diff --git a/searchsploit b/searchsploit index 83e977370..45a66ca8a 100755 --- a/searchsploit +++ b/searchsploit @@ -1,6 +1,6 @@ #!/bin/bash # Name: SearchSploit - Exploit-DB's CLI search tool -# Version: 3.7.2 (Release date: 2016-12-08) +# Version: 3.7.3 (Release date: 2016-12-20) # Written by: Offensive Security, Unix-Ninja, and g0tmi1k # Homepage: https://github.com/offensive-security/exploit-database # @@ -238,7 +238,7 @@ function searchsploitout() if [[ "${lines}" -gt 100 ]]; then echo -e "[-] Skipping output: ${tmp} (Too many results. Please re-search manually: $0 ${arg} ${tmp})\n" 1>&2 ## Are there any result? - elif [[ "${lines}" -gt 6 ]]; then + elif [[ "${lines}" -gt 5 ]]; then echo -e "${out}\n\n" ## If there's no results else @@ -262,7 +262,7 @@ function searchsploitout() if [[ "${lines}" -gt 100 ]]; then echo -e "[-] Skipping output: ${software} (Too many results. Please re-search manually: $0 ${arg} ${software})\n" 1>&2 ## Are there any result? - elif [[ "${lines}" -gt 6 ]]; then + elif [[ "${lines}" -gt 5 ]]; then echo -e "${out}\n\n" fi fi @@ -273,7 +273,7 @@ function searchsploitout() function nmapxml() { ## Remove any old traces - rm -f /tmp/searchsploitout + rm -f /tmp/searchsploit.{tmp,out} ## Feedback to the end user echo -e "[i] Reading: '${FILE}'\n" @@ -286,28 +286,37 @@ function nmapxml() type=$( echo "${line}" | cut -d" " -f 1 ) input=$( echo "${line}" | cut -d" " -f 2- ) - case "${type}" in - "[IP]") - #[[ "${VERBOSE}" -eq 1 ]] && echo -e "\n\n\e[32m[*] IP: ${input}\e[39m" 1>&2 - ;; - "[NAME]") - #searchsploitout - echo "${software}" >> /tmp/searchsploitout - software="${input}" - ;; - "[PRODUCT]") - software="${input}" - ;; - "[VERSION]") - software="${software} ${input}" - ;; + case "${type}" in + "[IP]") + #[[ "${VERBOSE}" -eq 1 ]] && echo -e "\n\n\e[32m[*] IP: ${input}\e[39m" 1>&2 + ;; + "[NAME]") + ## If we have already looped around and got something, save it before moving onto the current value + if [[ "${software}" ]]; then + #searchsploitout + echo "${software}" >> /tmp/searchsploit.out + fi + ## Something is better than nothing. Will just go on the default service that matches the port. e.g. domain + software="${input}" + ## Might not get any more than this, if -sV failed + echo "${software}" > /tmp/searchsploit.tmp + ;; + "[PRODUCT]") + ## We have a name, but no version (yet?) e.g. dnsmasq + software="${input}" + echo "${software}" > /tmp/searchsploit.tmp + ;; + "[VERSION]") + software="${software} ${input}" + ## Name & version. There isn't any more information to get, game over. e.g. dnsmasq 2.72 + echo "${software}" >> /tmp/searchsploit.out + echo "" > /tmp/searchsploit.tmp + ;; esac done - #searchsploitout - echo "${software}" >> /tmp/searchsploitout ## Read in from file (so there are no duplicates - ...but unable to print out IPs) - cat /tmp/searchsploitout | tr '[:upper:]' '[:lower:]' | awk '!x[$0]++' | while read software; do + cat /tmp/searchsploit.tmp /tmp/searchsploit.out 2>/dev/null | tr '[:upper:]' '[:lower:]' | awk '!x[$0]++' | while read software; do searchsploitout done } @@ -615,37 +624,40 @@ else fi +## Strip un-wanted values +SEARCH="${SEARCH} | sed 's/\"//g'" + + ## Magic search Fu ## Web link format ("--www")? if [[ "${WEBLINK}" -eq 1 ]]; then OUTPUT="$( eval ${SEARCH} \ - | awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, "https://www.exploit-db.com/exploits/"$1"/"}' )" + | awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, "https://www.exploit-db.com/exploits/"$1"/"}' )" ## Just the EDB-ID ("--id")? elif [[ "${EDBID}" -eq 1 ]]; then OUTPUT="$( eval ${SEARCH} \ - | awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $1 }' )" + | awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, $1 }' )" ## Print JSON format (full options) ("--json")? elif [[ "${JSON}" -eq 1 ]]; then OUTPUT="$( eval ${SEARCH} \ - | awk -F "\"*,\"*" '{ printf "\r\t\t'{'\"Exploit\":\"%s,\"Path\":\"'${gitpath}/'%s\",\"EDB-ID\":%s},\n", $3, $2, $1 }' \ + | awk -F ',' '{ printf "\r\t\t'{'\"Exploit\":\"%s\",\"Path\":\"'${gitpath}/'%s\",\"EDB-ID\":%s},\n", $3, $2, $1 }' \ | sed '$ s/,$//g' )" ## Default view else OUTPUT="$( eval ${SEARCH} \ - | awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $2 }' \ - | sed "s/| platforms/| /" )" + | awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, $2 }' \ + | sed 's/| platforms/| /' )" fi ## Display colour highlights ("--colour")? if [[ "${COLOUR_TAG}" ]] && [[ "${JSON}" -eq 0 ]]; then - OUTPUT=$( echo -e "${OUTPUT}" | eval ${COLOUR_TAG} ) + [[ "${OUTPUT}" ]] && OUTPUT=$( echo -e "${OUTPUT}" | eval ${COLOUR_TAG} ) fi ## Show content -echo "${OUTPUT}" - +[[ "${OUTPUT}" ]] && echo "${OUTPUT}" ## Print footer if NOT in JSON ("--json") if [[ "${JSON}" -eq 0 ]]; then