Known Vulnerabilities

Once you hear about a new exploit you will need to quickly find a POC for it and start mass scanning all of your targets for that vulnerability.

There are only three steps when using this approach:

1. Determine your target tech stack.

2. Search for any vulnerabilities in that tech stack.

3. Run the exploits.

Identifying technologies

1. Wappalyzer

2. Powered By

Identifying the vulnerabilities

1. Google

Try typing the following search queries into Google:

• <TECHNOLOGY> <VERSION> vulnerabilities

• <TECHNOLOGY> <VERSION> exploits

1. ExploitDB

ExploitDB provides us with the proof of concept(POC) code as well.

• Online: https://www.exploit-db.com/

• CL: https://gitlab.com/exploit-database/exploitdb

--> searchsploit “name of technology”

1. CVE

To exploit a CVE you need the proof of concept(POC) exploit code, without that you're stuck.

• https://nvd.nist.gov/vuln/search

Finding the POC

1. Github

2. ExploitDB

Exploitation

Run the exploit on your target and review the results to see if they are vulnerable or not.