OSINT #6 – Exploit Database

Now for something slightly different. We’ve spent a few weeks looking at individual and collective OSINT tools, but we’re going to really step up our breakdown with one of the simplest tools available right now – Exploit Database and Google Dorks. If you’re the kind of person who is into the advances of technological privacy, you might raise an eyebrow at this tool: using Google requires us to surrender a lot of data and a small but growing movement is starting to turn against the company which is almost synonymous with the internet. 

The simple fact is that there is no better large-scale database than Google. Using Google to understand and take down the adversary is a good plan because all of the data they collect can instantly be turned against threat actors. A new exploit? Google knows about it. Malicious shellcodes? Google knows about it. A blog post about juicy information that only three people will read? Google knows about it. 

Even if you’re concerned about how your personal data is used by megacorporations like Google, forming an unholy alliance with the world’s biggest database isn’t a bad idea when hacking and ransomware are the other option. 

Using Exploit Database 

There’s something brilliant about the simplicity of a majority of OSINT tools, isn’t there? Exploit Database hasn’t changed this trend; the layout is simple, navigating isn’t an issue, but dealing with sheer amount of data contained within this simple web app can be a challenge. That’s why we’ve not just told you that it’s good, but also put together a short guide on how to navigate the Exploit Database resources.

Before we get started, we should probably look at the term dorking first. 

The history of Google Dorks 

Dorking is when the adversary uses Google to gain information. It’s a pretty broad term, but Google’s collecting and systemizing powers are really like a free gift to a would-be hacker. Using the search engine in an intelligent way can lead to all kinds of data which quickly becomes a major source of inspiration. 

For a full breakdown of how to launch your own dorking campaign (purely for research purposes, I’m sure), check out this website.

Using Exploit Database 

Because manually dorking can be quite an arduous task, the Exploit Database website is a much better and more convenient tool for cybersecurity professionals. As we already know, the interface is clean and simple, but we need to be intelligent with how we navigate the content. 

  1. Navigate to Exploit Database 

You can find Exploit Database at www.exploit-db.com. This is our basic tool for finding out new threats as they emerge. You will find the Google Hacking Database (GHDB) by default on the website, but that’s only a fraction of what the database has to offer. 

  1. Exploits 

In the right-hand side dock, you will find a number of buttons. The top one is for exploits, which are updated as they are found through dorking. By clicking on the links, you are given as much information as possible about the exploint, including: 

  • CVE number 
  • Whether it is verified by the Exploit Database platform 
  • Which platform it affects 
  • Date of discovery 
  • Any vulnerable apps 

If you have time to spare, you can dig through the exploit code that is also posted underneath. This is particularly useful for people working in pentesting who need to understand the ins and outs of exploits as they become noticed. 

  1. GHDB

Under the exploit tab, you can find the Google Hacking Database. This is a much more reduced version of the above, mainly focusing on “files containing juicy info”, “pages containing login portals”, and “sensitive directories”, to quote a few of the categories posted to the database. 

If you haven’t figured it out by now, this is the central use of Exploit Database – the adversary has all this information readily available, so you should too! 

  1. Research 

For people who are feeling a little more academic, Exploit Database has a section on Security Papers that covers a wide range of topics in various languages. If you have some free time and the will for a bit of theoretical learning, this section is a goldmine of insight. 

  1. Shellcodes 

The final button on the Exploit Database homepage is the shellcodes section. This allows you to search for specific shellcodes for all major platform. 

In addition to these four key areas, you can also search the exploit database, the searchsploit manual, and make submissions. If you’re feeling like you need a bit of personal development, they even offer online training for people trying to get into penetration testing. 

As always, exploit database isn’t a silver bullet for all your cybersecurity needs. But it does have a wide-ranging toolkit that will help you to understand the changes in the threat landscapes and adapt accordingly.  

Thank you for listening to the secpro this week – if you’d like to suggest topics or offer an article, reply to the survey in the newsletter and we will get back to you as soon as possible. You might even win a free Packt ebook as a thank you for helping us understand what the community wants. Cheers and see you next week. 

Stay up to date with the latest threats

Our newsletter is packed with analysis of trending threats and attacks, practical tutorials, hands-on labs, and actionable content. No spam. No jibber jabber.