Alternatives to FrSIRT – Where to Download Exploits?

The New Acunetix V12 Engine


Since FrSIRT closed it’s public archives and starting charging for access (blaming it on French laws…), people have been wondering where they can their dose of Exploits..For legitimate purposes obviously.

Security Forest

The most comprehensive collection in my opinion comes from SecurityForest. They also have a BETA exploitation framework in development, something like a Metasploit, but with a much larger range of exploits.

The part of SecurityForest you need to look at is the Exploit Tree.

I love the way it works, as it’s based on CVS, so you just download whatever you don’t have everytime you update.

The ExploitTree is a categorized collection of ALL available exploit code. ExploitTree’s ambition is to become the most organized, rich and up-to-date exploit repository on the internet. The ExploitTree is based on CVS (Concurrent Versioning System) and therefore allows the user to keep an up-to-date offline mirror of the repository on their hard drive. When an ExploitTree Administrator updates their local copy with a new/updated exploit, it updates the repository and keeps everyone else up-to-date. Furthermore, a web interface for web browsing is available.

It is a really impressive collection and very well categorised. It works fine on both Windows and *nix based systems. You can also browse online here.

milw0rm

milw0rm is less mainstream and started out as a personal site, but has grown into a comprehensive and well organised archive of exploits.

It can be organised various ways, by platform, by port, for PHP, for ASP etc.

Securiteam

Securiteam is quite commercial, but has an archive of verified exploits – going back to 1998, verified by their own team of ‘experts’. Note however Securiteam isn’t greatly liked on lists such as Full Disclosure (mostly for spamming their blog).

Securiteam Exploits Archive.

SecuriTeam™ is a group within Beyond Security® dedicated to bringing you the latest news and utilities in computer security.

Having experience as Security Specialists, Programmers and System Administrators we appreciate your need for a “Security Portal” – A central Security web site containing all the newest security information from various mailing lists, hacker channels and our own tools and knowledge.

Packetstorm

Packetstorm is one of the oldest sites, and has a reasonbly good archive of exploits.

Packetstorm Exploits

It goes back to about 1998 too.

Packet Storm offers an abundant resource of up-to-date and historical security tools, exploits, and advisories. We are a non-profit organization comprised of security professionals that are dedicated to providing the information necessary to secure networks on a global scale. We accomplish this goal by publishing new security information on a global network of websites.

Others

You can also check out:

Government Security Archive
Secwatch
Hackers Playground

Various

You can find the odd private archives online too, but they tend to go up and down, and sometimes when you have something specific in mind, it’s just best to hit Google and Google Groups to mine it out.

Don’t forget the good stuff like Google Hacking too.

Plus the Security and Hacking LiveCD’s have quite a lot of compiled & working exploits inside too.

Digg This Article

Posted in: Exploits/Vulnerabilities, Hacking Tools

, ,


Latest Posts:


Four Year Old libSSH Bug Leaves Servers Wide Open Four Year Old libssh Bug Leaves Servers Wide Open
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn't that big as neither OpenSSH or the GitHub implementation are affected.
CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.
How To Recover When Your Website Got Hacked How To Recover When Your Website Got Hacked
The array of easily available Hacking Tools out there now is astounding, combined with self-propagating malware, people often come to me when their website got hacked and they don't know what to do, or even where to start.
HTTrack - Website Downloader Copier & Site Ripper Download HTTrack – Website Downloader Copier & Site Ripper Download
HTTrack is a free and easy-to-use offline browser utility which acts as a website downloader and a site ripper for copying websites and downloading them for offline viewing.
sshLooter - Script To Steal SSH Passwords sshLooter – Script To Steal SSH Passwords
sshLooter is a Python script using a PAM module to steal SSH passwords by logging the password and notifying the admin of the script via Telegram when a user logs in.
Intercepter-NG - Android App For Hacking Intercepter-NG – Android App For Hacking
Intercepter-NG is a multi functional network toolkit including an Android app for hacking, the main purpose is to recover interesting data from the network stream and perform different kinds of MiTM attacks.


3 Responses to Alternatives to FrSIRT – Where to Download Exploits?

  1. st3f April 26, 2006 at 9:12 am #

    Damn… I was gonna suggest checking the live CDs but you spoiled it at last line… bastard. Great post though!

  2. Darknet April 27, 2006 at 2:38 am #

    st3f: Yah I’m on it man, got in there before yeh!

  3. Dave April 27, 2006 at 10:51 am #

    Here are a couple more links:

    http://elsenot.com/
    http://www.hack.co.za/

    cheers,