maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
hacktricks/src/generic-hacking/search-exploits.md

52 lines
1.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 搜索漏洞
{{#include ../banners/hacktricks-training.md}}
### 浏览器
始终在“google”或其他地方搜索**\<service_name> \[version] exploit**
您还应该尝试 **shodan** **漏洞搜索** 从 [https://exploits.shodan.io/](https://exploits.shodan.io)。
### Searchsploit
用于从 **exploitdb** 控制台搜索服务漏洞。
```bash
#Searchsploit tricks
searchsploit "linux Kernel" #Example
searchsploit apache mod_ssl #Other example
searchsploit -m 7618 #Paste the exploit in current directory
searchsploit -p 7618[.c] #Show complete path
searchsploit -x 7618[.c] #Open vi to inspect the exploit
searchsploit --nmap file.xml #Search vulns inside an nmap xml result
```
### Pompem
[https://github.com/rfunix/Pompem](https://github.com/rfunix/Pompem) 是另一个搜索漏洞的工具
### MSF-Search
```bash
msf> search platform:windows port:135 target:XP type:exploit
```
### PacketStorm
如果没有找到任何内容,请尝试在 [https://packetstormsecurity.com/](https://packetstormsecurity.com) 中搜索使用的技术。
### Vulners
您还可以在 vulners 数据库中搜索: [https://vulners.com/](https://vulners.com)
### Sploitus
此工具在其他数据库中搜索漏洞: [https://sploitus.com/](https://sploitus.com)
### Sploitify
类似于 GTFOBins 的策划漏洞列表按漏洞类型本地权限提升、远程代码执行等、服务类型Web、SMB、SSH、RDP 等)、操作系统和实践实验室(链接到可以玩漏洞的机器)进行过滤: [https://sploitify.haxx.it](https://sploitify.haxx.it)
### search_vulns
search_vulns 使您能够搜索已知的漏洞和漏洞利用: [**https://search-vulns.com/**](https://search-vulns.com/)。它利用了各种数据源,如 NVD、Exploit-DB、GitHub 中的 PoC、GitHub 安全咨询数据库和 endoflife.date。
{{#include ../banners/hacktricks-training.md}}
Reference in New Issue View Git Blame Copy Permalink