As Core Impact's exploit database grows, it becomes more difficult to find the exploit/module you are trying to run. Let's say you are looking to test your network against the latest worm or even an old one—finding that specific exploit in the list of the more than 300 modules available could take a while. It is better to let Core Impact search the exploit list for you. Core Impact allows you to search in different ways: by CVE, service, name, and target OS. The search engine is divided into six types of requests, as shown in Table 9-1.
Table 9-1. Core Impact search engine options
Type | Your search | Typical request |
|---|---|---|
All | ||
CVE | CVE-2005-3223 | 2005-3223 |
Category | Local module only | Local |
Name | Exchange CDO | Exchange |
Service | Exploit for HTTP server | http |
Supported system | Module for Windows 2000 system | Windows 2000 |
The trick when searching with Core Impact is to keep it simple. For example, say you are looking for the old CAN-2006-0237 exploit. Since we do not know whether the exploit was incorporated into Core Impact or whether it is still a CAN-* and has not been updated to a CVE-*, it is better to just search for the years, without the "CAN" or "CVE" portion of the name. The same logic can be applied to exploit names or services. Don't be too specific; there are only 300 modules.