Common Applications
Exploitation techniques for well-known applications you'll encounter on engagements. Each app page includes a description of what it is, default credentials, known exploit paths, and links to vulnerability databases for version-specific research.
Browse by category:
- Web Servers & Frameworks — Apache, Nginx, IIS, Node.js, Flask, Django, PHP
- CMS Platforms — WordPress, Drupal, Joomla, CMS Made Simple, Magento, Moodle
- Application Servers & Admin Panels — Tomcat, Jenkins, GitLab, Webmin, Grafana, phpMyAdmin, PostgreSQL, Elasticsearch, Nagios, Splunk, Docker API
- Service-Specific Exploits — ProFTPD, vsftpd, Samba, Exim, Dovecot, OpenSSH, CUPS
Universal vuln research links:
| Resource | URL |
|---|---|
| SearchSploit (local) | searchsploit <app> <version> |
| Exploit-DB | exploit-db.com |
| CVE Details | cvedetails.com |
| HackTricks | book.hacktricks.wiki |
| NVD (NIST) | nvd.nist.gov |
| GitHub Advisory | github.com/advisories |