Doug Vitale Tech Blog

HackerStorm Open Source Vulnerability Database

The HackerStorm Open Source Vulnerability Database (OSVDB) tool is a web-based utility (runs in a web browser) that enables you to research vulnerabilities associated with various software companies, such as Microsoft, Mozilla, Red Hat, etc. You simply download the tool and the associated vulnerability database and you use the Flash-based graphical user interface (GUI) to get the details on vulnerabilities based on software vendor.

Unfortunately this project appears to have fallen by the wayside as it has not been updated in quite some time. The latest HackerStorm database dates from 30 April 2010. The HackerStorm blog has only been updated once since 9 May 2009. Currently the latest vulnerability for Mozilla products in the OSVDB dates to March 2010; the latest vulnerability for Red Hat dates to August 2009. Clearly there have been more exploits for Mozilla and Red Hat products discovered since these dates. Therefore bear in mind that at the present, the HackerStorm OSVDB will not display vulnerabilities that were discovered after April 2010.

HackerStorm OSVDB main interface

HackerStorm OSVDB v1.1 main interface

To install the HackerStorm OSVDB, first create a folder to hold all its files, such as C:\Users\username\HackerStorm.

Next, download the HackerStorm OSVDB GUI .zip file and extract its contents into the HackerStorm file you just created.

Then return to the OSVDB page and download the XML vulnerability which is in tar.bz2 format. Extract this file into the HackerStorm folder as well.

In the HackerStorm folder you will see a start.html file. Open it with your browser and you will be presented with the OSVDB main interface. Click the ‘OSVDB SEARCH’ button.

HackerStorm OSVDB search function

HackerStorm OSVDB v1.1 search function

Scroll down through the vendor name and select Microsoft Corporation, then click View. To see all Microsoft vulnerabilities, click ‘View All’. Wait a few seconds as all the Microsoft database entries load and are displayed in the GUI.

HackerStorm OSVDB search results

HackerStorm OSVDB v1.1 search results for Microsoft Corporation

If during your use of the OSVDB you get a notification that Flash has blocked Internet access, click Settings, Advanced Tab, then Trusted Location Settings. Then click Add, Add Folder, and choose the C:\Users\username\HackerStorm folder. The OSVDB will now be free to connect to to download content.

Recommended reading

If you found the content of this article helpful and want to expand your knowledge further, please consider buying a relevant book using the links below. Thanks!

Network Security Assessment on Amazon Network Security Assessment Network Security Bible on Amazon Network Security Bible

Network Security Auditing on Amazon Network Security Auditing Security Power Tools on Amazon Security Power Tools

From the author of HackerStorm:

Email Hacking on Amazon E-mail Hacking for IT Security Pros Firewall Hacking on Amazon Firewall Hacking Security Pros

Written by Doug Vitale

November 23, 2011 at 11:40 AM

%d bloggers like this: