Skip main navigation

ExploitDB

Exploit Database (ExploitDB) is an archive of exploits for the purpose of public security, and it explains what can be found on the database.
6.5
In this video, we’re going to be talking about the Exploit Database, or Exploit DB. Now, the Exploit Database is a pretty interesting system that’s used by both pen testers, network security professionals, and also unethical hackers. So to quote Offensive Security, “The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Our aim is to serve the most comprehensive collection of exploits gathered through direct submissions, mailing lists, as well as other public sources and then present them in a freely-available and easy-to-navigate database. The Export Database is a repository of exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.”
67.3
Offensive Security. Now what exactly can you find there? Well, as the description provided, you can actually find CVE, or Common Vulnerabilities and Exposures, exploits. And these are typically exploits that are found and categorised. You could also find the Google Hacking Database, also known as Google Dorks, which are advanced Google Search operators that not too many people seem to know about. But it’s actually a pretty powerful tool if you know the right queries to send through Google. You could also find shellcodes, security papers, and other exploits listed on the site. So let’s take a look at the website itself. So the website is exploit-db.com.
117.7
And if you go through the top here, you could actually see the different types of exploits that you can search through - platforms, if there’s an author that you know that found an exploit that you want to search from, ports, tags. This example here, we pulled up webapps for Android. And we could see different exploits here. And then you can actually go ahead and click through there and get more information on it.
152.2
And on the main page you could find various proof-of-concept, PoCs - again, authors. If you click on any of them, you can see whether it’s been verified, if it was assigned a CVE number, who found it or reported it at least, the type - this particular one’s a web app - which platform it’s vulnerable on, and also the date. And in here, you can actually see the actual information and the proof-of-concept, the actual exploit. And this also could tie into things like Metasploit.
197.4
Now, if we keep going through here, we could actually go to the GHDB, or Google Hacking Database. And again, these are all advanced search operators for Google. So these can do a variety of things.
211.2
And as we can see, this is an actual search string inurl:wp content/plugins/safe.svg.
223.2
And we see the category - Accessories of Vulnerabilities - and the author. And if we kind of look through the categories here, we could see Footholds, Sensitive Directories, Various Online Devices, and so on, and so on. So if you’re going to do a Google Dork, you can simply just open up Google and copy and paste one of these search strings here to actually find that relevant information.
252
And in here, you can see the Google Hacking Database ID, the author, and the actual Dork description here. And this is actually the string that you would use.
265.4
Now, Papers, if we click through here, we can actually see different security papers that are written, platform, language. And under Shellcode, we can see the different types of shellcodes. And of course, we can just click on and see the vulnerability, the ID, the author, the type, and the platform. And of course, we could actually see the actual exploit itself.
290.3
And we also have different manuals on the site. And these, again, are all free resources. This is why it’s a great resource both for penetration testers, security professionals, and also why malicious hackers will like this type of site and oftentimes will reference it. So wrapping up, Exploit Database is a free resource provided by Offensive Security for pen testers and also security professionals. But it’s also a go-to resource for malicious hackers. The database has a large repository of exploits and Google Dorks in an easy to search database.
328.5
Now, the reason this is important is, while malicious hackers tend to use this type of resource to explore potential security issues, we could also use this to check for our own vulnerabilities - say, for running a Apache web server. We can look on the Exploit DB, and we could put our version of Apache in there and see what type of vulnerabilities are coming up on there in order to create a better awareness. And we can potentially patch or mitigate certain issues. Or we could even test these issues if we’re doing a pen test in our own network to test how secure it is. So again, this is Exploit DB. It’s a free resource from Offensive Security.

Exploit Database (ExploitDB) is an archive of exploits for the purpose of public security, and it explains what can be found on the database.

The ExploitDB is a very useful resource for identifying possible weaknesses in your network and for staying up to date on current attacks occurring in other networks. This archive allows us to learn more about hackers’ methods and increase our own security accordingly.

Over to you: Go to the ExploitDB website and explore the options. Select a file and get more information on that specific case.

Prepare for your test of the week!

You have now completed the new content for this week, and in the next step you will complete your test of the week! The test is going to assess your understanding of what you have learned within this past week of the course.

Remember, you do not have to take the test until you’re ready. To help you prepare you might wish to spend some time refreshing your understanding of the contents of the past week.

You may wish to reflect on the Learning Outcomes introduced at the beginning of the week and make sure you are comfortable that you have met the requirements of each. Take some time to review your learning to help you prepare

This article is from the free online

Advanced Cyber Security Training: Network Security

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education