Exploit Proof-of-Concept (PoC) Cheat Sheet

Table of Contents

As part of a penetration test, you will likely want to use an exploit to gain entry into a system for which you have explicit written permission to access. An exploit executes operations in order to target a specific vulnerability in an operating system or application. Where you can find exploits? Or more specifically, where you can find "Proof of Concept" (PoC) code showing how an exploit can be practically achieved?

Metasploit

Metasploit

Metasploit - https://www.metasploit.com/

Metasploit is a popular penetration testing framework that provides thousands of exploits that can be configured and used via a common set of commands.

Exploit Database

Exploit Database

Exploit Database - https://www.exploit-db.com/

"The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away."

When searching the Exploit Database, notice that some exploits are marked with a green "verified" checkmark, indicating that the exploit was verified in the Exploit DB lab. Exploits without a green checkmark have not been tested, and are provided "as-is" by the original authors. Exploits here are typically provided with little or no documentation, so you may need to review the code to decipher how to use them!

Packet Storm

Packet Storm

Packet Storm - https://packetstormsecurity.com/

CXSecurity

CXSecurity

CXSecurity - https://cxsecurity.com/