This visualization displays information on computer platforms with security vulnerabilities, that could or still can be exploited with techniques and tools listed in the Exploit Database. The dataset with exploits was last updated Sun Oct 21 2012.
The Exploit Database categorizes exploits based on the targeted software/hardware into different types like dos, local, remote and webapps.
Exploits are either programs or textual descriptions on how to perform the exploit and are broken down into languages or file types of exploit files.
Circle size indicates the number of exploits for that platform.
The Exploit Database is an archive of exploits of vulnerable software, that collects data from user submissions and mailing lists and offers an interface to search and browse exploits by platforms, types and authors.
This visualization focuses on the platforms being exploited. Each circle in the spiral on the left represents one platform, the bigger the circle the more exploits exist for that platform. The number of exploits for the most affected platforms is also displayed in the bar chart on the right.
You can click on a circle in the spiral to show bar charts for exploit types and source files for the corresponing platform on the right side.
PHP is clearly the most favoured platform by hackers, almost all PHP exploits target the webapp type and most of them are described in plain text files for the rest Perl followed by PHP are the top languages used for scripting PHP exploits.
Among the reasons for that popularity are certainly PHP's wide spread support by hosting providers and the existence of many free and easy to install systems for building and running dynamic web applications. Moreover, these numbers are consistent with PHP's bad reputation considering code quality and developer experience, which doesn't imply causation.
The raw exploit counts show past hacker preferences for exploiting different platforms, but taken by themselves we can just guess why some platform are targeted more often than others.
To get further insights one could correlate these data with actual platform usage statistics and display the distribution of platforms over time.
The Python script I wrote to preprocess the data and generate a JSON document well-suited for D3 is available in this repository on GitHub.
October 29, 2012 by Ramiro Gómez.