From 3c811415bcc2c144f300883ce93f03bc98ca5abc Mon Sep 17 00:00:00 2001 From: Meitar M Date: Sat, 8 Jul 2017 14:52:24 -0400 Subject: [PATCH] Style guide compliance pass focused on Vulnerability Databases section. (#144) * Add CVE List to Vulnerability Databases section, since it was missing. * Style guide compliance pass focused on Vulnerability Databases section. * Whitelist the Inj3ct0r URLs. The `0day.today` website sits behind an extremely aggressive Cloudflare anti-bot checker, which causes `awesome-bot` to trigger an HTTP 503 response. This fails the build but is actually normal behavior. Similarly, the Onion service is inaccessible except over Tor and our Travis CI configuration does not (yet?) support checking Onion service links. (Although, perhaps it should be updated to do so in a future PR.) --- .travis.yml | 2 +- README.md | 30 ++++++++++++++++-------------- 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/.travis.yml b/.travis.yml index c6754c6..1f2d82b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,4 +4,4 @@ rvm: before_script: - gem install awesome_bot script: - - awesome_bot README.md --allow-redirect + - awesome_bot README.md --allow-redirect --white-list "www.0day.today,mvfjfugdwgc5uwho.onion" diff --git a/README.md b/README.md index 1b09071..a2d6a4c 100644 --- a/README.md +++ b/README.md @@ -397,21 +397,23 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Defcon Suggested Reading](https://www.defcon.org/html/links/book-list.html) ## Vulnerability Databases -* [NVD](https://nvd.nist.gov/) - US National Vulnerability Database. -* [CERT](https://www.us-cert.gov/) - US Computer Emergency Readiness Team. -* [OSVDB](https://blog.osvdb.org/) - Open Sourced Vulnerability Database. -* [Bugtraq](http://www.securityfocus.com/) - Symantec SecurityFocus. -* [Exploit-DB](https://www.exploit-db.com/) - Offensive Security Exploit Database. -* [Fulldisclosure](http://seclists.org/fulldisclosure/) - Full Disclosure Mailing List. -* [MS Bulletin](https://technet.microsoft.com/en-us/security/bulletins) - Microsoft Security Bulletin. -* [MS Advisory](https://technet.microsoft.com/en-us/security/advisories) - Microsoft Security Advisories. -* [Inj3ct0r](http://www.1337day.com/) - Inj3ct0r Exploit Database. -* [Packet Storm](https://packetstormsecurity.com/) - Packet Storm Global Security Resource. -* [SecuriTeam](http://www.securiteam.com/) - Securiteam Vulnerability Information. -* [CXSecurity](http://cxsecurity.com/) - CSSecurity Bugtraq List. -* [Vulnerability Laboratory](http://www.vulnerability-lab.com/) - Vulnerability Research Laboratory. -* [ZDI](http://www.zerodayinitiative.com/) - Zero Day Initiative. +* [Common Vulnerabilities and Exposures (CVE)](https://cve.mitre.org/) - Dictionary of common names (i.e., CVE Identifiers) for publicly known cybersecurity vulnerabilities. +* [National Vulnerability Database (NVD)](https://nvd.nist.gov/) - United States government's National Vulnerability Database provides a superset of the standard CVE List along with a fine-grained search engine. +* [US-CERT Vulnerability Notes Database](https://www.kb.cert.org/vuls/) - Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT). +* [Full-Disclosure](http://seclists.org/fulldisclosure/) - Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources. +* [Bugtraq (BID)](http://www.securityfocus.com/bid/) - Software security bug identification database compiled from submissions to the SecurityFocus mailing list, operated by Symantec, Inc. +* [Exploit-DB](https://www.exploit-db.com/) - Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security. +* [Microsoft Security Bulletins](https://technet.microsoft.com/en-us/security/bulletins#sec_search) - Announcements of security issues discovered in Microsoft software, published by the Microsoft Security Response Center (MSRC). +* [Microsoft Security Advisories](https://technet.microsoft.com/en-us/security/advisories#APUMA) - Archive of security advisories impacting Microsoft software. +* [Mozilla Foundation Security Advisories](https://www.mozilla.org/security/advisories/) - Archive of security advisories impacting Mozilla software, including the Firefox Web Browser. +* [Packet Storm](https://packetstormsecurity.com/files/) - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry. +* [CXSecurity](https://cxsecurity.com/) - Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a a Google dork database for discovering the listed vulnerability. +* [SecuriTeam](http://www.securiteam.com/) - Independent source of software vulnerability information. +* [Vulnerability Lab](https://www.vulnerability-lab.com/) - Open forum for security advisories organized by category of exploit target. +* [Zero Day Initiative](http://zerodayinitiative.com/advisories/published/) - Bug bounty program with publicly accessible archive of published security advisories, operated by TippingPoint. * [Vulners](https://vulners.com) - Security database of software vulnerabilities. +* [Inj3ct0r](https://www.0day.today) ([Onion service](http://mvfjfugdwgc5uwho.onion/)) - Exploit marketplace and vulnerability information aggregator. +* [Open Source Vulnerability Database (OSVDB)](https://osvdb.org/) - Historical archive of security vulnerabilities in computerized equipment, no longer adding to its vulnerability database as of April, 2016. ## Security Courses * [Offensive Security Training](https://www.offensive-security.com/information-security-training/) - Training from BackTrack/Kali developers.