Knowing when to call it quits or pivot is an important life skill. Unfortunately, this time has come for ExploitHub. From the recently updated ExploitHub.com:
Exploithub was created with the intention to provide an open marketplace for the greater information security community consisting of penetration testers, security researchers, and exploit developers, among others. The marketplace was intended to be a platform for the information security community to transact with each other their non-zero-day, or n-day exploits, tools, and other software and hardware. To this end ExploitHub has been an unmitigated success, providing both space on the Internet for this activity as well as various marketplace tools to help users negotiate pricing, split payments among multiple developers, as well as other features. In order for ExploitHub to exist and provide this marketplace however, it needed to also cover its costs and turn a profit, and the volume at which this activity has been occurring within the marketplace has been in decline over the past few years and unfortunately no longer supports its continued operation.
The information security industry has changed significantly over the past few years. Back when ExploitHub started, n-day exploits for publicly known vulnerabilities were utilized far more. Nowadays however many pentesters rarely use exploits during engagements. Security vendors’ internal development teams have matured, requiring less external example to inform their internal development, and many now tend to roll their own exploit simulation or develop neutered exploits with no real payloads. It is also apparent that far more exploit developers today now choose to focus on zero-day vulnerabilities and sell their related exploits privately rather than publish findings and release public exploits.
After the last few years of bare bones operation and attempting to prove that a viable market still exists for publicly available n-day exploits, we have unfortunately been unable to do so. At this time, ExploitHub will be evolving into a private marketplace exclusively for exploits of zero-day vulnerabilities. Not only has the private zero-day market been proven viable by various players in this space for many years now, but the individual sales of zero-day assets command much higher prices and profit margins which will support continued operations.
It is regrettable that at this time we must sunset the open marketplace component of ExploitHub, and the decision to do so was a difficult one to make. Unfortunately the occasional sale of individual exploits for n-day vulnerabilities simply no longer supports the existence of such a marketplace.
For more information on how to get involved with the new incarnation of ExploitHub, please click-through to ExploitHub.com.