Intelligence Sources
Exploit Intelligence
Weaponized
A vulnerability has working exploit code available that attackers can use. Sources include Metasploit, ExploitDB, and public proof-of-concept repositories.
PoC (Proof of Concept)
Code demonstrating a vulnerability can be exploited. May not be fully weaponized but shows the attack is practical.
CISA KEV (Known Exploited Vulnerabilities)
U.S. government catalog of vulnerabilities being actively exploited in the wild. Maintained by CISA (Cybersecurity and Infrastructure Security Agency).
Detection Sources
Security tools that can detect exploitation attempts:
| Source | Description |
|---|---|
| OSV.dev | Open Source Vulnerabilities database (Google) |
| Nuclei | Fast vulnerability scanner with community templates |
| Sigma | Generic signature format for SIEM detection rules |
| Snort/Suricata | Network intrusion detection signatures |
| YARA | Pattern matching for malware/exploit detection |
| Semgrep | Static analysis rules for code scanning |
Exploit Sources
Sources tracking weaponized exploits:
| Source | Description |
|---|---|
| Metasploit | Popular penetration testing framework with exploit modules |
| ExploitDB | Public archive of exploits and vulnerable software |
| GitHub PoCs | Proof-of-concept code repositories on GitHub |
| Trickest | Aggregated CVE exploit intelligence |
| CISA KEV | Confirmed active exploitation in the wild |