Checking for exploitable vulnerabilities

The database of exploitable vulnerabilities (existence of public exploit was confirmed or it was used during malware campaigns) is provided via Vuln DB menu:

It supports full text search by all fields and allows to quickly check whatever certain CVE is exploitable or which exploitable vulnerabilities existing for certain product.

On the top of that the results of Infrastructure (OpenVAS, Nessus, Nuclei) scans and code dependency checks (Trivy) are enriched by the info from this database. To view the enriched reports, download the ZIP archive via Scan History view by clicking on the Report button:

Then look for XLSX files, such as trivy-dep-report.xslx:

Or the similar Nessus, OpenVAS, Nuclei report within the respective folder:

Exploit availability is reflected via "Exploit" column:

PreviousWorking with scan results Next(Optional) Parsing CSV exports

Last updated 3 months ago