Locating Public Exploits

Online Exploit Resources

Exploit Database

https://www.exploit-db.com

Designed to let users quickly find info they are looking for.

Security Focus

https://www.securityfocus.com

Vulnerability Database, doesn’t usually contain proof of concept.

Packet Storm

https://packetstormsecutiry.com

There is also secutiry tools.

Google Search Operators

:inurl

:intext

:intitle

Offline Exploit Resources

SearchSploit

update package usually with apt

sudo apt update && sudo apt -y install exploitdb

stored in /usr/share/exploitdb

searchsploit
searchsploit remote smb microsoft windows

Nmap NSE Scripts

/usr/share/nmap/scripts

nmap --script-help=clamav-exec.nse for description

The Browser Exploitation Framework (BeFF)

sudo beef-xss
# then login to the framework with browser

Metasploit Framework

sudo msfconsole -q
 
# list vulnerability
search ms08_067
search -h		# show all options

All Together

Search for the what services is exposed to the network

sudo nmap 10.11.0.128 -p- -sV -vv --open --reason
# -p- scan all tcp ports
# -sV -vv Version Detection
# --open --reason display only open ports and reason for port state
 
# Found james: an apache enterprise mail server

Locate Vulnerabiliity

searchsploit james
# found an exploit with the same version

HK Blog

Explorer