Introduction
You know what software your target is running but how do you determine what vulnerabilities it has? The whole point of learning a target technology stack is so you can use this information to find associated vulnerabilities.
Google
When I’m looking to see what vulnerabilities a technology has the first place I go is Google. Actually Google is the first place I go when I have a question about anything as it’s the best resource out there. Try typing the following search queries into Google:
● <TECHNOLOGY><VERSION>vulnerabilities
● <TECHNOLOGY>VERSION>exploits



ExploitDB
Another place I like to search is ExploitDB. ExploitDB is a tool used to search and download exploit code. This is by far one of my favorite resources to use when searching for vulnerabilities related to a technology stack.
● https://www.exploit-db.com/



● https://github.com/offensive-security/exploitdb
● ./searchsploit “name of technology”



CVE
According to Google, the Common Vulnerabilities and Exposures(CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. If you’re looking to find what CVEs a technology stack has, there is no better place to search than NIST.
● https://nvd.nist.gov/vuln/search



Summary
Locating the vulnerabilities impacting a technology stack is relatively easy. All you really have to do is search for them. Between Google, ExploitDB, and NIST you should be able to find everything you’re looking for.