The OSVDB (www.osvdb.org) project maintains an exploit code repository for the vulnerabilities in the database. The exploit URL is simply another type of external reference and is directly linked to each vulnerability. We support dozens of references types, with support for most of the common ones (CVE, Snort, Nessus, BID, etc). The ibiblio.org guys have agreed to host the primary repository and the archive is being built as vulnerabilities are added and approved. The entire database is available for free, including the exploit archive itself. The first stable release is due sometime in the next couple months, development versions are available by request. The primary goal of the OSVDB project was to consolidate the database and exploit management efforts that are required for any given company or individual to perform assessments and penetration testing. The more help we get reviewing vulnerabilities, moderating entries, and organizing exploits, the easier job everyone else will have :) If you are interested in helping out with the OSVDB or are working on a similar project and would like to use our data (or even contribute some), send an email to either myself or Forrest Rae (fbr [at] 14x.net). -HD On Monday 21 July 2003 10:37 pm, Daren Nowlan wrote: > Well I've been debating about if and when I should make this post so I > suppose now is a good time as any. > > Currently the db design is complete and we're almost done the interface > for searching the db as well as an interface to add/manage it as well. > Eventually our thoughts were to write a module for nessus that would > have direct access to the db during a scan. Upon completion of the > scan, the links to the exploits will be generated as part of the > report. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jul 22 2003 - 15:35:31 PDT