NORTHERN EXPOSURE
The Common Vulnerabilities and Exposures (CVE) database is a fantastic dataset operated by The Mitre Corporation at the behest of the US government. It tracks vulnerabilities as they’re discovered and cross-references them with the internal tracking systems of companies and distros, so it’s easy to determine which versions or which releases are vulnerable.
W e’ve seen how the humble ping command can tell us not just if our machines are reachable, but how many of them are on the local network. If we read into the timings column a bit, we might even speculate about how far away these machines are. However, for network reconnaissance and port scanning, you can’t beat Nmap.
In addition to CVE, there’s the associated National Vulnerabilites Database (https://nvd.nist.gov), where CVEs are rated by severity. Several of the CVE numbers related to the ShellShock vulnerability score a perfect 10. As do other CVEs that affect popular software, allow remote code execution and can be carried out by fools (script kiddies). ‘Person in the middle’ attacks, which might be hard to pull off in the real world and only lead to user impersonation or limited information leakage, might score more modestly. Besides CVE entries, you can also search the Common Platform Enumerations (CPE) database, which makes it easy to find vulnerabilities in a particular product.