Alternatives to FrSIRT – Where to Download Exploits?

Outsmart Malicious Hackers


Since FrSIRT closed it’s public archives and starting charging for access (blaming it on French laws…), people have been wondering where they can their dose of Exploits..For legitimate purposes obviously.

Security Forest

The most comprehensive collection in my opinion comes from SecurityForest. They also have a BETA exploitation framework in development, something like a Metasploit, but with a much larger range of exploits.

The part of SecurityForest you need to look at is the Exploit Tree.

I love the way it works, as it’s based on CVS, so you just download whatever you don’t have everytime you update.

The ExploitTree is a categorized collection of ALL available exploit code. ExploitTree’s ambition is to become the most organized, rich and up-to-date exploit repository on the internet. The ExploitTree is based on CVS (Concurrent Versioning System) and therefore allows the user to keep an up-to-date offline mirror of the repository on their hard drive. When an ExploitTree Administrator updates their local copy with a new/updated exploit, it updates the repository and keeps everyone else up-to-date. Furthermore, a web interface for web browsing is available.

It is a really impressive collection and very well categorised. It works fine on both Windows and *nix based systems. You can also browse online here.

milw0rm

milw0rm is less mainstream and started out as a personal site, but has grown into a comprehensive and well organised archive of exploits.

It can be organised various ways, by platform, by port, for PHP, for ASP etc.

Securiteam

Securiteam is quite commercial, but has an archive of verified exploits – going back to 1998, verified by their own team of ‘experts’. Note however Securiteam isn’t greatly liked on lists such as Full Disclosure (mostly for spamming their blog).

Securiteam Exploits Archive.

SecuriTeam™ is a group within Beyond Security® dedicated to bringing you the latest news and utilities in computer security.

Having experience as Security Specialists, Programmers and System Administrators we appreciate your need for a “Security Portal” – A central Security web site containing all the newest security information from various mailing lists, hacker channels and our own tools and knowledge.

Packetstorm

Packetstorm is one of the oldest sites, and has a reasonbly good archive of exploits.

Packetstorm Exploits

It goes back to about 1998 too.

Packet Storm offers an abundant resource of up-to-date and historical security tools, exploits, and advisories. We are a non-profit organization comprised of security professionals that are dedicated to providing the information necessary to secure networks on a global scale. We accomplish this goal by publishing new security information on a global network of websites.

Others

You can also check out:

Government Security Archive
Secwatch
Hackers Playground

Various

You can find the odd private archives online too, but they tend to go up and down, and sometimes when you have something specific in mind, it’s just best to hit Google and Google Groups to mine it out.

Don’t forget the good stuff like Google Hacking too.

Plus the Security and Hacking LiveCD’s have quite a lot of compiled & working exploits inside too.

Digg This Article

Learn about Exploits/Vulnerabilities



Posted in: Exploits/Vulnerabilities, Hacking Tools

, ,

Latest Posts:


AWSBucketDump - AWS S3 Security Scanning Tool AWSBucketDump – AWS S3 Security Scanning Tool
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files.
nbtscan Download - NetBIOS Scanner For Windows & Linux nbtscan Download – NetBIOS Scanner For Windows & Linux
nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network.
Equifax Data Breach - Hack Due To Missed Apache Patch Equifax Data Breach – Hack Due To Missed Apache Patch
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
Seth - RDP Man In The Middle Attack Tool Seth – RDP Man In The Middle Attack Tool
Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection to extract clear text creds
dcrawl - Web Crawler For Unique Domains dcrawl – Web Crawler For Unique Domains
dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names. It will branch out indefinitely.
Time Warner Hacked - AWS Config Exposes 4M Subscribers Time Warner Hacked – AWS Config Exposes 4M Subscribers
What's the latest on the web, Time Warner Hacked is what it's about now as a bad AWS S3 config (once again) exposes the details of approximately 4M subs.


8 Responses to Time Warner Hacked – AWS Config Exposes 4M Subscribers

  1. engineer September 7, 2017 at 9:36 pm #

    By default S3 buckets are not public.

    • Darknet September 7, 2017 at 9:59 pm #

      They used to be IIRC, but I could be wrong, well I guess more accurately the easiest way to get access to it programmatically is just to set it to public.

    • Engineer S September 10, 2017 at 10:09 pm #

      Yes, it had to be configured to be open to the web.  This story is not really about AWS.  It’s about bad IT controls and careless engineering.

      I wouldn’t even call this a hack, if it’s left open to the public.

  2. Alan M September 8, 2017 at 8:15 am #

    Broadsoft was responsible for exposing the Time Warner Cable (TWC) data. Time Warner (TC) is an entirely separate entity (TC does NOT = TWC).

    • Darknet September 8, 2017 at 3:48 pm #

      Hey thanks for that clarification Alan.

  3. Tracie September 8, 2017 at 8:17 pm #

    Also time Warner cable is no longer TWC . it is now spectrum.

  4. Ryan Dymek September 8, 2017 at 8:29 pm #

    Buckets have zero access beyond the creator. “Easiest way to grant access is to make it public”… that same statement applies to a cisco firewall in an onprem enterprise. And allow any rule is simple but terribly wrong. IAM or bucket policies are no more complex than any enterprise grade firewall. Lets not excuse the behavior of the admin due to ignorance.

    • Darknet September 8, 2017 at 9:22 pm #

      Not excusing it, just saying it happens that way, same reason by MongoDB worked out of the box with no auth and listening on every interface. Not ideal, but a lot of things are done in the name of ease and speed of deployment rather than looking at it with an eye on risk and the repercussions.

Leave a Reply