Where do you get your exploits from?


Quick background example :
You are playing in a time limited CTF, or doing a pentest.
You need a working exploit, and you don’t have time to write and test one yourself.
Which site(s) do you get it from ?

Let me start by sharing the ones I use :


(EternalEclipse) #2

Exploit-DB and Metasploit, but honestly just Google.
After that I try to find the bug and understand it myself for practical reasons actually, exploits you find off the Internet are usually badly coded and unstable (if they even run), even when the versions match exactly you have like 75% of something going wrong.

1 Like

(Leader & Offsec Engineer & Forum Daddy) #3

https://sploitus.com/ Is really good.

It searches a bunch of different repositories. You should check out GitHub too if you’re really struggling.

Another tip, is when you’re searching software versions, just include the main version, so if it’s 2.4.23, just search “Software 2.4” or as high level as possible. The reason for this is that some exploits are named with > or < symbols, which your search engine might not understand.



Thanks, I didn’t know sploitus :smiley:

1 Like

(fxbg) #5

Every one of those and more, mostly just google



I find them myself when I am bored toying with someone software or company :slight_smile:


(Leader & Offsec Engineer & Forum Daddy) closed #7

This topic was automatically closed after 2 days. New replies are no longer allowed.