hi i rain openvas and i found several vulnerability, each vulnerability has a cve … but i dont know how use a cve to find an exploit ?
by the way thanx for help …
sorry for my english i’m french.
Hi and welcome,
first of all the exploit has to be available to the public. On many occasions you will find that the researchers didn’t disclose the proof-of-concept / exploit to the public. However if there is such an exploit available, there is a good chance that you will find it either on exploit-db (here is an example) or in a github repo, for example like this.
These were just some random, arbitrary examples. Most of the time you can check out the National Vulnerability Database, as they gather all CVEs and provide a list of references of each vulnerability, which might even include an available exploit or proof-of-concept, like so.
You see, there are many places to look for when you start digging a bit. Now you just have to pick up your shovel.
Cheers,
Ad
2 Likes
thanx There is no a method, i have to search each exploit on Google ?
Hello,
the main purpose of GVM and other Greenbone products is to identify vulnerabilities in your system in order to fix or mitigate those vulnerabilities. When you are targeting your own system, feel free to do as you please apart from that. Be aware, though, that Greenbone does not support or condone any illicit use of its products.
As for your question, you don’t necessarily have to use Google. There are alternatives like DuckDuckGo, Startpage, Search Encrypt and many more. You will also find that in the vulnerability details of a report there are often links that either provide more information about the detected vulnerability or even a Proof of Concept.
Hope that helps.
Best regards,
JP
3 Likes
Mate ! Use Metasploit Framework, once started you can use the search by cve like this.
search type:exploit platform:windows/linux/etc… cve:the_cve_number
1 Like