Who we are, what we do and more.
The Exploit Database is maintained by Offensive Security, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. The Exploit Database is a non-profit project that is provided as a public service by Offensive Security.
The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Our aim is to serve the most comprehensive collection of exploits gathered through direct submissions, mailing lists, as well as other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
Each exploit in the Exploit Database may have several additional fields, such as Date, Description, Platform, Author, and D,A,V. While the first four titles are self explanatory, the latter three are not. Here’s a short breakdown of their meanings:
1. “D” for Download. This link will download the raw source code of the exploit as it was submitted to us.
2. “A” for Application. We make an effort to archive vulnerable applications for the benefit of researchers whenever we can. This facilitates debugging and analysis should the vulnerable application become unavailable.
3. “V” for Verified. We make an effort to verify exploits in our labs, when possible. A “non verified” exploit (marked by a clock icon) simply means we did not have the opportunity to test the exploit internally.
Refer to our “Submit” page to review the Exploit Database guidelines for acceptance.
Why did you hack my site or my software?
We have not hacked your websites or your software. We collect publicly available exploits from the internet and archive them here.
Why did you not accept my submitted exploit?
We do not submit exploits which violate our Exploit acceptance policy or have been tested and found not to work. Read more on the “Submit” page.
Do you hold on to exploits before publishing them? Do you have some nefarious scheme whereby you siphon off exploits for your own use?
No, we don’t. We publish what we get, as soon as we possibly can. The only reason we won’t publish an exploit is if it violates our exploit policies.
I sent you an exploit, but you never published it. What gives?
If you sent us an exploit, and it hasn’t been published yet, it could be due to a couple of reasons – either it has not abided by our submit policy, or it is still in our queue and is awaiting moderation.