Re-Con gurable Vulnerability Discovery

Abstract

In the field of application security, vulnerability discovery now has become a major role. Most of the time, vulnerability discovery tools are used to find vulnerabilities in systems before and after they are released. And there are exploits developed for known vulnerabilities while these exploits can also be used to identify unknown vulnerabilities. But these exploits cannot be developed easily as it takes a long time and a high cost to develop these exploits. In this research, the concept of modularization for exploits is introduced to reduce the cost in developing new exploits. With this modularization concept, previously developed exploits can be re-used to develop new exploits by building workflows. In this research, most of the exploits in the exploit database are studied with the vulnerability information from the Common Vulnerabilities and Exposures database to identify common similarities between exploits. After that, possible workflows that can be generated from these exploits are studied. Then, a sample workflow is built from two exploits taken from exploit database which are related to two WordPress plugins. This workflow is executed as a single exploit with two modules to show that the exploits can be modularized to build new exploits by reusing them which will help in increasing the efficiency of the current vulnerability discovery process.