CVES
Tools
Google
Twitter
Nuclei
Steps:
Grab all the subdomains:
subfinder -d domain.com -o subs.txt
Grab all alive domains:
httpx -l subs.txt -mc 200 -o alive.txt
Run Nuclei scans separately for different template categories and store each result in a different file:
nuclei -l alive.txt -t nuclei-templates/http/misconfiguration -o misconfigurations.txt nuclei -l alive.txt -t nuclei-templates/http/exposed-panels -o exposed-panels.txt nuclei -l alive.txt -t nuclei-templates/http/cves -o cves.txt nuclei -l alive.txt -t nuclei-templates/http/technologies -o technologies.txt
Read each output carefully with patience.
Find interesting tech used by target (e.g. Jira, WordPress, etc.).
Visit the page and check the version used.
Google search with that version like:
jira <version> exploit
Grep CVE IDs that look promising.
Search CVE on Twitter (
CVE-XXXX-XXXX poc
orCVE-XXXX-XXXX exploit
)Google the CVE or exploit keywords for better PoCs or writeups.
Test all CVEs — if successful, report it!
Authors
Last updated