Vulnerability Search

Take a look at the new Vulnerability Search. It is a Google Custom Search configured to search over 20 of the top vulnerability, advisory, and exploit databases. This was setup to save time when penetration testing and offers an alternative to separately searching Exploit-DB, CVE Details, etc.

It is configured to search:
CVE Details, Exploit-DB, CERT, MITRE, NIST, SecurityFocus, ExploitHub, PacketStorm, Secunia, Defcon, Blackhat, SecurityTube, Rapid7, Metasploit, WPVulnDB,, LWN vulnerabilities (Linux Weekly News), SensioLabs, Tenable (Nessus), Varutra MVD (Mobile Vulnerability Database), and VulnerabilityCenter.

Tips on Searching for Known Vulnerabilities

The process of finding known vulnerabilities typically involves identifying services, identifying the technologies in use, then searching for known issues. Identifying the complete tech-stack is not always easy.

This search engine will help as a first step and beyond that the following tips will help.

  • Check CVEDetails and test vulnerabilities that are listed for different versions.
  • Search ChangeLogs for security references
  • Look for silent patching. Search Change Logs for obscure descriptions of fixes, such as “input validation” or any change to SQL queries.
  • Note that not all known issues are assigned a CVE.
  • Note that not all known issues have been patched.

Penetration Testing vs Vulnerability Assessment

Some people say that an automated Vulnerability Assessment (VA) is the search for known vulnerabilities, whereas penetration testing is the search for unknown vulnerabilities. This paradigm is superficially true but naive because it ignores vulnerabilities that are known but not detected.

Reasons for vulnerabilities being “known but not detected” include:

  • No one has written a VA plugin to detect the vulnerability yet.
  • The vulnerability is difficult to detect in an automated way.
  • Vulnerabilities without a CVE are more often overlooked.
  • The vulnerability was published before full coverage in modern VA scanners.
  • The vulnerability is considered more of a configuration issue than a vulnerability.

Instead a vulnerability assessment is the search for known vulnerabilities that are well documented and penetration testing includes the search for known vulnerabilities beyond what a VA can offer.