Vulnerability Analysis

Useful resources and information for vulnerability research and news

Packet Storm is a cybersecurity resource hub, offering tools, vulnerabilities, and security articles for professionals.

DARKREADING is a cybersecurity news site, reporting on threats, breaches, and trends for security experts.

Trend Micro is a cybersecurity company with insights, research, and services to protect against online threats.

Security Magazine covers various security topics for professionals, including physical and cyber security.

Pentest Magazine is dedicated to ethical hacking and penetration testing, providing tutorials and tools.

Krebs on Security is a renowned cybersecurity blog by Brian Krebs, known for investigative reporting on cybercrime and security incidents.

Schneier on Security is the blog of Bruce Schneier, a prominent security expert, offering insightful analysis and commentary on security-related topics.

CVE

CVE is a dictionary of publicly disclosed cybersecurity vulnerabilities. It catalogs specific instances or examples of known vulnerabilities in software, hardware, or systems, assigning each vulnerability a unique identifier (CVE ID)

Links to CVE databases:

MitreCVE

NIST CVE

CWE

CWE is a community-developed list of common software and hardware weaknesses and vulnerabilities. It categorizes and describes weaknesses in software and systems, focusing on the root causes of vulnerabilities rather than specific instances or examples of vulnerabilities.

Vulnerability Scanners

I'll only consider free vulnerability scanners here.

OpenVas

OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated and authenticated testing, various high-level and low-level internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.

Here is a guide on how to set it up on Kali: Guide