bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'g0tmi1k-searchsploit'

Browse source
This commit is contained in:
Offensive Security 2016-03-18 15:51:05 +00:00
commit 2af7b4dfb6
2 changed files with 150 additions and 94 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
README.md
View file

@ -1,7 +1,7 @@
The Exploit-Database Git Repository The Exploit-Database Git Repository
=================================== ===================================
This is the official repository of [The Exploit Database](http://www.exploit-db.com/), a project sponsored by [Offensive Security](https://www.offensive-security.com/). This is the official repository of [The Exploit Database](https://www.exploit-db.com/), a project sponsored by [Offensive Security](https://www.offensive-security.com/).
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away. The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
@ -11,7 +11,7 @@ Included with this repository is the **searchsploit** utility, which will allow
``` ```
root@kali:~# searchsploit -h root@kali:~# searchsploit -h
Usage: searchsploit [OPTIONS] term1 [term2] ... [termN] Usage: searchsploit [options] term1 [term2] ... [termN]
Example: Example:
searchsploit afd windows local searchsploit afd windows local
searchsploit -t oracle windows searchsploit -t oracle windows
@ -19,34 +19,38 @@ Example:
========= =========
Options Options
========= =========
-c, --case Perform a case-sensitive search (Default is insensitive). -c, --case Perform a case-sensitive search (Default is inSEnsITiVe).
-h, --help Show this help screen. -e, --exact Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-t, --title Search just the exploit title (Default is title AND the file's path). -h, --help Show this help screen.
-u, --update Update exploit database from git. -o, --overflow Exploit title's are allowed to overflow their columns.
-v, --verbose Verbose output. Title lines are allowed to overflow their columns. -t, --title Search just the exploit title (Default is title AND the file's path).
-w, --www Show URLs to Exploit-DB.com rather than local path. -u, --update Update exploit database from git.
--colour Disable colour highlighting. -w, --www Show URLs to Exploit-DB.com rather than local path.
--id Display EDB-ID value rather than local path. --id Display EDB-ID value rather than local path.
--colour Disable colour highlighting.
======= =======
Notes Notes
======= =======
* Use any number of search terms, in any order. * Use any number of search terms.
* Search terms are not case sensitive, and order is irrelevant. * Search terms are not case sensitive, and order is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching. * Use '-c' if you wish to reduce results by case-sensitive searching.
* Use '-t' to exclude the file's path to filter the search results. * And/Or '-e' if you wish to filter results by using an exact match.
* Could possibly remove false positives (especially when searching numbers). * Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching numbers/versions).
* When updating from git or displaying help, search terms will be ignored. * When updating from git or displaying help, search terms will be ignored.
root@kali:~# searchsploit afd windows local root@kali:~# searchsploit afd windows local
------------------------------------------------------------ ---------------------------------- --------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path Exploit Title | Path
| (/usr/share/exploitdb/platforms) | (/usr/share/exploitdb/platforms)
------------------------------------------------------------ ---------------------------------- --------------------------------------------------------------------------------- ----------------------------------
MS Windows XP/2003 - AFD.sys Privilege Escalation Exploit (K| /windows/local/6757.txt Microsoft Windows 2003/XP - AFD.sys Privilege Escalation Exploit (K-plugin) | ./windows/local/6757.txt
Microsoft Windows XP - AFD.sys Local Kernel DoS Exploit | /windows/dos/17133.c Microsoft Windows XP - AFD.sys Local Kernel DoS Exploit | ./windows/dos/17133.c
Windows XP/2003 Afd.sys - Local Privilege Escalation Exploit| /windows/local/18176.py Microsoft Windows XP/2003 Afd.sys - Local Privilege Escalation Exploit (MS11-080)| ./windows/local/18176.py
Windows - AfdJoinLeaf Privilege Escalation (MS11-080) | /windows/local/21844.rb Microsoft Windows - AfdJoinLeaf Privilege Escalation (MS11-080) | ./windows/local/21844.rb
------------------------------------------------------------ ---------------------------------- Microsoft Windows - AFD.SYS Dangling Pointer Privilege Escalation (MS14-040) | ./win32/local/39446.py
Microsoft Windows 7 x64 - AFD.SYS Privilege Escalation (MS14-040) | ./win64/local/39525.py
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~# root@kali:~#
``` ```

196
searchsploit
View file

@ -1,9 +1,9 @@
#!/bin/bash #!/bin/bash
# Name: searchsploit - Exploit-DB's CLI search tool # Name: SearchSploit - Exploit-DB's CLI search tool
# Version: 3.1 (Release date: 2015-07-08) # Version: 3.2 (Release date: 2016-03-18)
# Written by: Offensive Security, Unix-Ninja & g0tmi1k # Written by: Offensive Security, Unix-Ninja & g0tmi1k
# Homepage: https://github.com/offensive-security/exploit-database # Homepage: https://github.com/offensive-security/exploit-database
#
## NOTE: ## NOTE:
# Exit code '0' means finished normally # Exit code '0' means finished normally
# Exit code '1' means finished help screen # Exit code '1' means finished help screen
@ -14,18 +14,29 @@
gitpath="/usr/share/exploitdb" gitpath="/usr/share/exploitdb"
csvpath="${gitpath}/files.csv" csvpath="${gitpath}/files.csv"
## Program settings ## Program settings
gitremote="https://github.com/offensive-security/exploit-database.git" gitremote="https://github.com/offensive-security/exploit-database.git"
progname="$( basename "$0" )" progname="$( basename "$0" )"
## Default options ## Default options
TAGS="" COLOUR=1
SCASE="tolower"
VERBOSE=0
WEBLINK=0
EDBID=0 EDBID=0
COLOUR='true' EXACT=0
FILEPATH=1 FILEPATH=1
OVERFLOW=0
WEBLINK=0
SCASE=0
TAGS=""
CASE_TAG_GREP="-i"
CASE_TAG_FGREP="tolower"
COLOUR_TAG=""
SEARCH=""
## Set LANG variable to avoid illegal byte sequence errors
LANG=C
## If files.csv is in the searchsploit path, use that instead ## If files.csv is in the searchsploit path, use that instead
@ -45,23 +56,25 @@ function usage()
echo "=========" echo "========="
echo " Options " echo " Options "
echo "=========" echo "========="
echo " -c, --case Perform a case-sensitive search (Default is insensitive)." echo " -c, --case Perform a case-sensitive search (Default is inSEnsITiVe)."
echo " -h, --help Show this help screen." echo " -e, --exact Perform an EXACT match on exploit title (Default is AND) [Implies \"-t\"]."
echo " -t, --title Search just the exploit title (Default is title AND the file's path)." echo " -h, --help Show this help screen."
echo " -u, --update Update exploit database from git." echo " -o, --overflow Exploit title's are allowed to overflow their columns."
echo " -v, --verbose Verbose output. Title lines are allowed to overflow their columns." echo " -t, --title Search just the exploit title (Default is title AND the file's path)."
echo " -w, --www Show URLs to Exploit-DB.com rather than local path." echo " -u, --update Update exploit database from git."
echo " --colour Disable colour highlighting." echo " -w, --www Show URLs to Exploit-DB.com rather than local path."
echo " --id Display EDB-ID value rather than local path." echo " --id Display EDB-ID value rather than local path."
echo " --colour Disable colour highlighting."
echo echo
echo "=======" echo "======="
echo " Notes " echo " Notes "
echo "=======" echo "======="
echo " * Use any number of search terms, in any order." echo " * Use any number of search terms."
echo " * Search terms are not case sensitive, and order is irrelevant." echo " * Search terms are not case sensitive, and order is irrelevant."
echo " * Use '-c' if you wish to reduce results by case-sensitive searching." echo " * Use '-c' if you wish to reduce results by case-sensitive searching."
echo " * And/Or '-e' if you wish to filter results by using an exact match."
echo " * Use '-t' to exclude the file's path to filter the search results." echo " * Use '-t' to exclude the file's path to filter the search results."
echo " * Could possibly remove false positives (especially when searching numbers)." echo " * Remove false positives (especially when searching numbers/versions)."
echo " * When updating from git or displaying help, search terms will be ignored." echo " * When updating from git or displaying help, search terms will be ignored."
echo "" echo ""
exit 1 exit 1
@ -70,10 +83,11 @@ function usage()
## Update database (via GIT) ## Update database (via GIT)
function update() function update()
{ {
## Make sure we are in the correct folder
mkdir -p "${gitpath}/" mkdir -p "${gitpath}/"
cd "${gitpath}/" cd "${gitpath}/"
# Make sure a git repo is init before updating ## Make sure a git repo is init before updating
if [[ "$( git rev-parse --is-inside-work-tree )" != "true" ]]; then if [[ "$( git rev-parse --is-inside-work-tree )" != "true" ]]; then
if [[ "$( ls )" = "" ]]; then if [[ "$( ls )" = "" ]]; then
# If directory is empty, just clone # If directory is empty, just clone
@ -122,19 +136,21 @@ fi
ARGS="-" ARGS="-"
for param in "$@"; do for param in "$@"; do
if [[ "${param}" == "--case" ]]; then if [[ "${param}" == "--case" ]]; then
SCASE='' SCASE=1
elif [[ "${param}" == "--exact" ]]; then
EXACT=1
elif [[ "${param}" == "--help" ]]; then elif [[ "${param}" == "--help" ]]; then
usage >&2 usage >&2
elif [[ "${param}" == "--overflow" ]]; then
OVERFLOW=1
elif [[ "${param}" == "--title" ]]; then elif [[ "${param}" == "--title" ]]; then
FILEPATH=0 FILEPATH=0
elif [[ "${param}" == "--update" ]]; then elif [[ "${param}" == "--update" ]]; then
update update
elif [[ "${param}" == "--www" ]]; then elif [[ "${param}" == "--www" ]]; then
WEBLINK=1 WEBLINK=1
elif [[ "${param}" == "--verbose" ]]; then
VERBOSE=1
elif [[ "${param}" == "--colour" ]] || [[ "${param}" == "--color" ]]; then elif [[ "${param}" == "--colour" ]] || [[ "${param}" == "--color" ]]; then
COLOUR='' COLOUR=""
elif [[ "${param}" == "--id" ]]; then elif [[ "${param}" == "--id" ]]; then
EDBID=1 EDBID=1
else else
@ -149,24 +165,39 @@ done
## Parse short arguments ## Parse short arguments
while getopts "chtuvw" arg "${ARGS}"; do while getopts "cehotuw" arg "${ARGS}"; do
if [[ "${arg}" = "?" ]]; then if [[ "${arg}" = "?" ]]; then
usage >&2; usage >&2;
fi fi
case ${arg} in case ${arg} in
c) SCASE='';; c) SCASE=1;;
e) EXACT=1;;
h) usage >&2;; h) usage >&2;;
o) OVERFLOW=1;;
t) FILEPATH=0;; t) FILEPATH=0;;
u) update;; u) update;;
v) VERBOSE=1;;
w) WEBLINK=1;; w) WEBLINK=1;;
esac esac
shift $(( OPTIND - 1 )) shift $(( OPTIND - 1 ))
done done
## Dynamically set column widths ## If we are doing an exact match, do not check folder path.
if [[ "${WEBLINK}" -eq '1' ]]; then if [[ "${EXACT}" -eq 1 ]]; then
FILEPATH=0
fi
## Case sensitive?
if [[ "${SCASE}" -eq 1 ]]; then
## Remove the default flags
CASE_TAG_GREP=""
CASE_TAG_FGREP=""
fi
## Dynamically set column widths to the current screen size
if [[ "${WEBLINK}" -eq 1 ]]; then
COL2=45 COL2=45
else else
COL2=35 COL2=35
@ -177,9 +208,9 @@ COL1=$(( $( tput cols ) - COL2 - 1 ))
## Print header ## Print header
drawline drawline
printf "%-${COL1}s %s" " Exploit Title" printf "%-${COL1}s %s" " Exploit Title"
if [[ "${WEBLINK}" -eq '1' ]]; then if [[ "${WEBLINK}" -eq 1 ]]; then
echo "| URL" echo "| URL"
elif [[ "${EDBID}" -eq '1' ]]; then elif [[ "${EDBID}" -eq 1 ]]; then
echo "| EDB-ID" echo "| EDB-ID"
else else
echo "| Path" echo "| Path"
@ -188,69 +219,90 @@ else
fi fi
drawline drawline
## Create (AND) search command
SEARCH=
for tag in ${TAGS}; do
if [[ "${COLOUR}" ]]; then ## EXACT search command?
COLOUR="${COLOUR}\|${tag}" if [[ "${EXACT}" -eq 1 ]]; then
fi ## Case sensitive?
if [[ "${SCASE}" -eq 1 ]]; then
if [[ "${FILEPATH}" -eq 1 ]]; then SEARCH="${TAGS}"
if [[ "${SCASE}" ]]; then
SCASE='-i'
fi
if [[ "${SEARCH}" ]]; then
SEARCH="${SEARCH} |"
fi
SEARCH="${SEARCH} fgrep ${SCASE} \"${tag}\""
else else
if [[ "${SEARCH}" ]]; then SEARCH="$( echo ${TAGS} | tr '[:upper:]' '[:lower:]' )"
SEARCH="${SEARCH}/ && ${SCASE}(\$1) ~ /"
fi
if [[ "${SCASE}" ]]; then
tag="$( echo ${tag} | tr '[:upper:]' '[:lower:]' )"
fi
SEARCH="${SEARCH}${tag}"
fi fi
done
if [[ "${FILEPATH}" -ne 1 ]]; then ## Remove leading space
SEARCH="awk -F '[|]' '${SCASE}(\$1) ~ /${SEARCH}/ {print}'" SEARCH="$(echo ${SEARCH} | sed -e 's/^[[:space:]]//')"
fi
if [[ "${COLOUR}" ]]; then ## If we are to use colour, add the values to search for
SEARCH="${SEARCH} | grep --color=always -ie \"\${COLOUR}\"" if [[ "${COLOUR}" -eq 1 ]]; then
COLOUR_TAG="${SEARCH}"
fi
## or AND search command?
else
## For each term
for tag in ${TAGS}; do
## If we are to use colour, add the values to search for between "or"
if [[ "${COLOUR}" -eq 1 ]]; then
COLOUR_TAG="${COLOUR_TAG}\|${tag}"
fi
## Search both title and path?
if [[ "${FILEPATH}" -eq 1 ]]; then
## Is there a value already?
if [[ "${SEARCH}" ]]; then
SEARCH="${SEARCH} |"
fi
## Search command for each term
SEARCH="${SEARCH} fgrep ${CASE_TAG_GREP} \"${tag}\""
## Search just the title, not the path
else
## If there is already a value, prepend text to get ready
if [[ "${SEARCH}" ]]; then
SEARCH="${SEARCH}/ && ${CASE_TAG_FGREP}(\$1) ~ /"
fi
## Case sensitive?
if [[ "${SCASE}" -eq 1 ]]; then
EARCH="${SEARCH}${tag}"
else
SEARCH="${SEARCH}$( echo ${tag} | tr '[:upper:]' '[:lower:]' )"
fi
fi
done
fi fi
## Set LANG variable to avoid illegal byte sequence errors ## If we are not to use the path name
LANG=C if [[ "${FILEPATH}" -eq 0 ]]; then
SEARCH="awk -F '[|]' '${CASE_TAG_FGREP}(\$1) ~ /${SEARCH}/ {print}'"
fi
## If we are to use colour, add the value here
if [[ "${COLOUR_TAG}" ]]; then
SEARCH="${SEARCH} | grep --color=always -ie \"\${COLOUR_TAG}\""
fi
## Search, format, and print results ## Search, format, and print results
if [[ "${VERBOSE}" -eq 0 ]]; then if [[ "${OVERFLOW}" -eq 1 ]]; then
FORMAT=${COL1}'.'${COL1}
else
FORMAT=${COL1} FORMAT=${COL1}
else
FORMAT=${COL1}'.'${COL1}
fi fi
## Magic search Fu
## Web link format? ## Web link format?
if [[ "${WEBLINK}" -eq '1' ]]; then if [[ "${WEBLINK}" -eq 1 ]]; then
## Magic search Fu
awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, "https://www.exploit-db.com/exploits/"$1"/"}' "${csvpath}" \ awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, "https://www.exploit-db.com/exploits/"$1"/"}' "${csvpath}" \
| eval "${SEARCH}" | eval "${SEARCH}"
elif [[ "${EDBID}" -eq '1' ]]; then ## Just the EDB-ID?
## Magic search Fu elif [[ "${EDBID}" -eq 1 ]]; then
awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $1}' "${csvpath}" \ awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $1}' "${csvpath}" \
| eval "${SEARCH}" | eval "${SEARCH}"
## Default view
else else
## Magic search Fu
awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $2}' "${csvpath}" \ awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $2}' "${csvpath}" \
| eval "${SEARCH}" \ | eval "${SEARCH}" \
| sed "s/| platforms/| ./" | sed "s/| platforms/| ./"