Cybersecurity professionals who need to track the latest vulnerability exploits now have a new tool designed to make their job easier, with the launch today of VulnCheck XDB, a database of exploits and proof of concepts hosted on Git repositories.
The tool, from cyberthreat intelligence provider VulnCheck, is aimed at helping vulnerability researchers and security teams prioritize vulnerabilities based on the availability and criticality of new exploits that have been made public.
“There is a significant gap in exploit databases available today for modern security teams,” said Anthony Bettini, CEO and founder of VulnCheck. “That’s why we’re excited to launch XDB. This complementary tool will be instrumental in helping researchers, offensive teams and detection engineers solve the vulnerability prioritization challenge and bolster security.”
VulnCheck XDB is an open, license-less service and is available to users at launch. It sources information from Git providers like GitHub, GitLab, and Gitee.
Legacy exploit databases are slow, lack details
A major shortcoming of legacy databases is the “single file” model they are designed on, according to Bettini. Exploits these days are often projects with variety of functionalities, spanning multiple files like configuration files and command line interface files.
“These multifile projects often appear on git repositories (like GitHub), and legacy databases don’t support multiple files,” Bettini said. “Usually, when multiple files are involved, other exploit databases don’t include it or fold all the files into a single ZIP file, making them unreadable on the websites.”
Another drawback to legacy databases is that they are people curated exploit databases and are extremely slow to be relied on, Bettini said. VulnCheck, on the other hand, is offering an autonomous software system for tracking exploit and proof of concept code in real time.
“A problem with vulnerability databases today is that we only get basic information about the severity of the vulnerability (CVS scores) and effected version details,” said Edouard Viot, vice president of product at GitGuardian, a provider of code security software. “A working exploit can inform a business about the risk of their own infrastructure, or testing the efficiency of an existing security control.”
VulnCheck XDB features CVE indexing
XDB will be hosted as an autotracking, complementary tool on VulnCheck’s website and will feature the option to search by common vulnerabilities and exploits (CVE) IDs for discovering vulnerabilities with written exploits.
The fact that it’s well-linked to CVE-ID will be more interesting for organizations that have CVE alerts and want to assess their real risk, according to Viot.
“Application makers only write 10% of their code, 90% of their attack surfaces are the framework that they use. These frameworks use sub-libraries with, on average, three vulnerabilities per year. So, an application maker has a lot of CVE to manage on their own application because of the dependencies. Having access to the exploitation code could help to do what we call an ‘impact analysis’,” Viot said.
There are other automatically updated programs designed to allow security professionals to check on new exploits, including from cybersecuirty comnpany Exploit DB — but VulnCheck also claims to cover exploits written in other countries or hosted on foreign sites, like Gitee. “At this time, we’re unaware of any other exploit database making any attempt to track exploits written in foreign countries like China,” Bettini said.