Well, the new (or replacement) milw0rm has gone online. As you may, or may not know, the crew of Offensive-Security have taken over. Str0ke was very close to closing the site down. After the initial announcement, Offsec stepped in and offered to relieve him of some of the administrative duties (updates mostly).
So, is the new site better? I mean, how can you improve on such a simple concept. Have an exploit, have a link to said exploit. Well they’ve found a way to not only make it better, but they succeeded in making the site an educational tool.
With Offensive-Security certifications slowly growing in popularity, it makes perfect sense for a security company such as Offsec to maintain the most popular exploit repository on the web today. It’s a great combination; they train you in identifying and using exploits (for defensive purposes) all at the same time guaranteeing the exploit used during the training are available.
But how is the site better. Let’s start off by how everything is organized. It’s separated in few sections. Remote Exploit, local exploit, web application and denial of service. The old milw0rm had a similar organizational schema, and they even had (or have I suppose… it’s still up) a shell code section. Which for me was not very user friendly. What it didn’t have was a web application section, which in my opinion is a good add-on by the Offsec crew. Even if they removed a few of the sections originality found on milw0rm, the new site is very easy to navigate.
The search option is also better all around. Searching by description, author, type (remote/local/DoS/etc), platform and port number. It’s pretty quick too and gives out very good search results. The submit information is revamped and easy to follow to anyone who wishes to submit anything.
This last part is what makes this site stand-out from the rest. They are actually hosting the applications associated with the exploits. Not all of them mind you, but they do have many downloads available. So in time, I’m sure we’ll see lots more vulnerable applications with their respective exploits ready to be transferred in our lab environment.
So in the end, Offensive-Security have legitimized the existence of such a site. With this new avenue, an exploit repository site doesn’t have cater to “blackhats” looking to annoy people or deface websites. They are maintaining and making available a valuable knowledge base for the security professional in training.
Congrats to all that worked on the new site. It’s fresh, good looking and I’m sure it’s going to be around for a long long time…
//* Correction; as I’ve been recently informed milw0rm did have a webapp section. Guess I didn’t noticed it at the time. My mistake.