Website and mailing lists: any other suggestions would be very welcome.


Today i’m glad to share a list of OSINT sources focused on Exploits and Vulnerabilities search. Enjoy!

CVEdetails

“The ultimate security vulnerability datasource”

[embed]http://www.cvedetails.com/[/embed]


CVE.mitre

Common Vulnerabilities and Exposures is a dictionary of common names for publicly known cybersecurity vulnerabilities. CVE’s common identifiers make it easier to share data across separate network security databases and tools, and provide a baseline for evaluating the coverage of an organization’s security tools.

[embed]http://www.cvedetails.com/[/embed]


Full disclosure

A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community.

[embed]http://www.cvedetails.com/[/embed]


See bug

Open vulnerability platform based on vulnerability and PoC/Exp sharing communities. So far, it already has 50,000+ vulnerabilities and 40,000+ PoC/Exps.

https://www.seebug.org/


CXSecurity

Free vulnerability database

[embed]http://www.cvedetails.com/[/embed]


Inj3ct0r

“ Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals. 
Our aim is to collect exploits from submittals and various mailing lists and concentrate them in one, easy-to-navigate database.”

[embed]http://www.cvedetails.com/[/embed]


Packet Storm

Packet Storm provides around-the-clock information and tools in order to help mitigate both personal data and fiscal loss on a global scale. As new information surfaces, Packet Storm releases everything immediately through it’s RSS feeds, Twitter, and Facebook.

[embed]http://www.cvedetails.com/[/embed]


Exploit-db

Archive of Exploits, Shellcode, and Security Papers.

[embed]http://www.cvedetails.com/[/embed]


Vulnerability-lab

The Vulnerability Laboratory helps with the world’s first independent bug bounty hacker community. Leverage their skills and creativity to surface your critical vulnerabilities before criminals can exploit them.

[embed]http://www.cvedetails.com/[/embed]


Vulndb

Yearly archive of all vulnerabilities documented in the database.

https://vuldb.com/


Vulners

Vulners.com team is the group of security experts, ethical hackers and researchers who would like to bring usability of information security content to the new level.

[embed]http://www.cvedetails.com/[/embed]


Rapid7 DB

Archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review.

[embed]http://www.cvedetails.com/[/embed]


NIST

National Vulnerability Database

[embed]http://www.cvedetails.com/[/embed]


Security focus

“Since its inception in 1999, SecurityFocus has been a mainstay in the security community. From original news content to detailed technical papers and guest columnists, we’ve strived to be the community’s source for all things security related. SecurityFocus was formed with the idea that community needed a place to come together and share its collected wisdom and knowledge.”

[embed]http://www.cvedetails.com/[/embed]


Openwall mailing list

Open Source and information security mailing list archives

[embed]http://www.cvedetails.com/[/embed]


SecLists.Org Security Mailing List

“Any hacker will tell you that the latest news and exploits are not found on any web site — not even Insecure.Org.”

[embed]http://www.cvedetails.com/[/embed]


Debian Security Announcements Mailing list

Security advisories about Debian packages

[embed]http://www.cvedetails.com/[/embed]