Useful online resources for researching the latest hardware and software vulnerabilities, unpatched bugs, and open source exploits for vulnerability intelligence or potential attack vectors...
- CVE common vulnerabilities and exposures https://cve.mitre.org/
- CWE common weakness enumeration https://cwe.mitre.org/
- NIST Vulnerability Database https://nvd.nist.gov/
- Red Hat CVE Database https://access.redhat.com/security/security-updates/#/cve
- VulnDB https://vulndb.cyberriskanalytics.com/
- WhiteSource Vulnerability Database https://www.whitesourcesoftware.com/vulnerability-database
- Snyk Intel Vulnerability Database Access https://snyk.io/product/vulnerability-database/
- Carnegie Mellon CERT Vulnerability Notes Database https://www.kb.cert.org/vuls/
- Seclists.Org Full Disclosure https://seclists.org/fulldisclosure/
- Security Focus Vulnerability Database (BugTraq) https://www.securityfocus.com/vulnerabilities
- Mozilla Products Vulnerabilities https://www.mozilla.org/en-US/security/known-vulnerabilities/
- Zero Science Lab https://www.zeroscience.mk/en/index.php
- Google Vulnerabilities https://www.google.com/about/appsecurity/research/
- SecuriTeam Security News https://securiteam.com/
- Zero Day Initiatives Published Advisories https://www.zerodayinitiative.com/advisories/published/
- HPI Vulnerability Database https://hpi-vdb.de/vulndb/
- WPScan WordPress Vulnerability Database https://wpvulndb.com/
- CIS & MS-ISAC https://www.cisecurity.org/resources/advisory/
- Hackerstorm (Vulnerabilities, Advisories, Threats, Alerts) https://www.hackerstorm.co.uk/home/vdash
- Github Advisories https://github.com
- Gentoo Security Database https://security.gentoo.org/
- Cisco Security Advisories https://tools.cisco.com/security/center/publicationListing.x
- Nomadic People Migration https://www.npmjs.com/advisories
- Oracle Security Alerts & Bulletins https://www.oracle.com/security-alerts/
- Red Hat Security Advisories https://access.redhat.com/security/security-updates/#/
- Microsoft Security Advisories & Bulletins https://docs.microsoft.com/en-us/security-updates/#sec_search
- Mozilla Foundation Security Advisories https://www.mozilla.org/en-US/security/advisories/
- Ubuntu Security Notices https://ubuntu.com/security/notices
- CXSecurity (Vulnerabilities, Exploits & Dorks) https://cxsecurity.com/
- ExploitDB https://www.exploit-db.com/
- Google Hacking Database (Google Dorking) https://www.exploit-db.com/google-hacking-database
- Vulnerability Lab https://www.vulnerability-lab.com/
- CVE Details (indicates if there’s a Metasploit exploit for the vulnerability) https://www.cvedetails.com/
- Rapid7 Vulnerability and Exploit Database https://www.rapid7.com/db/
- Packet Storm (vulnerabilities, security advisories, and exploits) https://packetstormsecurity.com/
- Vulners Vulnerability Database & Exploits https://vulners.com/
- Core Impact (commercial)
- GFI Languard (commercial)
- Microsoft Baseline Security Analyzer (MBSA) (Microsoft free)
- Nessus (commercial)
- Nexpose (free community edition + commercial)
- Nipper (Network Infrastructure Parser) (commercial)
- OpenVAS (open source)
- QualysGuard (commercial)
- Retina (commercial)
- SAINT (commercial)
- Secunia PSI (open source)
- Tripwire (commercial)
- Acunetix (open source + commercial)
- App Scanner (commercial)
- AppSpider (commercial)
- Burp Suite (free community edition + commercial)
- Comodo HackerProof (commercial) (open source)
- GoLismero (open source)
- Grendel-Scan (open source)
- HP WebInspect (commercial)
- Netsparker (commercial)
- Nikto (open source)
- OWASP ZAP (open source)