## Online Exploit Resources ### Exploit Database https://www.exploit-db.com Designed to let users quickly find info they are looking for. ### Security Focus https://www.securityfocus.com Vulnerability Database, doesn't usually contain proof of concept. ### Packet Storm https://packetstormsecutiry.com There is also secutiry tools. ### Google Search Operators :inurl :intext :intitle ## Offline Exploit Resources ### SearchSploit update package usually with apt ```bash sudo apt update && sudo apt -y install exploitdb ``` stored in `/usr/share/exploitdb` ```bash searchsploit searchsploit remote smb microsoft windows ``` ### Nmap NSE Scripts `/usr/share/nmap/scripts` `nmap --script-help=clamav-exec.nse` for description ### The Browser Exploitation Framework (BeFF) ```bash sudo beef-xss # then login to the framework with browser ``` ### Metasploit Framework ```bash sudo msfconsole -q # list vulnerability search ms08_067 search -h # show all options ``` ## All Together ### Search for the what services is exposed to the network ```bash sudo nmap 10.11.0.128 -p- -sV -vv --open --reason # -p- scan all tcp ports # -sV -vv Version Detection # --open --reason display only open ports and reason for port state # Found james: an apache enterprise mail server ``` ### Locate Vulnerabiliity ```bash searchsploit james # found an exploit with the same version ```