Skip to content

oneaudit/openpoc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

301 Commits
.github
.github
 
 
.run
.run
 
 
datasources
datasources
 
 
pkg
pkg
 
 
stats
stats
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Open PoCs

🚨🚨🚨 Please read the license terms 🚨🚨🚨

This project aggregates data from multiple sources related to exploits, proofs of concept (PoC), and technical articles. Links are organized by CVE identifiers to simplify navigation. All direct sources are listed in the README. Please note that we do not host the content ourselves and are not responsible for any misuse of the provided information.

You can find the latest data in the update branch of this repository.

2025 2024
2023 2022

Trickest Repository 🗺️

Trickest Stats: CVEs with a PoC Trickest Stats: Number of PoCs Trickest Stats: Exclusive PoCs Trickest Stats: Exclusive CVEs

Trickest is one of the most popular open-source projects for monitoring exploits.
The main issue with their database is that it contains many dead links or irrelevant content.

  • ✅ Automated continuous integration
  • ✅ Manual filtering using a deny/allow list approach
  • ✅ Trust score implementation based on the source
  • ✅ Exploits are associated with the earliest commit date
> Source: https://github.com/trickest/cve
> Source: https://github.com/trickest/cve/blob/main/references.txt
> Update schedule: every 24 hours

Nomisec Repository 👑

Nomisec Stats: CVEs with a PoC Nomisec Stats: Number of PoCs Nomisec Stats: Exclusive PoCs Nomisec Stats: Exclusive CVEs

Nomisec is another popular open-source project for monitoring exploits.
While their content is more limited than Trickest, almost all of their links are relevant.

  • ✅ Automated continuous integration
  • ✅ Trust score implementation based on the stargazer count
> Source: https://github.com/nomi-sec/PoC-in-GitHub/
> Update schedule: every 6 hours

Exploit Database 🪲

ExploitDB Stats: CVEs with a PoC ExploitDB Stats: Number of PoCs ExploitDB Stats: Exclusive PoCs ExploitDB Stats: Exclusive CVEs

Exploit Database is a well-known and popular website with a large collection of PoCs.
Their database is available in CSV format and is hosted on GitLab.

  • ✅ Automated continuous integration
  • ✅ Patch missing and invalid CVE codes
  • ✅ Trust score implementation based on the "verified" flag
> Source: https://gitlab.com/exploit-database/exploitdb.git
> Update schedule: every 24 hours

In The Wild API 🫏

InTheWild Stats: CVEs with a PoC InTheWild Stats: Number of PoCs InTheWild Stats: Exclusive PoCs InTheWild Stats: Exclusive CVEs

InTheWild is a lesser-known but useful source for finding rare and hard-to-find exploits.
Their database was available on GitHub, and the API is still available for free use.

  • ✅ Automated continuous integration
  • ✅ Manual filtering using a deny/allow list approach
  • ✅ Trust score implementation based on the source
> Source: https://inthewild.io/api/exploits?limit=1
> Update schedule: once a week

Holloways Repository 🧁

Holloways Stats: CVEs with a PoC Holloways Stats: Number of PoCs Holloways Stats: Exclusive PoCs Holloways Stats: Exclusive CVEs

Holloways has a private repository adding support for additional sources. While the implementation is private, the results are still open to everyone through the automated continuous integration.

  • ✅ Automated continuous integration
  • ✅ For fun and profit, enjoy ✨
> Source: https://github.com/oneaudit/trickest-extended/
> Update schedule: once a day

Nuclei Repository 🐲

Nuclei Stats: CVEs with a PoC Nuclei Stats: Number of PoCs Nuclei Stats: Exclusive PoCs Nuclei Stats: Exclusive CVEs

Nuclei is popular vulnerability scanner. Nuclei templates cover many CVEs.

  • ✅ Automated continuous integration
  • ✅ Trust score set to 1.0
  • ✅ Exploits are associated with the earliest commit date
> Source: https://github.com/projectdiscovery/nuclei-templates
> Update schedule: every 12 hours

Metasploit Repository 🚢

Metasploit Stats: CVEs with a PoC Metasploit Stats: Number of PoCs Metasploit Stats: Exclusive PoCs Metasploit Stats: Exclusive CVEs

Metasploit is a well-known security framework. Note that they only have a limited number of CVE exploits.

  • ✅ Automated continuous integration
  • ✅ Trust score set to 1.0
  • ✅ Exploits are associated with the earliest commit date
> Source: https://github.com/rapid7/metasploit-framework
> Update schedule: every 6 hours

Want more ? 🔍

A few candidates indirectly scrapped by Trickest:

  • seclists.org
  • wpscan.com, wpvulndb.com
  • packetstorm.news
  • security.snyk.io, snyk.io/vuln/
  • talosintelligence.com
  • huntr.com, huntr.dev
  • hackerone.com
  • www.tenable.com
  • openwall.com
  • securitylab.github.com
  • medium.com
  • vulnerability-lab.com
  • whitesourcesoftware.com, www.mend.io
  • osv.dev, osvdb.org
  • cyberwarzone.com

How To Add A New Source

The process is not straightforward but relatively easy:

  • ✅ Create a type implementing OpenPocMetadata
  • ✅ Add a field inside AggregatorResult
  • ✅ Edit AggregatorResult#NewAggregatorResult to create a default empty array
  • ✅ Edit AggregatorResult#ComputeOpenPoc to merge the new results in openpoc
  • ✅ Edit AggregatorResult#Sort to sort the new results
  • ✅ Edit MergeAggregatorResults to load cached results as a fallback
  • ✅ Add the logic inside main.go to generate results
  • ✅ Do not forget to add results to yearMap
  • ✅ Bump the version inside main.go
  • ✅ Update stats.go to support the new provider
  • ✅ Update README.md with a summary about the provider

License 📄

This project is licensed under the GNU GPL v3.0 License.
You are free to use, modify, and distribute this software with proper attribution. See the LICENSE file for full details.

About

Aggregates multiple data sources related to CVE exploits/PoC.

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Contributors 2

  •  
  •  

Languages