Security Basics mailing list archives
Re: online searchable exploit code database?
From: krymson () gmail com
Date: 27 Nov 2006 19:45:26 -0000
Good questions, and I hope to see a lot of replies to this. 1. a searchable database of exploit code with detailed descriptions on what it does with vendor link etc. I couldn't find any, at least not any free ones. I think he is looking for something like a wikipedia of exploit code. This is difficult to get from vendors, even after they have patched their systems. They don't like publishing exploits that beat their own systems. Likewise, some sites/companies consider their exploits to be theirs, and not available to the general public. Instead, you pay huge amounts of money to utilize tools that utilize their exploits. :) But there are ways to get exploits from the web anyway, although you're usually at the mercy of the authors on whether they comment/document the code properly or not. Start out with Vuln databases which usually have links to more info: http://osvdb.org/ http://nvd.nist.gov/ And some popular exploit/vuln sites that contain code: http://www.milw0rm.com/ http://www.secunia.com/ http://www.securiteam.com/ http://www.offensivecomputing.net/ (I think this one has some, I'm at work and can't get to this site right now...) 2. a blogging community for security professionals. kind of like myspace or blogger.com but specialized for security professionals ( even a blog directory would be a good start already I think) This is difficult right now, but you can check http://www.ittoolbox.com for some security guys. Joatblog has a really nice list of links. http://www.bloglines.com/public/joat Richard at TaoSecurity also publishes a list at bloglines: http://www.bloglines.com/public/TaoSecurity My best suggestion: take an afternoon and just follow links to other blogs, click their links, and so on and amass a nice clutch of sites to regularly check or run in your RSS reader. Then tailor what works for you and which are useless. :) I have my own personal site with links, but I don't want to publish it here. 3. a collection of security publications in various formats (like SANS reading room but where anyone can submit a paper for free.) Let me see if I can find some things you might be looking for here. This is also not as big as it could be, but a lot of security stuff bleeds into networking and general IT sites as well. http://www.infosecwriters.com/ http://secgeeks.infys.net/ http://www.darkreading.com/ http://www.howtoforge.com/ http://www.techtutorials.net/ I hope this at least helps a little bit and gives you some examples. I know there are more out there, both what I don't know about and what I know about in my lists of links but am not recalling right at this moment. Good luck, and if you start up anything, please let us know about it!
Current thread:
- online searchable exploit code database? Florian Rommel (Nov 27)
- <Possible follow-ups>
- Re: online searchable exploit code database? krymson (Nov 27)
- Re: online searchable exploit code database? Suchomsky Dennis (Nov 28)
- Re: Re: online searchable exploit code database? pratiksha . doshi (Nov 28)