Merge pull request #69 from g0tmi1k/searchsploit

Fixes for #64, #66 & #67 (Take 2)
2016-12-20 14:31:55 +00:00 · 2016-12-20 14:31:55 +00:00 · 1d549a3241
commit 1d549a3241
parent 62dddb2f49 688cd13e96
1 changed files with 42 additions and 30 deletions
--- a/72
+++ b/72
@ -1,6 +1,6 @@
 #!/bin/bash
 #       Name: SearchSploit - Exploit-DB's CLI search tool
-#    Version: 3.7.2 (Release date: 2016-12-08)
+#    Version: 3.7.3 (Release date: 2016-12-20)
 # Written by: Offensive Security, Unix-Ninja, and g0tmi1k
 #   Homepage: https://github.com/offensive-security/exploit-database
 #
@ -238,7 +238,7 @@ function searchsploitout()
      if [[ "${lines}" -gt 100 ]]; then
        echo -e "[-] Skipping output: ${tmp}   (Too many results. Please re-search manually: $0 ${arg} ${tmp})\n" 1>&2
      ## Are there any result?
-      elif [[ "${lines}" -gt 6 ]]; then
+      elif [[ "${lines}" -gt 5 ]]; then
        echo -e "${out}\n\n"
      ## If there's no results
      else
@ -262,7 +262,7 @@ function searchsploitout()
    if [[ "${lines}" -gt 100 ]]; then
      echo -e "[-] Skipping output: ${software}   (Too many results. Please re-search manually: $0 ${arg} ${software})\n" 1>&2
    ## Are there any result?
-    elif [[ "${lines}" -gt 6 ]]; then
+    elif [[ "${lines}" -gt 5 ]]; then
      echo -e "${out}\n\n"
    fi
  fi
@ -273,7 +273,7 @@ function searchsploitout()
 function nmapxml()
 {
  ## Remove any old traces
-  rm -f /tmp/searchsploitout
+  rm -f /tmp/searchsploit.{tmp,out}

  ## Feedback to the end user
  echo -e "[i] Reading: '${FILE}'\n"
@ -286,28 +286,37 @@ function nmapxml()
      type=$( echo "${line}" | cut -d" " -f 1 )
      input=$( echo "${line}" | cut -d" " -f 2- )

-    case "${type}" in
-      "[IP]")
-        #[[ "${VERBOSE}" -eq 1 ]] && echo -e "\n\n\e[32m[*] IP: ${input}\e[39m" 1>&2
-        ;;
-      "[NAME]")
-        #searchsploitout
-        echo "${software}" >> /tmp/searchsploitout
-        software="${input}"
-        ;;
-      "[PRODUCT]")
-        software="${input}"
-        ;;
-      "[VERSION]")
-        software="${software} ${input}"
-        ;;
+      case "${type}" in
+        "[IP]")
+          #[[ "${VERBOSE}" -eq 1 ]] && echo -e "\n\n\e[32m[*] IP: ${input}\e[39m" 1>&2
+          ;;
+        "[NAME]")
+          ## If we have already looped around and got something, save it before moving onto the current value
+          if [[ "${software}" ]]; then
+            #searchsploitout
+            echo "${software}" >> /tmp/searchsploit.out
+          fi
+          ## Something is better than nothing. Will just go on the default service that matches the port.   e.g. domain
+          software="${input}"
+          ## Might not get any more than this, if -sV failed
+          echo "${software}" > /tmp/searchsploit.tmp
+          ;;
+        "[PRODUCT]")
+          ## We have a name, but no version (yet?)   e.g. dnsmasq
+          software="${input}"
+          echo "${software}" > /tmp/searchsploit.tmp
+          ;;
+        "[VERSION]")
+          software="${software} ${input}"
+          ## Name & version. There isn't any more information to get, game over.   e.g. dnsmasq 2.72
+          echo "${software}" >> /tmp/searchsploit.out
+          echo "" > /tmp/searchsploit.tmp
+          ;;
      esac
  done
-  #searchsploitout
-  echo "${software}" >> /tmp/searchsploitout

  ## Read in from file (so there are no duplicates - ...but unable to print out IPs)
-  cat /tmp/searchsploitout | tr '[:upper:]' '[:lower:]'  | awk '!x[$0]++' | while read software; do
+  cat /tmp/searchsploit.tmp /tmp/searchsploit.out 2>/dev/null | tr '[:upper:]' '[:lower:]' | awk '!x[$0]++' | while read software; do
    searchsploitout
  done
 }
@ -615,37 +624,40 @@ else
 fi


+## Strip un-wanted values
+SEARCH="${SEARCH} | sed 's/\"//g'"
+
+
 ## Magic search Fu
 ## Web link format ("--www")?
 if [[ "${WEBLINK}" -eq 1 ]]; then
  OUTPUT="$( eval ${SEARCH} \
-    | awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, "https://www.exploit-db.com/exploits/"$1"/"}' )"
+    | awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, "https://www.exploit-db.com/exploits/"$1"/"}' )"
 ## Just the EDB-ID ("--id")?
 elif [[ "${EDBID}" -eq 1 ]]; then
  OUTPUT="$( eval ${SEARCH} \
-    | awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $1 }' )"
+    | awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, $1 }' )"
 ## Print JSON format (full options) ("--json")?
 elif [[ "${JSON}" -eq 1 ]]; then
  OUTPUT="$( eval ${SEARCH} \
-    | awk -F "\"*,\"*" '{ printf "\r\t\t'{'\"Exploit\":\"%s,\"Path\":\"'${gitpath}/'%s\",\"EDB-ID\":%s},\n", $3, $2, $1 }' \
+    | awk -F ',' '{ printf "\r\t\t'{'\"Exploit\":\"%s\",\"Path\":\"'${gitpath}/'%s\",\"EDB-ID\":%s},\n", $3, $2, $1 }' \
    | sed '$ s/,$//g' )"
 ## Default view
 else
  OUTPUT="$( eval ${SEARCH} \
-    | awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $2 }' \
-    | sed "s/| platforms/| /" )"
+    | awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, $2 }' \
+    | sed 's/| platforms/| /' )"
 fi


 ## Display colour highlights ("--colour")?
 if [[ "${COLOUR_TAG}" ]] && [[ "${JSON}" -eq 0 ]]; then
-  OUTPUT=$( echo -e "${OUTPUT}" | eval ${COLOUR_TAG} )
+  [[ "${OUTPUT}" ]] && OUTPUT=$( echo -e "${OUTPUT}" | eval ${COLOUR_TAG} )
 fi


 ## Show content
-echo "${OUTPUT}"
-
+[[ "${OUTPUT}" ]] && echo "${OUTPUT}"

 ## Print footer if NOT in JSON ("--json")
 if [[ "${JSON}" -eq 0 ]]; then