bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'main' of gitlab.com:exploit-database/exploitdb into main

Browse source
This commit is contained in:
Offensive Security 2022-11-10 19:58:04 +00:00
commit 033a8167fc
2 changed files with 82 additions and 107 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
README.md
View file

@ -3,22 +3,22 @@
This is an official repository of [The Exploit Database](https://www.exploit-db.com/), a [project](https://www.offensive-security.com/community-projects/) sponsored by [Offensive Security](https://www.offensive-security.com/). This is an official repository of [The Exploit Database](https://www.exploit-db.com/), a [project](https://www.offensive-security.com/community-projects/) sponsored by [Offensive Security](https://www.offensive-security.com/).
Our repositories are: Our repositories are:
- Exploits & Shellcodes: [https://github.com/offensive-security/exploitdb](https://github.com/offensive-security/exploitdb) - Exploits & Shellcodes: [gitlab.com/exploit-database/exploitdb](https://gitlab.com/exploit-database/exploitdb)
- Binary Exploits: [https://github.com/offensive-security/exploitdb-bin-sploits](https://github.com/offensive-security/exploitdb-bin-sploits) - Binary Exploits: [gitlab.com/exploit-database/exploitdb-bin-sploits](https://gitlab.com/exploit-database/exploitdb-bin-sploits)
- Papers: [https://github.com/offensive-security/exploitdb-papers](https://github.com/offensive-security/exploitdb-papers) - Papers: [gitlab.com/exploit-database/exploitdb-papers](https://gitlab.com/exploit-database/exploitdb-papers)
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of [exploits](https://www.exploit-db.com/), [shellcode](https://www.exploit-db.com/shellcodes) and [papers](https://www.exploit-db.com/papers) gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and Proof-of-Concepts rather than advisories, making it a valuable resource for those who need actionable data right away. The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of [exploits](https://www.exploit-db.com/), [shellcode](https://www.exploit-db.com/shellcodes) and [papers](https://www.exploit-db.com/papers) gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and Proof-of-Concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
You can learn more about the project [here (Top Right -> About Exploit-DB)](https://www.exploit-db.com/) and [here (History)](https://www.exploit-db.com/history). You can learn more about the project [here (Top Right -> About Exploit-DB)](https://www.exploit-db.com/) and [here (History)](https://www.exploit-db.com/history).
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our [binary exploits repository](https://github.com/offensive-security/exploitdb-bin-sploits). This repository is updated daily with the most recently added submissions. Any additional resources can be found in our [binary exploits repository](https://gitlab.com/exploit-database/exploitdb-bin-sploits).
Exploits are located in the [`/exploits/`](https://github.com/offensive-security/exploitdb/tree/master/exploits) directory, shellcodes can be found in the [`/shellcodes/`](https://github.com/offensive-security/exploitdb/tree/master/shellcodes) directory. Exploits are located in the [`/exploits/`](https://gitlab.com/exploit-database/exploitdb/tree/main/exploits) directory, shellcodes can be found in the [`/shellcodes/`](https://gitlab.com/exploit-database/exploitdb/tree/main/shellcodes) directory.
- - - - - -
## License ## License
This project (and SearchSploit) is released under "[GNU General Public License v2.0](https://github.com/offensive-security/exploitdb/blob/master/LICENSE.md)". This project (and SearchSploit) is released under "[GNU General Public License v2.0](https://gitlab.com/exploit-database/exploitdb/blob/main/LICENSE.md)".
- - - - - -
@ -43,6 +43,7 @@ kali@kali:~$ searchsploit -h
searchsploit -s Apache Struts 2.0.0 searchsploit -s Apache Struts 2.0.0
searchsploit linux reverse password searchsploit linux reverse password
searchsploit -j 55555 | json_pp searchsploit -j 55555 | json_pp
searchsploit --cve 2021-44228
For more examples, see the manual: https://www.exploit-db.com/searchsploit For more examples, see the manual: https://www.exploit-db.com/searchsploit
@ -50,23 +51,24 @@ kali@kali:~$ searchsploit -h
Options Options
========= =========
## Search Terms ## Search Terms
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe) -c, --case [term] Perform a case-sensitive search (Default is inSEnsITiVe)
-e, --exact [Term] Perform an EXACT & order match on exploit title (Default is an AND match on each term) [Implies "-t"] -e, --exact [term] Perform an EXACT & order match on exploit title (Default is an AND match on each term) [Implies "-t"]
e.g. "WordPress 4.1" would not be detect "WordPress Core 4.1") e.g. "WordPress 4.1" would not be detect "WordPress Core 4.1")
-s, --strict Perform a strict search, so input values must exist, disabling fuzzy search for version range -s, --strict Perform a strict search, so input values must exist, disabling fuzzy search for version range
e.g. "1.1" would not be detected in "1.0 < 1.3") e.g. "1.1" would not be detected in "1.0 < 1.3")
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path) -t, --title [term] Search JUST the exploit title (Default is title AND the file's path)
--exclude="term" Remove values from results. By using "|" to separate, you can chain multiple values --exclude="term" Remove values from results. By using "|" to separate, you can chain multiple values
e.g. --exclude="term1|term2|term3" e.g. --exclude="term1|term2|term3"
--cve [CVE] Search for Common Vulnerabilities and Exposures (CVE) value
## Output ## Output
-j, --json [Term] Show result in JSON format -j, --json [term] Show result in JSON format
-o, --overflow [Term] Exploit titles are allowed to overflow their columns -o, --overflow [term] Exploit titles are allowed to overflow their columns
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible) -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible)
-v, --verbose Display more information in output -v, --verbose Display more information in output
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path -w, --www [term] Show URLs to Exploit-DB.com rather than the local path
--id Display the EDB-ID value rather than local path --id Display the EDB-ID value rather than local path
--colour Disable colour highlighting in search results --disable-colour Disable colour highlighting in search results
## Non-Searching ## Non-Searching
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory
@ -112,10 +114,12 @@ kali@kali:~$
kali@kali:~$ searchsploit -p 39446 kali@kali:~$ searchsploit -p 39446
Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446 URL: https://www.exploit-db.com/exploits/39446
Path: /usr/share/exploitdb/exploits/windows_x86/local/39446.py Path: /Users/b/Projects/git/forks/exploitdb/exploits/windows_x86/local/39446.py
File Type: Python script, ASCII text executable, with CRLF line terminators Codes: N/A
Verified: False
File Type: Python script text executable, ASCII text
Copied EDB-ID #39446's path to the clipboard. Copied EDB-ID #39446's path to the clipboard
kali@kali:~$ kali@kali:~$
``` ```
@ -136,7 +140,7 @@ Exploit-DB/SearchSploit is already packaged inside of Kali-Linux. A method of in
kali@kali:~$ sudo apt -y install exploitdb kali@kali:~$ sudo apt -y install exploitdb
``` ```
_NOTE: Optional is to install the additional packages:_ _NOTE, Optional is to install the additional packages:_
``` ```
kali@kali:~$ sudo apt -y install exploitdb-bin-sploits exploitdb-papers kali@kali:~$ sudo apt -y install exploitdb-bin-sploits exploitdb-papers
@ -144,10 +148,10 @@ kali@kali:~$ sudo apt -y install exploitdb-bin-sploits exploitdb-papers
**Git** **Git**
In short: clone the repository, add the binary into `$PATH`, and edit the config file to reflect the git path: In short, clone the repository, add the binary into `$PATH`, and edit the config file to reflect the git path:
``` ```
$ sudo git clone https://github.com/offensive-security/exploitdb.git /opt/exploitdb $ sudo git clone https://gitlab.com/exploit-database/exploitdb.git /opt/exploitdb
$ sudo ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit $ sudo ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit
``` ```
@ -166,5 +170,5 @@ user@MacBook:~$ brew update && brew install exploitdb
The following people made this possible: The following people made this possible:
- [Offensive Security](https://www.offensive-security.com/) - [Offensive Security](https://www.offensive-security.com/)
- [Unix-Ninja](https://github.com/unix-ninja) - [@Unix-Ninja](https://github.com/unix-ninja)
- [g0tmi1k](https://blog.g0tmi1k.com/) - [@g0tmi1k](https://blog.g0tmi1k.com/)

143
searchsploit
View file

@ -1,25 +1,24 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Name: SearchSploit - Exploit-DB's CLI search tool # Name: SearchSploit - Exploit-DB's CLI search tool
# Version: 4.1.3 (2020-06-22) # Version: 4.2.0 (2022-11-10)
# Written by: Offensive Security, Unix-Ninja, and g0tmi1k # Written by: Offensive Security, Unix-Ninja, and g0tmi1k
# Homepage: https://github.com/offensive-security/exploitdb # Homepage: https://gitlab.com/exploit-database/exploitdb
# Manual: https://www.exploit-db.com/searchsploit # Manual: https://www.exploit-db.com/searchsploit
# #
## NOTE: ## NOTE:
# Exit code '0' means finished normally # Exit code '0' means finished successfully
# Exit code '1' means something went wrong # Exit code '1' means something went wrong
# Exit code '2' means help screen # Exit code '2' means help screen
# Exit code '6' means updated packages (APT, brew or Git) # Exit code '6' means updated packages (APT, brew or Git)
#-----------------------------------------------------------------------------# #-----------------------------------------------------------------------------#
## Settings File ## Settings File
rc_file="" rc_file=""
## Default options ## Default options
CLIPBOARD=0 CLIPBOARD=0
COLOUR=1 COLOUR=1
CVE=0
EDBID=0 EDBID=0
EXACT=0 EXACT=0
EXAMINE=0 EXAMINE=0
@ -46,24 +45,24 @@ COLOUR_OFF_GREP=
COLOUR_ON_GREP= COLOUR_ON_GREP=
REGEX_GREP= REGEX_GREP=
## Check if our grep supports --color ## Check if our grep supports --color
if grep --help 2>&1 | grep "[-]-color" >/dev/null 2>&1 ; then if grep --help 2>&1 | grep "[-]-color" >/dev/null 2>&1 ; then
COLOUR_OFF_GREP="--color=never" COLOUR_OFF_GREP="--color=never"
COLOUR_ON_GREP="--color=always" COLOUR_ON_GREP="--color=always"
fi fi
## Check if our grep supports ---perl-regexp ## Check if our grep supports --perl-regexp
if grep --help 2>&1 | grep "[-]-perl-regexp" >/dev/null 2>&1 ; then if grep --help 2>&1 | grep "[-]-perl-regexp" >/dev/null 2>&1 ; then
REGEX_GREP="-P" REGEX_GREP="-P"
else else
REGEX_GREP="-E" REGEX_GREP="-E"
fi fi
## Set LANG variable to avoid illegal byte sequence errors ## Set LANG variable to avoid illegal byte sequence errors
LANG=C LANG=C
## Set TERM
export TERM=xterm-256color
## Usage info ## Usage info
## - https://www.tldp.org/LDP/abs/html/standard-options.html ## - https://www.tldp.org/LDP/abs/html/standard-options.html
@ -82,6 +81,7 @@ function usage() {
echo " ${progname} -s Apache Struts 2.0.0" echo " ${progname} -s Apache Struts 2.0.0"
echo " ${progname} linux reverse password" echo " ${progname} linux reverse password"
echo " ${progname} -j 55555 | json_pp" echo " ${progname} -j 55555 | json_pp"
echo " ${progname} --cve 2021-44228"
echo "" echo ""
echo " For more examples, see the manual: https://www.exploit-db.com/searchsploit" echo " For more examples, see the manual: https://www.exploit-db.com/searchsploit"
echo "" echo ""
@ -89,23 +89,24 @@ function usage() {
echo " Options " echo " Options "
echo "=========" echo "========="
echo "## Search Terms" echo "## Search Terms"
echo " -c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe)" echo " -c, --case [term] Perform a case-sensitive search (Default is inSEnsITiVe)"
echo " -e, --exact [Term] Perform an EXACT & order match on exploit title (Default is an AND match on each term) [Implies \"-t\"]" echo " -e, --exact [term] Perform an EXACT & order match on exploit title (Default is an AND match on each term) [Implies \"-t\"]"
echo " e.g. \"WordPress 4.1\" would not be detect \"WordPress Core 4.1\")" echo " e.g. \"WordPress 4.1\" would not be detect \"WordPress Core 4.1\")"
echo " -s, --strict Perform a strict search, so input values must exist, disabling fuzzy search for version range" echo " -s, --strict Perform a strict search, so input values must exist, disabling fuzzy search for version range"
echo " e.g. \"1.1\" would not be detected in \"1.0 < 1.3\")" echo " e.g. \"1.1\" would not be detected in \"1.0 < 1.3\")"
echo " -t, --title [Term] Search JUST the exploit title (Default is title AND the file's path)" echo " -t, --title [term] Search JUST the exploit title (Default is title AND the file's path)"
echo " --exclude=\"term\" Remove values from results. By using \"|\" to separate, you can chain multiple values" echo " --exclude=\"term\" Remove values from results. By using \"|\" to separate, you can chain multiple values"
echo " e.g. --exclude=\"term1|term2|term3\"" echo " e.g. --exclude=\"term1|term2|term3\""
echo " --cve [CVE] Search for Common Vulnerabilities and Exposures (CVE) value"
echo "" echo ""
echo "## Output" echo "## Output"
echo " -j, --json [Term] Show result in JSON format" echo " -j, --json [term] Show result in JSON format"
echo " -o, --overflow [Term] Exploit titles are allowed to overflow their columns" echo " -o, --overflow [term] Exploit titles are allowed to overflow their columns"
echo " -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible)" echo " -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible)"
echo " -v, --verbose Display more information in output" echo " -v, --verbose Display more information in output"
echo " -w, --www [Term] Show URLs to Exploit-DB.com rather than the local path" echo " -w, --www [term] Show URLs to Exploit-DB.com rather than the local path"
echo " --id Display the EDB-ID value rather than local path" echo " --id Display the EDB-ID value rather than local path"
echo " --colour Disable colour highlighting in search results" echo " --disable-colour Disable colour highlighting in search results"
echo "" echo ""
echo "## Non-Searching" echo "## Non-Searching"
echo " -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory" echo " -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory"
@ -135,7 +136,6 @@ function usage() {
exit 2 exit 2
} }
## Update database check ## Update database check
function update() { function update() {
arraylength="${#files_array[@]}" arraylength="${#files_array[@]}"
@ -150,7 +150,6 @@ function update() {
tmp_package+=("${package_array[${i}]}") tmp_package+=("${package_array[${i}]}")
done done
## Loop around all the new arrays ## Loop around all the new arrays
arraylength="${#tmp_git[@]}" arraylength="${#tmp_git[@]}"
for (( i=0; i<${arraylength}; i++ )); do for (( i=0; i<${arraylength}; i++ )); do
@ -163,7 +162,7 @@ function update() {
if [[ "$?" == "0" ]] && [[ "${apt}" != "" ]]; then if [[ "$?" == "0" ]] && [[ "${apt}" != "" ]]; then
updatedeb "${package}" updatedeb "${package}"
else else
## Update from homebrew (e.g. OSX) ## Update from homebrew (e.g. macOS/OSX)
brew 2>/dev/null >/dev/null brew 2>/dev/null >/dev/null
if [[ "$?" == "0" ]]; then if [[ "$?" == "0" ]]; then
## This only really only updates "./searchsploit". The rest (can) come via git as its updated more frequently ## This only really only updates "./searchsploit". The rest (can) come via git as its updated more frequently
@ -179,7 +178,6 @@ function update() {
exit 6 exit 6
} }
## Update database (via .deb/apt) ## Update database (via .deb/apt)
function updatedeb() { function updatedeb() {
package_in="${1}" package_in="${1}"
@ -194,7 +192,6 @@ function updatedeb() {
echo -e "\n[*] apt update finished" echo -e "\n[*] apt update finished"
} }
## Update database (via homebrew) ## Update database (via homebrew)
function updatedbrew() { function updatedbrew() {
package_in="${1}" package_in="${1}"
@ -208,7 +205,6 @@ function updatedbrew() {
echo -e "\n[*] Brew update finished" echo -e "\n[*] Brew update finished"
} }
## Update database (via Git) ## Update database (via Git)
function updategit() { function updategit() {
package_in="${1}" package_in="${1}"
@ -263,7 +259,6 @@ function updategit() {
echo "[i] Path: ${path_in}/" echo "[i] Path: ${path_in}/"
} }
## Printing dotted lines in the correct manner ## Printing dotted lines in the correct manner
function drawline() { function drawline() {
printf "%0.s-" $( eval echo {1..$(( COL1 + 1 ))} ) printf "%0.s-" $( eval echo {1..$(( COL1 + 1 ))} )
@ -272,11 +267,10 @@ function drawline() {
echo "" echo ""
} }
## Used in searchsploitout/nmap's XML ## Used in searchsploitout/nmap's XML
function validterm() { function validterm() {
## Check to see if its any phrases which would give a TON of incorrect results ## Check to see if its any phrases which would give a TON of incorrect results
if [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "microsoft" ] \ if [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "microsoft" ] \
|| [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "microsoft windows" ] \ || [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "microsoft windows" ] \
|| [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "windows" ] \ || [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "windows" ] \
|| [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "apache" ] \ || [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "apache" ] \
@ -297,7 +291,6 @@ function validterm() {
return 0 return 0
} }
## Used in searchsploitout/nmap's XML ## Used in searchsploitout/nmap's XML
function searchsploitout() { function searchsploitout() {
## Make sure there is a value ## Make sure there is a value
@ -308,7 +301,7 @@ function searchsploitout() {
arg="-t" ## Title search by default! arg="-t" ## Title search by default!
[[ "${COLOUR}" != "1" ]] \ [[ "${COLOUR}" != "1" ]] \
&& arg="${arg} --colour" && arg="${arg} --disable-colour"
[[ "${EDBID}" == "1" ]] \ [[ "${EDBID}" == "1" ]] \
&& arg="${arg} --id" && arg="${arg} --id"
[[ "${JSON}" == "1" ]] \ [[ "${JSON}" == "1" ]] \
@ -378,7 +371,6 @@ function searchsploitout() {
fi fi
} }
## Read XML file ## Read XML file
function nmapxml() { function nmapxml() {
## Feedback to the end user ## Feedback to the end user
@ -424,12 +416,11 @@ function nmapxml() {
done done
} }
## Build search terms ## Build search terms
function buildterms() { function buildterms() {
tag_in="${1}" tag_in="${1}"
## If we are to use colour ("--colour"), add the values to search for between "or" ## If we are to use colour ("--disable-colour"), add the values to search for between "or"
if [[ "${COLOUR}" -eq 1 ]]; then if [[ "${COLOUR}" -eq 1 ]]; then
[[ "${COLOUR_TAG}" ]] \ [[ "${COLOUR_TAG}" ]] \
&& COLOUR_TAG="${COLOUR_TAG}|" && COLOUR_TAG="${COLOUR_TAG}|"
@ -465,7 +456,6 @@ function buildterms() {
fi fi
} }
## Read in the values from files_*.csv ## Read in the values from files_*.csv
function findresults() { function findresults() {
file_in="${1}" file_in="${1}"
@ -480,20 +470,22 @@ function findresults() {
url="exploits" url="exploits"
fi fi
## JSON require full options ("--json") ## JSON require full options ("--json")
if [[ "${JSON}" -eq 1 ]] || [[ "${FUZZY}" -eq 1 ]]; then if [[ "${JSON}" -eq 1 ]] || [[ "${FUZZY}" -eq 1 ]]; then
## Read (id, path, title, date, author, type, platform) separated between commas ## Read (id, path, title, date_published, author, type, platform, port, date_added, date_updated, verified, codes, tags, aliases, screenshot_url, application_url, source_url) separated between commas
## Needs to end with a `,` to match the awk search later for FUZZY_SEARCH with "sort -u" ## Needs to end with a `,` to match the awk search later for FUZZY_SEARCH with "sort -u"
SEARCH="awk -F '[,]' '{print \$1\",\"\$2\",\"\$3\",\"\$4\",\"\$5\",\"\$6\",\"\$7\",\"}' \"${path_in}/${file_in}\"" SEARCH="awk -F '[,]' '{print \$1\",\"\$2\",\"\$3\",\"\$4\",\"\$5\",\"\$6\",\"\$7\",\"\$8\",\"\$9\",\"\$10\",\"\$11\",\"\$12\",\"\$13\",\"\$14\",\"\$15\",\"\$16\",\"\$17}' \"${path_in}/${file_in}\""
## Read (id, path, title) separated between commas & search for less than (and grater than values) too ## Read (id, path, title) separated between commas & search for less than (and grater than values) too
FUZZY_SEARCH="awk -F '[,]' '{print \$1\",\"\$2\",\"\$3}' \"${path_in}/${file_in}\" | grep ${COLOUR_OFF_GREP} \"<\|>\"" FUZZY_SEARCH="awk -F '[,]' '{print \$1\",\"\$2\",\"\$3}' \"${path_in}/${file_in}\" | grep ${COLOUR_OFF_GREP} \"<\|>\""
## CVE ("--cve")
elif [[ "${CVE}" -eq 1 ]]; then
## Read (id, path, title, codes) separated between commas (as these are the visible/common fields)
SEARCH="awk -F '[,]' '{print \$1\",\"\$2\",\"\$3\",\"\$12}' \"${path_in}/${file_in}\""
else else
## Read (id, path, title) separated between commas (as these are the only visible fields) ## Read (id, path, title) separated between commas (as these are the only visible fields)
SEARCH="awk -F '[,]' '{print \$1\",\"\$2\",\"\$3}' \"${path_in}/${file_in}\"" SEARCH="awk -F '[,]' '{print \$1\",\"\$2\",\"\$3}' \"${path_in}/${file_in}\""
fi fi
## EXACT search command ("-e") ## EXACT search command ("-e")
if [[ "${EXACT}" -eq 1 ]]; then if [[ "${EXACT}" -eq 1 ]]; then
buildterms "${TAGS}" buildterms "${TAGS}"
@ -505,25 +497,21 @@ function findresults() {
done done
fi fi
## If we are NOT to use the path name ("-t"/"-e") ## If we are NOT to use the path name ("-t"/"-e")
[[ "${FILEPATH}" -eq 0 ]] \ [[ "${FILEPATH}" -eq 0 ]] \
&& SEARCH="${SEARCH} | awk -F '[,]' '${CASE_TAG_FGREP}(\$3) ~ /${AWK_SEARCH}/ {print}'" && SEARCH="${SEARCH} | awk -F '[,]' '${CASE_TAG_FGREP}(\$3) ~ /${AWK_SEARCH}/ {print}'"
## Remove any terms not wanted from the search ## Remove any terms not wanted from the search
[[ "${EXCLUDE}" ]] \ [[ "${EXCLUDE}" ]] \
&& SEARCH="${SEARCH} | grep ${REGEX_GREP} -vi '${EXCLUDE}'" && SEARCH="${SEARCH} | grep ${REGEX_GREP} -vi '${EXCLUDE}'"
[[ "${EXCLUDE}" ]] && [[ "${FUZZY}" -eq 1 ]] \ [[ "${EXCLUDE}" ]] && [[ "${FUZZY}" -eq 1 ]] \
&& FUZZY_SEARCH="${FUZZY_SEARCH} | grep ${REGEX_GREP} -vi '${EXCLUDE}'" && FUZZY_SEARCH="${FUZZY_SEARCH} | grep ${REGEX_GREP} -vi '${EXCLUDE}'"
## If we are to use colour ("--disable-colour"), add the value here
## If we are to use colour ("--colour"), add the value here
if [[ "${COLOUR_TAG}" ]] && [[ "${JSON}" -eq 0 ]]; then if [[ "${COLOUR_TAG}" ]] && [[ "${JSON}" -eq 0 ]]; then
COLOUR_TAG="grep ${COLOUR_ON_GREP} -iE \"${COLOUR_TAG}|$\"" COLOUR_TAG="grep ${COLOUR_ON_GREP} -iE \"${COLOUR_TAG}|$\""
fi fi
## Dynamically set column widths to the current screen size ## Dynamically set column widths to the current screen size
[[ "${WEBLINK}" -eq 1 ]] \ [[ "${WEBLINK}" -eq 1 ]] \
&& COL2=45 \ && COL2=45 \
@ -532,7 +520,6 @@ function findresults() {
COL1=$(( $( tput cols ) - COL2 - 1 )) COL1=$(( $( tput cols ) - COL2 - 1 ))
## Search, format, and print results (--overflow) ## Search, format, and print results (--overflow)
[[ "${OVERFLOW}" -eq 1 ]] \ [[ "${OVERFLOW}" -eq 1 ]] \
&& FORMAT_COL1=${COL1} \ && FORMAT_COL1=${COL1} \
@ -541,7 +528,6 @@ function findresults() {
## Maximum length COL2 can be ## Maximum length COL2 can be
FORMAT_COL2=$(( ${COL2} - 2 )) FORMAT_COL2=$(( ${COL2} - 2 ))
## Are we doing a fuzzy search & did we manage to detect the version ## Are we doing a fuzzy search & did we manage to detect the version
if [[ "${FUZZY}" -eq 1 ]] && [[ -n "${VERSION}" ]]; then if [[ "${FUZZY}" -eq 1 ]] && [[ -n "${VERSION}" ]]; then
## SubShells - http://mywiki.wooledge.org/BashFAQ/024 ## SubShells - http://mywiki.wooledge.org/BashFAQ/024
@ -562,7 +548,7 @@ function findresults() {
&& [[ "$( echo "${RESULT}" | tail -n 1 )" == "${MAX}" ]]; then && [[ "$( echo "${RESULT}" | tail -n 1 )" == "${MAX}" ]]; then
[ -n "${ID}" ] \ [ -n "${ID}" ] \
&& ID="${ID}|" && ID="${ID}|"
ID="${ID}$( echo $TITLE | awk -F ',' '{print $1}' )" ID="${ID}$( echo ${TITLE} | awk -F ',' '{print $1}' )"
## Found one, no point going on ## Found one, no point going on
break break
fi fi
@ -599,7 +585,6 @@ function findresults() {
) )
fi fi
## Magic search Fu + strip double quotes + Fix any escaping `\` (need todo it again for JSON only later: issues/#173) ## Magic search Fu + strip double quotes + Fix any escaping `\` (need todo it again for JSON only later: issues/#173)
OUTPUT="$( OUTPUT="$(
( \ ( \
@ -610,9 +595,8 @@ function findresults() {
| sort -u | sort -u
)" )"
## If there are no results, no point going on ## If there are no results, no point going on
[[ -z "$OUTPUT" ]] \ [[ -z "${OUTPUT}" ]] \
&& return && return
## Print JSON format (full options) ("--json")? ## Print JSON format (full options) ("--json")?
@ -631,7 +615,7 @@ function findresults() {
else else
OUTPUT="$( echo "${OUTPUT}" \ OUTPUT="$( echo "${OUTPUT}" \
| sed 's_\\_\\\\_g' \ | sed 's_\\_\\\\_g' \
| awk -F ',' '{ printf "\\n\\t\\t'{'\"Title\":\"%s\",\"EDB-ID\":\"%s\",\"Date\":\"%s\",\"Author\":\"%s\",\"Type\":\"%s\",\"Platform\":\"%s\",\"Path\":\"'${path_in}/'%s\"},", $3, $1, $4, $5, $6, $7, $2 }' )" | awk -F ',' '{ printf "\\n\\t\\t'{'\"Title\":\"%s\",\"EDB-ID\":\"%s\",\"Date_Published\":\"%s\",\"Date_Added\":\"%s\",\"Date_Updated\":\"%s\",\"Author\":\"%s\",\"Type\":\"%s\",\"Platform\":\"%s\",\"Port\":\"%s\",\"Verified\":\"%s\",\"Codes\":\"%s\",\"Tags\":\"%s\",\"Aliases\":\"%s\",\"Screenshot\":\"%s\",\"Application\":\"%s\",\"Source\":\"%s\",\"Path\":\"'${path_in}/'%s\"},", $3, $1, $4, $9, $10, $5, $6, $7, $8, $11, $12, $13, $14, $15, $16, $17, $2}' )"
fi fi
OUTPUT="$( echo -e ${OUTPUT} \ OUTPUT="$( echo -e ${OUTPUT} \
| sort -f \ | sort -f \
@ -654,20 +638,17 @@ function findresults() {
| sort -f )" | sort -f )"
fi fi
## Display colour highlights ("--disable-colour")?
## Display colour highlights ("--colour")?
if [[ "${COLOUR_TAG}" ]] && [[ "${JSON}" -eq 0 ]] && [[ "${OUTPUT}" ]]; then if [[ "${COLOUR_TAG}" ]] && [[ "${JSON}" -eq 0 ]] && [[ "${OUTPUT}" ]]; then
OUTPUT=$( echo -e "${OUTPUT}" | eval ${COLOUR_TAG} ) OUTPUT=$( echo -e "${OUTPUT}" | eval ${COLOUR_TAG} )
fi fi
} }
function printresults() { function printresults() {
title_in="${1}" title_in="${1}"
path_in="${2}" path_in="${2}"
json_title="$( echo ${title_in} | tr /a-z/ /A-Z/ )" json_title="$( echo ${title_in} | tr /a-z/ /A-Z/ )"
## Print header if in JSON ("--json") ## Print header if in JSON ("--json")
if [[ "${JSON}" -eq 1 ]]; then if [[ "${JSON}" -eq 1 ]]; then
printf ",\n\t\"DB_PATH_${json_title}\": \"${path_in}\",\n" printf ",\n\t\"DB_PATH_${json_title}\": \"${path_in}\",\n"
@ -690,12 +671,10 @@ function printresults() {
drawline drawline
fi fi
## Show content ## Show content
[[ "${OUTPUT}" ]] \ [[ "${OUTPUT}" ]] \
&& echo "${OUTPUT}" && echo "${OUTPUT}"
## Print footer if in JSON ("--json") ## Print footer if in JSON ("--json")
if [[ "${JSON}" -eq 1 ]]; then if [[ "${JSON}" -eq 1 ]]; then
printf "\t]" printf "\t]"
@ -704,10 +683,8 @@ function printresults() {
fi fi
} }
#-----------------------------------------------------------------------------# #-----------------------------------------------------------------------------#
## Locate setting file ## Locate setting file
## User home folder config ## User home folder config
if [[ -f "${HOME}/.searchsploit_rc" ]]; then if [[ -f "${HOME}/.searchsploit_rc" ]]; then
@ -727,27 +704,25 @@ elif [[ ! -f "${rc_file}" ]]; then
exit 1 exit 1
fi fi
## Use config file ## Use config file
source "${rc_file}" source "${rc_file}"
#-----------------------------------------------------------------------------# #-----------------------------------------------------------------------------#
## Check for empty arguments ## Check for empty arguments
if [[ $# -eq 0 ]]; then if [[ $# -eq 0 ]]; then
usage >&2 usage >&2
fi fi
## Parse long arguments ## Parse long arguments
ARGS="-" ARGS="-"
for param in "$@"; do for param in "$@"; do
if [[ "${param}" == "--case" ]]; then if [[ "${param}" == "--case" ]]; then
SCASE=1 SCASE=1
elif [[ "${param}" == "--colour" ]] || [[ "${param}" == "--color" ]]; then elif [[ "${param}" == "--disable-colour" ]] || [[ "${param}" == "--disablecolour" ]] || [[ "${param}" == "--disable-color" ]] || [[ "${param}" == "--disablecolor" ]]; then
COLOUR="" COLOUR=""
elif [[ "${param}" == "--cve" ]]; then
CVE=1
elif [[ "${param}" == "--exact" ]]; then elif [[ "${param}" == "--exact" ]]; then
EXACT=1 EXACT=1
elif [[ "${param}" == "--examine" ]] || [[ "${param}" == "--open" ]] || [[ "${param}" == "--view" ]]; then elif [[ "${param}" == "--examine" ]] || [[ "${param}" == "--open" ]] || [[ "${param}" == "--view" ]]; then
@ -787,11 +762,10 @@ for param in "$@"; do
shift shift
continue continue
fi fi
TAGS="${TAGS} ${param//\`/_}" TAGS="${TAGS} ${param//[\`\']/_}"
fi fi
done done
## Parse short arguments ## Parse short arguments
while getopts "cehjmnopstuvwx" arg "${ARGS}"; do while getopts "cehjmnopstuvwx" arg "${ARGS}"; do
if [[ "${arg}" = "?" ]]; then if [[ "${arg}" = "?" ]]; then
@ -816,10 +790,8 @@ while getopts "cehjmnopstuvwx" arg "${ARGS}"; do
shift $(( OPTIND - 1 )) shift $(( OPTIND - 1 ))
done done
#-----------------------------------------------------------------------------# #-----------------------------------------------------------------------------#
## Check for files_*.csv ## Check for files_*.csv
arraylength="${#files_array[@]}" arraylength="${#files_array[@]}"
for (( i=0; i<${arraylength}; i++ )); do for (( i=0; i<${arraylength}; i++ )); do
@ -830,13 +802,13 @@ for (( i=0; i<${arraylength}; i++ )); do
## Method #1 - File itself ## Method #1 - File itself
elif [[ -f "$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/${files_array[${i}]}" ]]; then elif [[ -f "$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/${files_array[${i}]}" ]]; then
echo "[i] Found (#1): $( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/${files_array[${i}]}" 1>&2 echo "[i] Found (#1): $( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/${files_array[${i}]}" 1>&2
echo "[i] To remove this message, please edit \"${rc_file}\" for \"${files_array[${i}]}\" (package_array: ${package_array[${i}]})" 1>&2 echo "[i] To remove this message, please edit \"${rc_file}\" which has \"package_array: ${package_array[${i}]}\" to point too: path_array+=(\"$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )\")" 1>&2
echo 1>&2 echo 1>&2
path_array[${i}]="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" path_array[${i}]="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
## Method #2 - Symbolic link ## Method #2 - Symbolic link
elif [[ -f "$( dirname "$( readlink "$0" )" )/${files_array[${i}]}" ]]; then elif [[ -f "$( dirname "$( readlink "$0" )" )/${files_array[${i}]}" ]]; then
echo "[i] Found (#2): $( dirname "$( readlink "$0" )" )/${files_array[${i}]}" 1>&2 echo "[i] Found (#2): $( dirname "$( readlink "$0" )" )/${files_array[${i}]}" 1>&2
echo "[i] To remove this message, please edit \"${rc_file}\" for \"${files_array[${i}]}\" (package_array: ${package_array[${i}]})" 1>&2 echo "[i] To remove this message, please edit \"${rc_file}\" which has \"package_array: ${package_array[${i}]}\" to point too: path_array+=(\"$( dirname "$( readlink "$0" )" )\")" 1>&2
echo 1>&2 echo 1>&2
path_array[${i}]="$( dirname "$( readlink "$0" )" )" path_array[${i}]="$( dirname "$( readlink "$0" )" )"
else else
@ -851,10 +823,8 @@ for (( i=0; i<${arraylength}; i++ )); do
fi fi
done done
#-----------------------------------------------------------------------------# #-----------------------------------------------------------------------------#
## Read in XML ## Read in XML
if [[ "${XML}" -eq 1 ]]; then if [[ "${XML}" -eq 1 ]]; then
## Trim white spaces ## Trim white spaces
@ -883,14 +853,12 @@ if [[ "${XML}" -eq 1 ]]; then
exit 0 exit 0
fi fi
## Print the full path. If pbcopy/xclip is available then copy to the clipboard ## Print the full path. If pbcopy/xclip is available then copy to the clipboard
if [[ "${GETPATH}" -eq 1 ]]; then if [[ "${GETPATH}" -eq 1 ]]; then
for exploit in ${TAGS}; do for exploit in ${TAGS}; do
## Get EDB-ID from input ## Get EDB-ID from input
edbdb="$( echo ${exploit} | rev | cut -d '/' -f1 | rev | cut -d'-' -f1 | cut -d'.' -f1 | tr -dc '0-9' )" edbdb="$( echo ${exploit} | rev | cut -d '/' -f1 | rev | cut -d'-' -f1 | cut -d'.' -f1 | tr -dc '0-9' )"
## Loop until we find something ## Loop until we find something
arraylength="${#files_array[@]}" arraylength="${#files_array[@]}"
for (( i=0; i<${arraylength}; i++ )); do for (( i=0; i<${arraylength}; i++ )); do
@ -900,7 +868,7 @@ if [[ "${GETPATH}" -eq 1 ]]; then
line=$( grep -m 1 -E "^${edbdb}," "${files}" ) line=$( grep -m 1 -E "^${edbdb}," "${files}" )
if [[ "${line}" ]]; then if [[ "${line}" ]]; then
path="$( echo $line | cut -d ',' -f 2 )" path="$( echo ${line} | cut -d ',' -f 2 )"
location="${path_array[${i}]}/${path}" location="${path_array[${i}]}/${path}"
name="${name_array[${i}]}" name="${name_array[${i}]}"
@ -916,12 +884,25 @@ if [[ "${GETPATH}" -eq 1 ]]; then
fi fi
done done
## Did we find the exploit? ## Did we find the exploit?
if [[ -f "${location}" ]]; then if [[ -f "${location}" ]]; then
## Get title ## Get title
title=$( grep -m 1 "${path}" "${files}" | cut -d ',' -f 3 | sed 's/"//g' ) title=$( grep -m 1 "${path}" "${files}" | cut -d ',' -f 3 | sed 's/"//g' )
## Get codes
codes=$( grep -m 1 "${path}" "${files}" | cut -d ',' -f 12 | sed 's/"//g' )
if [ -z "${codes}" ]; then
codes="N/A"
fi
## Get verified status
verified=$( grep -m 1 "${path}" "${files}" | cut -d ',' -f 11 | sed 's/"//g' )
if [ "${verified}" = "1" ]; then
verified="True"
else
verified="False"
fi
## File type ## File type
fileinfo="$( file -b "${location}" )" fileinfo="$( file -b "${location}" )"
@ -932,7 +913,10 @@ if [[ "${GETPATH}" -eq 1 ]]; then
printf "%-${PADDING}s%s" printf "%-${PADDING}s%s"
echo "${name}: ${title}" echo "${name}: ${title}"
echo " URL: https://www.exploit-db.com/${url}" echo " URL: https://www.exploit-db.com/${url}"
## Handy when dong --mirror
echo " Path: ${location}" echo " Path: ${location}"
echo " Codes: ${codes}"
echo " Verified: ${verified}"
echo "File Type: ${fileinfo}" echo "File Type: ${fileinfo}"
echo "" echo ""
@ -940,11 +924,11 @@ if [[ "${GETPATH}" -eq 1 ]]; then
if [[ "${CLIPBOARD}" -eq 1 ]]; then if [[ "${CLIPBOARD}" -eq 1 ]]; then
## Are any copy programs available? ## Are any copy programs available?
if hash xclip 2>/dev/null || hash pbcopy 2>/dev/null; then if hash xclip 2>/dev/null || hash pbcopy 2>/dev/null; then
## Linux (Will require $DISPLAY) ## Linux (Will require ${DISPLAY})
if hash xclip 2>/dev/null; then if hash xclip 2>/dev/null; then
echo -ne "${location}" | xclip -selection clipboard 2>/dev/null echo -ne "${location}" | xclip -selection clipboard 2>/dev/null
echo "Copied EDB-ID #${edbdb}'s path to the clipboard" echo "Copied EDB-ID #${edbdb}'s path to the clipboard"
## OSX ## macOS/OSX
elif hash pbcopy 2>/dev/null; then elif hash pbcopy 2>/dev/null; then
echo -ne "${location}" | pbcopy echo -ne "${location}" | pbcopy
echo "Copied EDB-ID #${edbdb}'s path to the clipboard" echo "Copied EDB-ID #${edbdb}'s path to the clipboard"
@ -983,25 +967,20 @@ if [[ "${GETPATH}" -eq 1 ]]; then
exit 0 exit 0
fi fi
#-----------------------------------------------------------------------------# #-----------------------------------------------------------------------------#
## Are we are doing an exact match ("-e")? If so, do NOT check folder path (Implies "-t"). ## Are we are doing an exact match ("-e")? If so, do NOT check folder path (Implies "-t").
[[ "${EXACT}" -eq 1 ]] \ [[ "${EXACT}" -eq 1 ]] \
&& FILEPATH=0 && FILEPATH=0
## Case sensitive ("-c"), remove the default flags ## Case sensitive ("-c"), remove the default flags
[[ "${SCASE}" -eq 1 ]] \ [[ "${SCASE}" -eq 1 ]] \
&& CASE_TAG_GREP="" \ && CASE_TAG_GREP="" \
&& CASE_TAG_FGREP="" && CASE_TAG_FGREP=""
## Remove leading space ## Remove leading space
TAGS="$( echo ${TAGS} | sed -e 's/^[[:space:]]//' )" TAGS="$( echo ${TAGS} | sed -e 's/^[[:space:]]//' )"
## Check to see if the version of "sort" is supported ## Check to see if the version of "sort" is supported
echo | sort -V 2>/dev/null >/dev/null echo | sort -V 2>/dev/null >/dev/null
if [ $? -ne "0" ]; then if [ $? -ne "0" ]; then
@ -1010,7 +989,6 @@ if [ $? -ne "0" ]; then
FUZZY=0 FUZZY=0
fi fi
## Some regex to try and detect version ## Some regex to try and detect version
## Basic: major.minor[.build][.revision] // major.minor[.maintenance][.build] -- example: 1.2.3.4) ## Basic: major.minor[.build][.revision] // major.minor[.maintenance][.build] -- example: 1.2.3.4)
## Plus alphanumeric (e.g. alpha, beta): 1a, 2.2b, 3.3-c, 4.4-rc4, 5.5-r ## Plus alphanumeric (e.g. alpha, beta): 1a, 2.2b, 3.3-c, 4.4-rc4, 5.5-r
@ -1032,7 +1010,6 @@ for tag_in in ${TAGS}; do
fi fi
done done
## Did not get a version? If so, no point doing a fuzzy search ## Did not get a version? If so, no point doing a fuzzy search
if [[ "${FUZZY}" -eq 1 ]] && [[ -z "${VERSION}" ]] && [[ "${VERBOSE}" -eq 1 ]]; then if [[ "${FUZZY}" -eq 1 ]] && [[ -z "${VERSION}" ]] && [[ "${VERBOSE}" -eq 1 ]]; then
echo "[i] Unable to detect version in terms: ${TAGS}" 1>&2 echo "[i] Unable to detect version in terms: ${TAGS}" 1>&2
@ -1040,20 +1017,16 @@ if [[ "${FUZZY}" -eq 1 ]] && [[ -z "${VERSION}" ]] && [[ "${VERBOSE}" -eq 1 ]];
FUZZY=0 FUZZY=0
fi fi
## Is it just a single tag, disable fuzzy ## Is it just a single tag, disable fuzzy
[[ "${TAGS}" != *" "* ]] \ [[ "${TAGS}" != *" "* ]] \
&& FUZZY=0 && FUZZY=0
#-----------------------------------------------------------------------------# #-----------------------------------------------------------------------------#
## Print header if in JSON ("--json") ## Print header if in JSON ("--json")
[[ "${JSON}" -eq 1 ]] \ [[ "${JSON}" -eq 1 ]] \
&& printf "{\n\t\"SEARCH\": \"${TAGS}\"" && printf "{\n\t\"SEARCH\": \"${TAGS}\""
## Check for files_*.csv ## Check for files_*.csv
arraylength="${#files_array[@]}" arraylength="${#files_array[@]}"
for (( i=0; i<${arraylength}; i++ )); do for (( i=0; i<${arraylength}; i++ )); do
@ -1070,11 +1043,9 @@ for (( i=0; i<${arraylength}; i++ )); do
COLOUR_TAG="" COLOUR_TAG=""
done done
## Print footer if in JSON ("--json") ## Print footer if in JSON ("--json")
[[ "${JSON}" -eq 1 ]] \ [[ "${JSON}" -eq 1 ]] \
&& printf "\n}\n" && printf "\n}\n"
## Done ## Done
exit 0 exit 0