New Features in the Exploit Database
Over the past 6 years, we have been maintaining and updating the Exploit Database on a daily basis, which now boasts over 35,000 exploits. While we constantly work on improving our back-end and entry quality. Over the years there haven’t really been any updates to the front-end, which has traditionally stayed ominously dark and foreboding. As you may have already seen this changed about two weeks ago, with the introduction of the new and improved Exploit Database website. This blog post will highlight a few of the new features and where the project is heading.
Web Front-End Updates
Since the database came online back in 2009, we had the same dark design and we thought it was clearly about time to create a new look. We have retired the black theme and brought in the clean white design you see now. At the same time, we have tried to make the URLs structure a little easier on the eyes too.
Before you even get to the new site, you may have noticed something a little different. The site now has HTTPS enabled, adding a layer of security, privacy, and integrity to the service.
Exploit Search & Ordering
Not only is searching for exploits quicker than before, your results should be more relevant to your criteria, making it easier to find the right exploit for the task at hand. You are also finally able to sort the results by date, architecture, etc. or filter out any unwanted results. Also, we are fully CVE compatible and have been matching up both CVE and Open Source Vulnerability Database (OSVDB) identifiers for our exploits for quite a while now.
Back-End & Caching
We have re-built all of our old servers and have brought additional ones online. On top of this, we improved the caching methods over all of our systems. These infrastructure changes gives a greater performance boost so the site is much more responsive than it was in the past.
Mobile UI Support
Over the years, we have noticed an increasing trend of mobile users visiting the site. The new Exploit Database front-end should accommodate everyones surfing habits, giving you the same experience whether you’re on a laptop, tablet, or phone.
Hidden Easter Eggs
We’ve added support for some handy vulnerability search shortcuts for any quick queries you may have. For example, quickly searching for all of the exploits with “wordpress” in their title, or an exploit for a certain CVE is as simple as:
- Quick searching: https://www.exploit-db.com/search/>Exploit Title>
- Quick CVEs: https://www.exploit-db.com/cve/>CVE Value>
When Exploit-DB first started, we were hosting an SVN repository. Recently, we have transitioned this service over to GitHub. You can find our repositories at the following URLs:
- https://github.com/offensive-security/exploit-database – Source code for exploits
- git clone https://github.com/offensive-security/exploit-database.git
- Thanks to g0tmi1k & unix-ninja, SearchSploit has seen many excellent improvements.
- http://github.com/offensive-security/exploit-database-bin-sploits – External binaries and resources required
- git clone https://github.com/offensive-security/exploit-database-bin-sploits.git
Keeping up-to-date with the latest exploits can be done various ways. The following sources are updated every hour:
- Our main RSS exploit feed can be found at the following address: https://www.exploit-db.com/rss.xml
You can now auto get an individual RSS feed for authors and platforms on their respective pages.
- Twitter: https://twitter.com/exploitdb
- IRC: irc://irc.freenode.org:7000/#ExploitDB
If you wish to get a daily updates, you can use either of the following links:
- Git history: https://github.com/offensive-security/exploit-database/commits/master
- ZIP archive: https://github.com/offensive-security/exploit-database/archive/master.zip
The Future of the Exploit Database
Our work is far from done and we are actively developing features for it! Just a few things that are on our wish list are:
- Tagging of exploits
- Improved searching abilities
- Interaction with authors when accepting new submissions
- API interface (Exploit-DB partners only)
- Package improvements
We are really happy with this latest update, giving the Exploit Database a much needed upgrade – ushering it into 2015 and beyond!