Well I've been debating about if and when I should make this post so I suppose now is a good time as any. Though it's still a work in progress and nothing is publicly available, we're attempting to put together a db of exploits that correlates with various ID's such as nessus, cve & bugtraq. The idea of this db is to eventually have all the code signed and tested by various members. As we all know for pen-testers it is sometimes tedious and time consuming searching for a particular vulnerability. It is equally frustrating for admins who regularly use v/a tools to have certain false/positives come up over & over and need to fully verify some how that a particular patch has been applied. Under both circumstances I'm hoping this db will help. There will be no charge for access to the db but some type of registration will be required. We're still working out the details to that. Essentially I'm hoping public participation from everyone will help keep it alive. Currently the db design is complete and we're almost done the interface for searching the db as well as an interface to add/manage it as well. Eventually our thoughts were to write a module for nessus that would have direct access to the db during a scan. Upon completion of the scan, the links to the exploits will be generated as part of the report. The project is slow going and I'm still looking for people to assist in the project. Anyone interested can contact me at darenat_private Any feed back would also be appreciated. http://www.securitynerds.org http://www.exploitcode.com Thanks //Daren On Mon, 2003-07-21 at 16:07, Frank Boldewin wrote: > canvas has some 0day exploits and i think it is worth a buy, > but another good product is core impact. > they made a good product full of reliable exploits, for the > latest bugs in major daemons. it's not very cheap, but worthy > for that what u might searching for. > > cheers, > frank > > > ----- Original Message ----- > From: "Jesse Bessette" <jesseat_private> > To: "Box" <mailboxat_private>; <pen-testat_private> > Sent: Monday, July 21, 2003 8:18 PM > Subject: Re: exploits, good exploits > > > > Im thinking that your looking for exploits to be delivered to you before > > they are delivered to anyone else??? Dont you think we all want that same > > thing?? > > > > Hackers, script kiddies and the like all subscribe to lists as well..They > to > > have exploits delivered to them as soon as there out in the wild..Get in > > line > > > > > > ----- Original Message ----- > > From: "Box" <mailboxat_private> > > To: <pen-testat_private> > > Sent: Sunday, July 21, 2002 10:12 AM > > Subject: exploits, good exploits > > > > > > > Hello, > > > > > > Maybe somebody knows commercial database/service or somthing, where is > > > posible to buy subscription for good (0day or somehting) exploits. > > > How i can find in free resources (SecuriTeam, pulhas, security focus and > > > others) it's only not very useful exploits (i don't speak about WebDav > and > > > MSSQLudp exploits). > > > > > > Only one way to get good exloits it's to trade in hackers IRC chanells? > > > > > > > > > Gabriel Rain, > > > StaForIT Security Consulting > > > > > > > > > > > > > > > > > > > > > > -------------------------------------------------------------------------- > > - > > > > -------------------------------------------------------------------------- > > -- > > > > > > > > > > > > -------------------------------------------------------------------------- > - > > -------------------------------------------------------------------------- > -- > > > > > --------------------------------------------------------------------------- > ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jul 22 2003 - 13:16:52 PDT