From: Daren Nowlan (daren@securitynerds.org)
Date: Mon Jul 21 2003 - 23:37:34 EDT
Well I've been debating about if and when I should make this post so I
suppose now is a good time as any.
Though it's still a work in progress and nothing is publicly available,
we're attempting to put together a db of exploits that correlates with
various ID's such as nessus, cve & bugtraq. The idea of this db is to
eventually have all the code signed and tested by various members.
As we all know for pen-testers it is sometimes tedious and time
consuming searching for a particular vulnerability. It is equally
frustrating for admins who regularly use v/a tools to have certain
false/positives come up over & over and need to fully verify some how
that a particular patch has been applied. Under both circumstances I'm
hoping this db will help.
There will be no charge for access to the db but some type of
registration will be required. We're still working out the details to
that. Essentially I'm hoping public participation from everyone will
help keep it alive.
Currently the db design is complete and we're almost done the interface
for searching the db as well as an interface to add/manage it as well.
Eventually our thoughts were to write a module for nessus that would
have direct access to the db during a scan. Upon completion of the scan,
the links to the exploits will be generated as part of the report.
The project is slow going and I'm still looking for people to assist in
the project. Anyone interested can contact me at
daren@securitynerds.org. Any feed back would also be appreciated.
http://www.securitynerds.org
http://www.exploitcode.com
Thanks
//Daren
On Mon, 2003-07-21 at 16:07, Frank Boldewin wrote:
> canvas has some 0day exploits and i think it is worth a buy,
> but another good product is core impact.
> they made a good product full of reliable exploits, for the
> latest bugs in major daemons. it's not very cheap, but worthy
> for that what u might searching for.
>
> cheers,
> frank
>
>
> ----- Original Message -----
> From: "Jesse Bessette" <jesse@ehagglers.com>
> To: "Box" <mailbox@freemail.lt>; <pen-test@securityfocus.com>
> Sent: Monday, July 21, 2003 8:18 PM
> Subject: Re: exploits, good exploits
>
>
> > Im thinking that your looking for exploits to be delivered to you before
> > they are delivered to anyone else??? Dont you think we all want that same
> > thing??
> >
> > Hackers, script kiddies and the like all subscribe to lists as well..They
> to
> > have exploits delivered to them as soon as there out in the wild..Get in
> > line
> >
> >
> > ----- Original Message -----
> > From: "Box" <mailbox@freemail.lt>
> > To: <pen-test@securityfocus.com>
> > Sent: Sunday, July 21, 2002 10:12 AM
> > Subject: exploits, good exploits
> >
> >
> > > Hello,
> > >
> > > Maybe somebody knows commercial database/service or somthing, where is
> > > posible to buy subscription for good (0day or somehting) exploits.
> > > How i can find in free resources (SecuriTeam, pulhas, security focus and
> > > others) it's only not very useful exploits (i don't speak about WebDav
> and
> > > MSSQLudp exploits).
> > >
> > > Only one way to get good exloits it's to trade in hackers IRC chanells?
> > >
> > >
> > > Gabriel Rain,
> > > StaForIT Security Consulting
> > >
> > >
> > >
> > >
> > >
> > >
> >
> > --------------------------------------------------------------------------
> > -
> >
> > --------------------------------------------------------------------------
> > --
> > >
> > >
> >
> >
> > --------------------------------------------------------------------------
> -
> > --------------------------------------------------------------------------
> --
> >
>
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:37 EDT