Skip to content
nichrome.xyz

Exploit Databases & CVEs

CVE System

Section titled “CVE System”

CVE (Common Vulnerabilities and Exposures) — a standardized ID for publicly known vulnerabilities. Format: CVE-YEAR-NUMBER (e.g. CVE-2021-44228 for Log4Shell).

FieldMeaning
CVE IDUnique identifier
DescriptionWhat the vulnerability is
CVSS ScoreSeverity (0–10). Critical: 9.0+, High: 7.0–8.9, Medium: 4.0–6.9, Low: 0.1–3.9
Affected ProductsCPE identifiers for vulnerable software/hardware
ReferencesLinks to advisories, patches, exploits

Key Resources

Section titled “Key Resources”

Vulnerability databases

Section titled “Vulnerability databases”
ResourceURLBest for
NVD (NIST)nvd.nist.govOfficial CVE details, CVSS scores, CPE matching
CVE.orgcve.orgCVE ID lookup, CNA (assigner) info
MITRE CVEcve.mitre.orgOriginal CVE list, legacy lookup
CVEDetailscvedetails.comBrowse by vendor/product, statistics, charts
VulnDBvuldb.comCommunity-driven, good for quick lookups

Exploit databases

Section titled “Exploit databases”
ResourceURLBest for
Exploit-DBexploit-db.comCurated exploit archive, searchable by CVE/product
SearchSploitCLI for Exploit-DB (offline)Local exploit search (ships with Kali)
GitHubSearch for CVE IDsPoC exploits, tools, analysis
Packet Stormpacketstormsecurity.comExploits, advisories, tools

Advisory feeds

Section titled “Advisory feeds”
ResourceURLBest for
CISA KEVcisa.gov/known-exploited-vulnerabilitiesActively exploited vulns — high signal
Vendor advisories(per vendor)Microsoft, Ubuntu, Red Hat, Apache, etc. publish their own

SearchSploit (Exploit-DB CLI)

Section titled “SearchSploit (Exploit-DB CLI)”

Included in Kali. Searches a local mirror of Exploit-DB.

Terminal window
# Search by product
searchsploit apache 2.4


# Search by CVE
searchsploit CVE-2021-41773


# Copy exploit to current directory
searchsploit -m 50383


# Update the database
searchsploit -u


# Show full path to exploit file
searchsploit -p 50383

Output columns: Title, Path (to the exploit file on disk).

Workflow: From Version to Exploit

Section titled “Workflow: From Version to Exploit”
  1. Identify service versionnmap -sV, banner grab, HTTP headers
  2. Search CVE databases — NVD, CVEDetails by product + version
  3. Check for exploits — SearchSploit, Exploit-DB, GitHub CVE-XXXX-XXXXX
  4. Read the advisory — understand the vuln, affected versions, patch status
  5. Find PoC — Exploit-DB, GitHub, Packet Storm
  6. Verify — test in a controlled environment, not production
Section titled “Links”