Sometimes when I am on a penetration test, I need confirmation for a vulnerability’s risk score, consequences (meaning real-life exploitation scenarios) or fix recommendations.

This happens mostly when vulnerabilities are not easily exploitable or have a low impact but, as a penetration tester, I must still report them and explain to clients why they should fix them. Examples of such vulnerabilities are the TRACE method being enabled, default Apache pages being accessible, etc.

When that happens, I check for the vulnerability class in question in one of these 4 sites:

• https://www.tenable.com/plugins (Nessus)
• https://www.acunetix.com/vulnerabilities/web/ (Acunetix)
• https://www.rapid7.com/db/ (Metasploit)
• https://portswigger.net/kb/issues (Burp Suite)

Each one of them is a vulnerability database used by the corresponding automatic scanner (Nessus, Metasploit, Acunetix & Burp Suite). Since these are well-established commercial tools, I consider their descriptions, risks & recommendations reliable and representative of the current best practices.

So I think that they are a valuable source of information for anyone starting out in the field or seeking confirmation from reliable sources in order to deliver relevant pentest reports with realistic risks and recommendations.

What about you? Do you know of other good vulnerability databases?
Please, don’t hesitate to share them with us or leave any comment, suggestions or questions.

See you next time!