bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'g0tmi1k-searchsploit'

Browse source
This commit is contained in:
Offensive Security 2016-03-18 15:51:05 +00:00
commit 2af7b4dfb6
2 changed files with 150 additions and 94 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
README.md
View file

@ -1,7 +1,7 @@
The Exploit-Database Git Repository
===================================
This is the official repository of [The Exploit Database](http://www.exploit-db.com/), a project sponsored by [Offensive Security](https://www.offensive-security.com/).
This is the official repository of [The Exploit Database](https://www.exploit-db.com/), a project sponsored by [Offensive Security](https://www.offensive-security.com/).
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
@ -11,7 +11,7 @@ Included with this repository is the **searchsploit** utility, which will allow
```
root@kali:~# searchsploit -h
Usage: searchsploit [OPTIONS] term1 [term2] ... [termN]
Usage: searchsploit [options] term1 [term2] ... [termN]
Example:
searchsploit afd windows local
searchsploit -t oracle windows
@ -19,34 +19,38 @@ Example:
=========
Options
=========
-c, --case Perform a case-sensitive search (Default is insensitive).
-h, --help Show this help screen.
-t, --title Search just the exploit title (Default is title AND the file's path).
-u, --update Update exploit database from git.
-v, --verbose Verbose output. Title lines are allowed to overflow their columns.
-w, --www Show URLs to Exploit-DB.com rather than local path.
--colour Disable colour highlighting.
--id Display EDB-ID value rather than local path.
-c, --case Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-o, --overflow Exploit title's are allowed to overflow their columns.
-t, --title Search just the exploit title (Default is title AND the file's path).
-u, --update Update exploit database from git.
-w, --www Show URLs to Exploit-DB.com rather than local path.
--id Display EDB-ID value rather than local path.
--colour Disable colour highlighting.
=======
Notes
=======
* Use any number of search terms, in any order.
* Use any number of search terms.
* Search terms are not case sensitive, and order is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* Use '-t' to exclude the file's path to filter the search results.
* Could possibly remove false positives (especially when searching numbers).
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching numbers/versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~# searchsploit afd windows local
------------------------------------------------------------ ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
------------------------------------------------------------ ----------------------------------
MS Windows XP/2003 - AFD.sys Privilege Escalation Exploit (K| /windows/local/6757.txt
Microsoft Windows XP - AFD.sys Local Kernel DoS Exploit | /windows/dos/17133.c
Windows XP/2003 Afd.sys - Local Privilege Escalation Exploit| /windows/local/18176.py
Windows - AfdJoinLeaf Privilege Escalation (MS11-080) | /windows/local/21844.rb
------------------------------------------------------------ ----------------------------------
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows 2003/XP - AFD.sys Privilege Escalation Exploit (K-plugin) | ./windows/local/6757.txt
Microsoft Windows XP - AFD.sys Local Kernel DoS Exploit | ./windows/dos/17133.c
Microsoft Windows XP/2003 Afd.sys - Local Privilege Escalation Exploit (MS11-080)| ./windows/local/18176.py
Microsoft Windows - AfdJoinLeaf Privilege Escalation (MS11-080) | ./windows/local/21844.rb
Microsoft Windows - AFD.SYS Dangling Pointer Privilege Escalation (MS14-040) | ./win32/local/39446.py
Microsoft Windows 7 x64 - AFD.SYS Privilege Escalation (MS14-040) | ./win64/local/39525.py
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
```

196
searchsploit
View file

@ -1,9 +1,9 @@
#!/bin/bash
# Name: searchsploit - Exploit-DB's CLI search tool
# Version: 3.1 (Release date: 2015-07-08)
# Name: SearchSploit - Exploit-DB's CLI search tool
# Version: 3.2 (Release date: 2016-03-18)
# Written by: Offensive Security, Unix-Ninja & g0tmi1k
# Homepage: https://github.com/offensive-security/exploit-database
#
## NOTE:
# Exit code '0' means finished normally
# Exit code '1' means finished help screen
@ -14,18 +14,29 @@
gitpath="/usr/share/exploitdb"
csvpath="${gitpath}/files.csv"
## Program settings
gitremote="https://github.com/offensive-security/exploit-database.git"
progname="$( basename "$0" )"
## Default options
TAGS=""
SCASE="tolower"
VERBOSE=0
WEBLINK=0
COLOUR=1
EDBID=0
COLOUR='true'
EXACT=0
FILEPATH=1
OVERFLOW=0
WEBLINK=0
SCASE=0
TAGS=""
CASE_TAG_GREP="-i"
CASE_TAG_FGREP="tolower"
COLOUR_TAG=""
SEARCH=""
## Set LANG variable to avoid illegal byte sequence errors
LANG=C
## If files.csv is in the searchsploit path, use that instead
@ -45,23 +56,25 @@ function usage()
echo "========="
echo " Options "
echo "========="
echo " -c, --case Perform a case-sensitive search (Default is insensitive)."
echo " -h, --help Show this help screen."
echo " -t, --title Search just the exploit title (Default is title AND the file's path)."
echo " -u, --update Update exploit database from git."
echo " -v, --verbose Verbose output. Title lines are allowed to overflow their columns."
echo " -w, --www Show URLs to Exploit-DB.com rather than local path."
echo " --colour Disable colour highlighting."
echo " --id Display EDB-ID value rather than local path."
echo " -c, --case Perform a case-sensitive search (Default is inSEnsITiVe)."
echo " -e, --exact Perform an EXACT match on exploit title (Default is AND) [Implies \"-t\"]."
echo " -h, --help Show this help screen."
echo " -o, --overflow Exploit title's are allowed to overflow their columns."
echo " -t, --title Search just the exploit title (Default is title AND the file's path)."
echo " -u, --update Update exploit database from git."
echo " -w, --www Show URLs to Exploit-DB.com rather than local path."
echo " --id Display EDB-ID value rather than local path."
echo " --colour Disable colour highlighting."
echo
echo "======="
echo " Notes "
echo "======="
echo " * Use any number of search terms, in any order."
echo " * Use any number of search terms."
echo " * Search terms are not case sensitive, and order is irrelevant."
echo " * Use '-c' if you wish to reduce results by case-sensitive searching."
echo " * And/Or '-e' if you wish to filter results by using an exact match."
echo " * Use '-t' to exclude the file's path to filter the search results."
echo " * Could possibly remove false positives (especially when searching numbers)."
echo " * Remove false positives (especially when searching numbers/versions)."
echo " * When updating from git or displaying help, search terms will be ignored."
echo ""
exit 1
@ -70,10 +83,11 @@ function usage()
## Update database (via GIT)
function update()
{
## Make sure we are in the correct folder
mkdir -p "${gitpath}/"
cd "${gitpath}/"
# Make sure a git repo is init before updating
## Make sure a git repo is init before updating
if [[ "$( git rev-parse --is-inside-work-tree )" != "true" ]]; then
if [[ "$( ls )" = "" ]]; then
# If directory is empty, just clone
@ -122,19 +136,21 @@ fi
ARGS="-"
for param in "$@"; do
if [[ "${param}" == "--case" ]]; then
SCASE=''
SCASE=1
elif [[ "${param}" == "--exact" ]]; then
EXACT=1
elif [[ "${param}" == "--help" ]]; then
usage >&2
elif [[ "${param}" == "--overflow" ]]; then
OVERFLOW=1
elif [[ "${param}" == "--title" ]]; then
FILEPATH=0
elif [[ "${param}" == "--update" ]]; then
update
elif [[ "${param}" == "--www" ]]; then
WEBLINK=1
elif [[ "${param}" == "--verbose" ]]; then
VERBOSE=1
elif [[ "${param}" == "--colour" ]] || [[ "${param}" == "--color" ]]; then
COLOUR=''
COLOUR=""
elif [[ "${param}" == "--id" ]]; then
EDBID=1
else
@ -149,24 +165,39 @@ done
## Parse short arguments
while getopts "chtuvw" arg "${ARGS}"; do
while getopts "cehotuw" arg "${ARGS}"; do
if [[ "${arg}" = "?" ]]; then
usage >&2;
fi
case ${arg} in
c) SCASE='';;
c) SCASE=1;;
e) EXACT=1;;
h) usage >&2;;
o) OVERFLOW=1;;
t) FILEPATH=0;;
u) update;;
v) VERBOSE=1;;
w) WEBLINK=1;;
esac
shift $(( OPTIND - 1 ))
done
## Dynamically set column widths
if [[ "${WEBLINK}" -eq '1' ]]; then
## If we are doing an exact match, do not check folder path.
if [[ "${EXACT}" -eq 1 ]]; then
FILEPATH=0
fi
## Case sensitive?
if [[ "${SCASE}" -eq 1 ]]; then
## Remove the default flags
CASE_TAG_GREP=""
CASE_TAG_FGREP=""
fi
## Dynamically set column widths to the current screen size
if [[ "${WEBLINK}" -eq 1 ]]; then
COL2=45
else
COL2=35
@ -177,9 +208,9 @@ COL1=$(( $( tput cols ) - COL2 - 1 ))
## Print header
drawline
printf "%-${COL1}s %s" " Exploit Title"
if [[ "${WEBLINK}" -eq '1' ]]; then
if [[ "${WEBLINK}" -eq 1 ]]; then
echo "| URL"
elif [[ "${EDBID}" -eq '1' ]]; then
elif [[ "${EDBID}" -eq 1 ]]; then
echo "| EDB-ID"
else
echo "| Path"
@ -188,69 +219,90 @@ else
fi
drawline
## Create (AND) search command
SEARCH=
for tag in ${TAGS}; do
if [[ "${COLOUR}" ]]; then
COLOUR="${COLOUR}\|${tag}"
fi
if [[ "${FILEPATH}" -eq 1 ]]; then
if [[ "${SCASE}" ]]; then
SCASE='-i'
fi
if [[ "${SEARCH}" ]]; then
SEARCH="${SEARCH} |"
fi
SEARCH="${SEARCH} fgrep ${SCASE} \"${tag}\""
## EXACT search command?
if [[ "${EXACT}" -eq 1 ]]; then
## Case sensitive?
if [[ "${SCASE}" -eq 1 ]]; then
SEARCH="${TAGS}"
else
if [[ "${SEARCH}" ]]; then
SEARCH="${SEARCH}/ && ${SCASE}(\$1) ~ /"
fi
if [[ "${SCASE}" ]]; then
tag="$( echo ${tag} | tr '[:upper:]' '[:lower:]' )"
fi
SEARCH="${SEARCH}${tag}"
SEARCH="$( echo ${TAGS} | tr '[:upper:]' '[:lower:]' )"
fi
done
if [[ "${FILEPATH}" -ne 1 ]]; then
SEARCH="awk -F '[|]' '${SCASE}(\$1) ~ /${SEARCH}/ {print}'"
fi
## Remove leading space
SEARCH="$(echo ${SEARCH} | sed -e 's/^[[:space:]]//')"
if [[ "${COLOUR}" ]]; then
SEARCH="${SEARCH} | grep --color=always -ie \"\${COLOUR}\""
## If we are to use colour, add the values to search for
if [[ "${COLOUR}" -eq 1 ]]; then
COLOUR_TAG="${SEARCH}"
fi
## or AND search command?
else
## For each term
for tag in ${TAGS}; do
## If we are to use colour, add the values to search for between "or"
if [[ "${COLOUR}" -eq 1 ]]; then
COLOUR_TAG="${COLOUR_TAG}\|${tag}"
fi
## Search both title and path?
if [[ "${FILEPATH}" -eq 1 ]]; then
## Is there a value already?
if [[ "${SEARCH}" ]]; then
SEARCH="${SEARCH} |"
fi
## Search command for each term
SEARCH="${SEARCH} fgrep ${CASE_TAG_GREP} \"${tag}\""
## Search just the title, not the path
else
## If there is already a value, prepend text to get ready
if [[ "${SEARCH}" ]]; then
SEARCH="${SEARCH}/ && ${CASE_TAG_FGREP}(\$1) ~ /"
fi
## Case sensitive?
if [[ "${SCASE}" -eq 1 ]]; then
EARCH="${SEARCH}${tag}"
else
SEARCH="${SEARCH}$( echo ${tag} | tr '[:upper:]' '[:lower:]' )"
fi
fi
done
fi
## Set LANG variable to avoid illegal byte sequence errors
LANG=C
## If we are not to use the path name
if [[ "${FILEPATH}" -eq 0 ]]; then
SEARCH="awk -F '[|]' '${CASE_TAG_FGREP}(\$1) ~ /${SEARCH}/ {print}'"
fi
## If we are to use colour, add the value here
if [[ "${COLOUR_TAG}" ]]; then
SEARCH="${SEARCH} | grep --color=always -ie \"\${COLOUR_TAG}\""
fi
## Search, format, and print results
if [[ "${VERBOSE}" -eq 0 ]]; then
FORMAT=${COL1}'.'${COL1}
else
if [[ "${OVERFLOW}" -eq 1 ]]; then
FORMAT=${COL1}
else
FORMAT=${COL1}'.'${COL1}
fi
## Magic search Fu
## Web link format?
if [[ "${WEBLINK}" -eq '1' ]]; then
## Magic search Fu
if [[ "${WEBLINK}" -eq 1 ]]; then
awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, "https://www.exploit-db.com/exploits/"$1"/"}' "${csvpath}" \
| eval "${SEARCH}"
elif [[ "${EDBID}" -eq '1' ]]; then
## Magic search Fu
## Just the EDB-ID?
elif [[ "${EDBID}" -eq 1 ]]; then
awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $1}' "${csvpath}" \
| eval "${SEARCH}"
## Default view
else
## Magic search Fu
awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $2}' "${csvpath}" \
| eval "${SEARCH}" \
| sed "s/| platforms/| ./"