Re: exploits, good exploits
From: H D Moore (sflist_at_digitaloffense.net)
Date: 07/22/03
- Previous message: Alfred Huger: "New Articles on SecurityFocus"
- In reply to: Daren Nowlan: "Re: exploits, good exploits"
- Next in thread: dave_at_immunitysec.com: "Re: exploits, good exploits"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: pen-test@securityfocus.com, Daren Nowlan <daren@securitynerds.org> Date: Tue, 22 Jul 2003 15:37:25 -0500
The OSVDB (www.osvdb.org) project maintains an exploit code repository for
the vulnerabilities in the database. The exploit URL is simply another
type of external reference and is directly linked to each vulnerability.
We support dozens of references types, with support for most of the common
ones (CVE, Snort, Nessus, BID, etc). The ibiblio.org guys have agreed to
host the primary repository and the archive is being built as
vulnerabilities are added and approved. The entire database is available
for free, including the exploit archive itself. The first stable release
is due sometime in the next couple months, development versions are
available by request.
The primary goal of the OSVDB project was to consolidate the database and
exploit management efforts that are required for any given company or
individual to perform assessments and penetration testing. The more help
we get reviewing vulnerabilities, moderating entries, and organizing
exploits, the easier job everyone else will have :)
If you are interested in helping out with the OSVDB or are working on a
similar project and would like to use our data (or even contribute some),
send an email to either myself or Forrest Rae (fbr [at] 14x.net).
-HD
On Monday 21 July 2003 10:37 pm, Daren Nowlan wrote:
> Well I've been debating about if and when I should make this post so I
> suppose now is a good time as any.
>
> Currently the db design is complete and we're almost done the interface
> for searching the db as well as an interface to add/manage it as well.
> Eventually our thoughts were to write a module for nessus that would
> have direct access to the db during a scan. Upon completion of the
> scan, the links to the exploits will be generated as part of the
> report.
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Alfred Huger: "New Articles on SecurityFocus"
- In reply to: Daren Nowlan: "Re: exploits, good exploits"
- Next in thread: dave_at_immunitysec.com: "Re: exploits, good exploits"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
