileges of the current user) [1].


Online database

There are several online sources which are collecting exploits, but my current favorite is Sploitus.
It's a quite new project by twitter.com/i_bo0om which allows to search for exploits and tools based on different online databases like):

  • Metasploit FW, EDB, Seebug, 1337day, Packetstorm
  • Github (tools)

I've build a Python wrapper for using the search-function locally:

[email protected]:~$ python3 sploitus.py joomla
[!] Sploitus made by @i_bo0om | Full result: https://sploitus.com/?query=joomla#exploits
[!] Found: 200 results
---
    "Joomla Media Manager File Upload Vulnerability"
    https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/joomla_media_upload_exec.rb
    Published: 2013-08-13
[..]

Source: https://sploitus.com
Python wrapper: https://github.com/si9int/sploitus.py