admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update Sat May 25 21:56:39 CEST 2024

Browse Source
This commit is contained in:
0xMarcio 2024-05-25 21:56:39 +02:00
parent dc6e2cf715
commit b6d7832c52
2 changed files with 8 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
.DS_Store vendored
View File

Binary file not shown.

62
README.md
View File

@ -1,69 +1,23 @@
<h1 align="center">CVE PoC <a href="https://twitter.com/intent/tweet?text=CVE%20PoC%20-%20Find%20almost%20every%20publicly%20available%20CVE%20Proof-of-Concept%2E%0Aby%20%40trick3st%0Ahttps%3A%2F%2Fgithub%2Ecom%2Ftrickest%2Fcve%0A&hashtags=cve,poc,vulnerability,vulnerabilities,exploit,infosec,cybersecurity"><img src="https://img.shields.io/badge/Tweet--lightgrey?logo=twitter&style=social" alt="Tweet" height="20"/></a></h1> # CVE
<h3 align="center">Almost every publicly available CVE PoC.</h3> <h3 align="center">Almost every publicly available CVE PoC.</h3>
## Current hottest CVEs ## Current hottest CVEs
| Title | URL | | Title | URL |
| ----------- | ----------- | | ----------- | ----------- |
| CVE-2022-0001 | [/trickest/cve/blob/main/2022/CVE-2022-0001.md](https://github.com/trickest/cve/blob/main/2022/CVE-2022-0001.md) | | CVE-2022-0001 | [/0xMarcio/cve/blob/main/2022/CVE-2022-0001.md](https://github.com/0xMarcio/cve/blob/main/2022/CVE-2022-0001.md) |
| CVE-2022-25297 | [/trickest/cve/blob/main/2022/CVE-2022-25297.md](https://github.com/trickest/cve/blob/main/2022/CVE-2022-25297.md) | | CVE-2022-25297 | [/0xMarcio/cve/blob/main/2022/CVE-2022-25297.md](https://github.com/0xMarcio/cve/blob/main/2022/CVE-2022-25297.md) |
| CVE-2022-1388 | [/trickest/cve/blob/main/2022/CVE-2022-1388.md](https://github.com/trickest/cve/blob/main/2022/CVE-2022-1388.md) | | CVE-2022-1388 | [/0xMarcio/cve/blob/main/2022/CVE-2022-1388.md](https://github.com/0xMarcio/cve/blob/main/2022/CVE-2022-1388.md) |
| CVE-2022-25451 | [/trickest/cve/blob/main/2022/CVE-2022-25451.md](https://github.com/trickest/cve/blob/main/2022/CVE-2022-25451.md) | | CVE-2022-25451 | [/0xMarcio/cve/blob/main/2022/CVE-2022-25451.md](https://github.com/0xMarcio/cve/blob/main/2022/CVE-2022-25451.md) |
To see the complete history go [here](hot_cves.csv) To see the complete history go [here](hot_cves.csv)
[<img src="./banner.png" />](https://trickest.io/auth/register)
## How it works
### [Trickest](https://trickest.com) Workflow Architecture
![Trickest Workflow - PoC](workflow.png "Trickest Workflow - PoC")
### TB; DZ (Too big; didn't zoom):
- Collect CVE details from [cvelist](https://github.com/CVEProject/cvelist) (Shout out to [CVE Project](https://github.com/CVEProject)!)
- Split CVEs up by year.
- Find PoCs for each CVE using 2 techniques:
1. References
- Gather each CVE's `References`.
- Check if any of them points to a PoC using [ffuf](https://github.com/ffuf/ffuf) and a list of keywords
Regex:
```(?i)[^a-z0-9]+(poc|proof of concept|proof[-_]of[-_]concept)[^a-z0-9]+```
(Thanks [@joohoi](https://github.com/joohoi)!)
**Note**: [ffuf](https://github.com/ffuf/ffuf) is awesome for more purposes than just content discovery.
Get CVE referenced in HackerOne Reports - [AllVideoPocsFromHackerOne](https://github.com/zeroc00I/AllVideoPocsFromHackerOne) (Thanks [@zeroc00I](https://github.com/zeroc00I)!)
2. Github
Search GitHub for repositories with [find-gh-poc](https://github.com/trickest/find-gh-poc) that mention the CVE ID.
- Merge the fresh results into the repository without overwriting the data that was committed manually.
- Filter false positives using `blacklist.txt`.
- Merge all of the found PoCs.
- Generate GitHub badges for each affected software version using [shields.io](https://shields.io).
- Write everything into easy-to-read markdown files.
> **As described, almost everything in this repository is generated automatically. We carefully designed the workflow (and continue to develop it) to ensure the results are as accurate as possible.**
## Use cases ## Use cases
- Browse around, find a nice PoC, and test away! - Browse around, find a nice PoC, and test away!
- `Watch` the repository to receive notifications about new PoCs as soon as they go public. - `Watch` the repository to receive notifications about new PoCs as soon as they go public.
- Search for a specific product(s) (and possibly version) to find all public exploits related to it. - Search for a specific product(s) (and possibly version) to find all public exploits related to it.
- Monitor the [atom feed](https://github.com/trickest/cve/commits/main.atom) for a specific product(s). - Monitor the [atom feed](https://github.com/0xMarcio/cve/commits/main.atom) for a specific product(s).
- Create a searchable HTML table using the template and script in [summary_html](summary_html) - Create a searchable HTML table using the template and script in [summary_html](summary_html)
- Example: https://www.andrewmohawk.com/cve_summary (Thanks [@AndrewMohawk](https://github.com/AndrewMohawk)!)
## Contribution ## Contribution
All contribtutions/ideas/suggestions are welcome! Create a new ticket via [GitHub issues](https://github.com/trickest/cve/issues) or tweet at us [@trick3st](https://twitter.com/trick3st). All contribtutions/ideas/suggestions are welcome! Create a new ticket via [GitHub issues](https://github.com/0xMarcio/cve/issues) .
## Build your own workflows
We believe in the value of tinkering; cookie-cutter solutions rarely cut it. Sign up for a [Trickest](https://trickest.com) demo to customize this workflow to your use case, get access to many more workflows, or build your own workflows from scratch!
[<img src="./banner.png" />](https://trickest.io/auth/register)