The Exploit Database is maintained by Offensive Security, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. The Exploit Database is a non-profit project that is provided as a public service by Offensive Security.
What We Do
The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Our aim is to serve the most comprehensive collection of exploits gathered through direct submissions, mailing lists, as well as other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
How to Navigate the Database
Each exploit in the Exploit Database may have several additional fields, such as Date, Description, Platform, Author, and D,A,V. While the first four titles are self explanatory, the latter three are not. Here’s a short breakdown of their meanings:
1. “D” for Download. This link will download the raw source code of the exploit as it was submitted to us.
2. “A” for Application. We make an effort to archive vulnerable applications for the benefit of researchers whenever we can. This facilitates debugging and analysis should the vulnerable application become unavailable.
3. “V” for Verified. We make an effort to verify exploits in our labs, when possible. A “non verified” exploit (marked by a clock icon) simply means we did not have the opportunity to test the exploit internally.
How to Submit Exploits
Refer to our “Submit” page to review the Exploit Database guidelines for acceptance.