Exploit Intelligence
Exploit Intelligence
The challenge: Knowing a CVE exists isn't actionable — you need to know whether exploit code is available, actively used, or packaged in attack frameworks. Without exploitation context, every critical CVE looks the same.
What you get: Exploit availability, proof-of-concept code references, framework modules (Metasploit, Nuclei), and weaponisation status — prioritisation that reflects real-world risk, not just a CVSS score.
| Source | Prefix | Description | |
|---|---|---|---|
 | ExploitDB | EDB- | Offensive Security Exploit Database. Curated archive of public exploits and vulnerable software. |
 | OffSec Exploit Database | EDB- | OffSec's maintained exploit database with verified proof-of-concept code and shellcode. |
 | CXSecurity Exploit | CXSecurity vulnerability and exploit database. Community-submitted exploits and advisories. | |
 | Trend Micro Zero Day Initiative | ZDI- | ZDI vulnerability disclosures. Coordinated disclosure programme for zero-day vulnerabilities. |
 | ProjectDiscovery Nuclei | PD- | Nuclei vulnerability templates. Community-maintained detection templates for active scanning. |
 | GitHub PoC Repos/Gists | Proof-of-concept exploit code published on GitHub repositories and Gists. Automated discovery and linking. | |
 | Rapid7 Metasploit Framework | MSF- | Metasploit modules. Exploit, auxiliary, and post-exploitation modules mapped to CVE identifiers. |
 | Packet Storm Security | PSS- | Packet Storm exploit and advisory archive. Security tools, exploits, and advisories since 1998. |
 | AttackerKB | Rapid7 AttackerKB. Community-driven vulnerability assessments with attacker-perspective analysis. | |
 | Vulners | Vulners vulnerability intelligence platform. Aggregated exploit and vulnerability data with AI scoring. | |
 | 0day.today | 0day.today exploit database. Underground and public exploit archive with categorised entries. | |
 | Vulnerability Lab | Vulnerability Laboratory. Independent vulnerability research and coordinated disclosure platform. | |
 | Knownsec Seebug | SSVID- | Knownsec Seebug vulnerability platform. Chinese-language exploit and vulnerability intelligence. |
| Zero Science Lab | ZSL- | Zero Science Lab security advisories. Independent vulnerability research and exploit development. |
 | ProtectAI Huntr | HUNTR- | ProtectAI Huntr bug bounty platform. AI/ML-focused vulnerability research and disclosure. |
 | Google Project Zero | PROJECTZERO- | Google Project Zero. Elite vulnerability research targeting zero-day exploits in widely-used software. |
 | HackerOne Hacktivity | H1- | Publicly disclosed bug bounty reports from the HackerOne platform via unauthenticated GraphQL API. Reporter-owned content; includes CVE IDs, severity, CWE, bounty amounts, and program metadata. |
 | WPScan | WPSCAN- | WP Engine WPScan WordPress vulnerability database. Plugin, theme, and core WordPress security intelligence. |
 | Bugcrowd CrowdStream | Bugcrowd CrowdStream public activity feed and disclosed vulnerability reports via unauthenticated JSON API. IP assigned to Bugcrowd per Standard Disclosure Terms; includes CVE IDs, severity, CWE, bounty amounts, and program metadata for opt-in programmes. | |
 | SigmaHQ | Sigma detection rules. Community-maintained detection signatures for SIEM and log analysis platforms. | |
 | Emerging Threats ET Open | ETL- | Emerging Threats open Snort/Suricata ruleset. Network-level exploit detection signatures. |
See the Licensing Appendix for redistribution terms applicable to each source.