Exploit bundles from Packet Storm

Packet Storm manages one of the best compilations of exploits for penetration testing your servers. Perhaps you've found a vulnerability in your system with Nessus and would like to see how "black hats" would go about compromising your system. Disclaimer: use these exploits for auditing your systems only!


Download all exploit bundles

The following script will download all annual and monthly exploit bundles from Packet Storm and place them in $EXPLOIT_DIR. After running the script once, you may want to run it periodically to keep your collection "in sync" with Packet Storm's.

#!/bin/sh

# Destination directory
EXPLOITS_DIR=~/exploits

# First year for which annual compilations are not available
STARTING_YEAR=2003

CURRENT_YEAR=`date +%Y`

# Create the exploits destination directory if it does not exist
[ ! -d $EXPLOITS_DIR ] && mkdir $EXPLOITS_DIR
cd $EXPLOITS_DIR

# Retrieve annual exploit bundles; skip them if already downloaded
for YEAR in 1999 2000 2001 2002
do
   TWO_DIGIT_YEAR=`echo $YEAR | cut -c3-4`
   [ -f ${YEAR}-exploits.tgz ] && continue
   echo -e "Retrieving $YEAR annual exploit bundle...\n"
   wget http://packetstormsecurity.org/${TWO_DIGIT_YEAR}12-exploits/${YEAR}-exploits.tgz
done
 
# Retrieve monthly exploit bundles; skip them if already downloaded
while [ "$STARTING_YEAR" -le "$CURRENT_YEAR" ]
do
   # Download the full year's worth of monthly exploit bundles
   YEAR=`echo $STARTING_YEAR | cut -c3-4`
   for MONTH in Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
   do
      FULL_MONTH=`date -d 1${MONTH} +%B`
      NUMERIC_MONTH=`date -d 1${MONTH} +%m`
      [ -f ${YEAR}${NUMERIC_MONTH}-exploits.tgz ] && continue
      echo -e "Retrieving ${FULL_MONTH} 20${YEAR} exploit bundle...\n"
      wget http://packetstormsecurity.org/${YEAR}${NUMERIC_MONTH}-exploits/${YEAR}${NUMERIC_MONTH}-exploits.tgz
   done
   STARTING_YEAR=`expr $STARTING_YEAR + 1`
done

Here is an example crontab entry to periodically retrieve the latest exploit bundles from Packet Storm. Note: we will run the script on the 10th of every month as the previous month's exploit bundle should be available for download.

0 6 10 * * ~/scripts/retrieve_exploit_bundles > /dev/null 2>&1

Yearly compilations

<>Download an entire year's worth of exploits with these links:

2002 exploits
2001 exploits
2000 exploits
1999 exploits

Back to brandonhutchinson.com.

Last modified: 08/30/2004