armijnhemel
commented
1 year ago exploitdb has moved to https://gitlab.com/exploit-database/exploitdb
Open pombredanne opened 5 years ago
armijnhemel
commented
1 year ago exploitdb has moved to https://gitlab.com/exploit-database/exploitdb
pombredanne
commented
1 year ago This is a nice dataset:
Also:
pombredanne
commented
1 year ago 
ahouseholder
commented
1 year ago We're tagging vul IDs (more than just CVE) at
We pull updates from their respective repositories every few hours, crawl the diffs for IDs we recognize, and then tag the commit in which the ID first appeared.
The ID patterns we look for are here: https://github.com/CERTCC/git_vul_driller/blob/dd49cec61aac5ee9e84d57313a7876145e0b1522/git_vul_driller/patterns.py#L15-L56
ahouseholder
commented
1 year ago
- https://github.com/CERTCC/labyrinth/ by @ahouseholder now has a license and already aggregates the above.
Just to set expectations on data quality: Please be aware of the notes about signal-to-noise in the Labyrinth README. An ID that shows up in Labyrinth might be because there's an exploit repo that mentions it, or it could be a number of other relatively benign reasons because our code isn't smart enough to tell the difference. Labyrinth's findings are meant to serve as input to an analysis process, not a production exploit feed.
ahouseholder
commented
1 year ago On the other hand, we're more confident about the exploitdb/metasploit tags indicating exploits because there's a human vetting process involved (i.e., their developers decide what to include in their product).
pombredanne
commented
1 year ago @ahouseholder Thank you for the valuable insights. In the end, I want to know if my code is vulnerable. So the idea here with exploits is this, inc combination with reachability:
And if I am either exploitable or the vulnerable code is reachable, then I need to patch (possibly with the fix commit)
armijnhemel
commented
1 year ago 
DennisClark
commented
3 months ago See discussion document at https://docs.google.com/document/d/1XtMmxthmANhr-IqXsyMgFnrOq5fTGfsE/edit?usp=sharing&ouid=117241222429542576816&rtpof=true&sd=true
See work-in-progress normalized model spreadsheet at https://docs.google.com/spreadsheets/d/1J2t2T_s015pnAouy5ss-AA0SI4e2xjT4uICjlL_Aa38/edit?usp=sharing
DennisClark
commented
2 months ago The proposed normalized Exploits model spreadsheet at https://docs.google.com/spreadsheets/d/1J2t2T_s015pnAouy5ss-AA0SI4e2xjT4uICjlL_Aa38/edit?usp=sharing is ready for review.
DennisClark
commented
2 months ago The proposed normalized Exploits model spreadsheet at https://docs.google.com/spreadsheets/d/1J2t2T_s015pnAouy5ss-AA0SI4e2xjT4uICjlL_Aa38/edit?usp=sharing has been reviewed and ready for implementation.
ziadhany
commented
2 months ago @DennisClark I’ve been working on the Exploit model but encountered a few challenges:
The resources_and_notes in Metasploit is a set of options like this:
"notes": {
"AKA": ["Zerologon"],
"Stability": ["crash-safe"],
"Reliability": [],
"SideEffects": ["config-changes", "ioc-in-logs"]
}should we store it as a JSON or just a string?
I'm also unsure about what should be stored in source_url for Metasploit, as references can include multiple URLs. Any guidance on this?
We want to collect data about exploits.
See discussion document at https://docs.google.com/document/d/1XtMmxthmANhr-IqXsyMgFnrOq5fTGfsE/edit?usp=sharing&ouid=117241222429542576816&rtpof=true&sd=true
See work-in-progress normalized model spreadsheet at https://docs.google.com/spreadsheets/d/1J2t2T_s015pnAouy5ss-AA0SI4e2xjT4uICjlL_Aa38/edit?usp=sharing