Re: online searchable exploit code database?

[krymson () gmail com]

Good questions, and I hope to see a lot of replies to this.

1. a searchable database of exploit code with detailed descriptions on what it does with vendor link etc. I couldn't 
find any, at least not any free ones. I think he is looking for something like a wikipedia of exploit code.

This is difficult to get from vendors, even after they have patched their systems. They don't like publishing exploits 
that beat their own systems. Likewise, some sites/companies consider their exploits to be theirs, and not available to 
the general public. Instead, you pay huge amounts of money to utilize tools that utilize their exploits. :)

But there are ways to get exploits from the web anyway, although you're usually at the mercy of the authors on whether 
they comment/document the code properly or not.

Start out with Vuln databases which usually have links to more info:
http://osvdb.org/
http://nvd.nist.gov/

And some popular exploit/vuln sites that contain code:
http://www.milw0rm.com/
http://www.secunia.com/
http://www.securiteam.com/
http://www.offensivecomputing.net/ (I think this one has some, I'm at work and can't get to this site right now...)


2. a blogging community for security professionals. kind of like myspace or blogger.com but specialized for security 
professionals ( even a blog directory would be a good start already I think)

This is difficult right now, but you can check http://www.ittoolbox.com for some security guys.

Joatblog has a really nice list of links. http://www.bloglines.com/public/joat
Richard at TaoSecurity also publishes a list at bloglines: http://www.bloglines.com/public/TaoSecurity

My best suggestion: take an afternoon and just follow links to other blogs, click their links, and so on and amass a 
nice clutch of sites to regularly check or run in your RSS reader. Then tailor what works for you and which are 
useless. :) I have my own personal site with links, but I don't want to publish it here.

3. a collection of security publications in various formats (like SANS reading room but where anyone can submit a paper 
for free.)

Let me see if I can find some things you might be looking for here. This is also not as big as it could be, but a lot 
of security stuff bleeds into networking and general IT sites as well.

http://www.infosecwriters.com/
http://secgeeks.infys.net/
http://www.darkreading.com/
http://www.howtoforge.com/
http://www.techtutorials.net/

I hope this at least helps a little bit and gives you some examples. I know there are more out there, both what I don't 
know about and what I know about in my lists of links but am not recalling right at this moment. Good luck, and if you 
start up anything, please let us know about it!