search_vulns - Vulnerability Search Made Easy: The Story Behind the Community Tool

Obtaining a good overview of all known vulnerabilities for software products is often more difficult and complex than one might initially assume. The requirements for a corresponding tool or service are diverse and cannot be completely covered by currently available providers. Our usd HeroLab colleague Dustin Born has taken on this challenge. The result: search_vulns.

Dustin took the time for a short interview with us in the usd HeroLab Lounge:

Dustin, what's the story behind search_vulns?

One component of our pentests is to examine the software used and its versions for known vulnerabilities and exploits. In the past, we used various search engines to get a complete overview. I always remembered my bachelor thesis, in which this was a sub-topic. In the thesis, I had developed an automatic vulnerability scanner. One of the requirements was to include a scanner module for searching for known vulnerabilities by entering a software and the corresponding version. However, as this was not the main focus of the work, the explanations were still rather rudimentary.
When I later started at usd and was frequently confronted with this search during our pentests, I thought: Can't I take the module from back then, build it as a stand-alone tool and even improve it? I then took up the challenge. The result was a self-developed tool: search_vulns.
It makes searching easier and more efficient and has been continuously developed over the last few years thanks to feedback from my pentest colleagues.

Easier and more efficient sounds great, how exactly does search_vulns work?

search_vulns helps to search for known vulnerabilities and exploits for the respective software version in a structured manner. It includes various data sources, summarizes them and then provides an all-encompassing search. Currently, the tool draws on data from the National Vulnerability Database (NVD), the Exploit-DB and the GitHub Security Advisory Database, as well as data from endoflife.date, PoC-in-GitHub, and VulnCheck. The results can then be further processed and exported in the web application. There is also a command line program that can be used for automated workflows in scanners, for example. This made it possible, for example, to integrate search_vulns into our own vulnerability scanner "Icebreaker" and thus make our day-to-day work in the usd HeroLab easier.

From the HeroLab into the wide world. How did you come to the decision to make search_vulns available to the entire community?

I'm a big fan of open source software myself. Anyone can use open source software for their own needs - in accordance with the license agreements, of course. That's why I published and developed the tool myself, or rather the code, under my GitHub account right from the start. We have been using search_vulns at usd HeroLab for a long time, either as a basis for our analyses and reports or as a scan module in Icebreaker. The feedback from colleagues on the tool was so positive that the next step was clear: to enable a larger community to use it and provide a public instance of the web service component.

Doesn't this also offer malicious attackers possible methods for compromising their targets?

Of course, I have also discussed this question in detail with my colleagues and other ethical hackers. Certainly, search_vulns bundles detailed information about vulnerabilities in software products that are used by companies and could be exploited by attackers. But the added value for everyone on the good side and for those responsible in the companies outweighs these concerns. After all, easily accessible information about already known vulnerabilities can help to better protect against these attackers.

Thank you Dustin for your time and dedication!

Learn more about search_vulns and try it out right away: https://search-vulns.com