From 87fab8631b7aeb229c63e900acc8ae8e35d6a208 Mon Sep 17 00:00:00 2001 From: g0tmi1k Date: Mon, 6 Apr 2020 13:34:23 +0100 Subject: [PATCH] Fix apt install of exploitdb-{bin-sploits/papers} --- searchsploit | 123 ++++++++++++++++++++++++++++----------------------- 1 file changed, 68 insertions(+), 55 deletions(-) diff --git a/searchsploit b/searchsploit index a18dff7eb..07e505173 100755 --- a/searchsploit +++ b/searchsploit @@ -1,6 +1,6 @@ #!/bin/bash # Name: SearchSploit - Exploit-DB's CLI search tool -# Version: 4.0.5 (2019-03-27) +# Version: 4.0.6 (2020-04-06) # Written by: Offensive Security, Unix-Ninja, and g0tmi1k # Homepage: https://github.com/offensive-security/exploitdb # Manual: https://www.exploit-db.com/searchsploit @@ -73,34 +73,34 @@ function usage() echo "=========" echo " Options " echo "=========" - echo " -c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe)." - echo " -e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies \"-t\"]." - echo " -h, --help Show this help screen." - echo " -j, --json [Term] Show result in JSON format." - echo " -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory." - echo " -o, --overflow [Term] Exploit titles are allowed to overflow their columns." - echo " -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible)." - echo " -t, --title [Term] Search JUST the exploit title (Default is title AND the file's path)." - echo " -u, --update Check for and install any exploitdb package updates (deb or git)." - echo " -w, --www [Term] Show URLs to Exploit-DB.com rather than the local path." - echo " -x, --examine [EDB-ID] Examine (aka opens) the exploit using \$PAGER." - echo " --colour Disable colour highlighting in search results." - echo " --id Display the EDB-ID value rather than local path." - echo " --nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml)." + echo " -c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe)" + echo " -e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies \"-t\"]" + echo " -h, --help Show this help screen" + echo " -j, --json [Term] Show result in JSON format" + echo " -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory" + echo " -o, --overflow [Term] Exploit titles are allowed to overflow their columns" + echo " -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible)" + echo " -t, --title [Term] Search JUST the exploit title (Default is title AND the file's path)" + echo " -u, --update Check for and install any exploitdb package updates (deb or git)" + echo " -w, --www [Term] Show URLs to Exploit-DB.com rather than the local path" + echo " -x, --examine [EDB-ID] Examine (aka opens) the exploit using \$PAGER" + echo " --colour Disable colour highlighting in search results" + echo " --id Display the EDB-ID value rather than local path" + echo " --nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml)" echo " Use \"-v\" (verbose) to try even more combinations" - echo " --exclude=\"term\" Remove values from results. By using \"|\" to separated you can chain multiple values." - echo " e.g. --exclude=\"term1|term2|term3\"." + echo " --exclude=\"term\" Remove values from results. By using \"|\" to separated you can chain multiple values" + echo " e.g. --exclude=\"term1|term2|term3\"" echo "" echo "=======" echo " Notes " echo "=======" - echo " * You can use any number of search terms." - echo " * Search terms are not case-sensitive (by default), and ordering is irrelevant." - echo " * Use '-c' if you wish to reduce results by case-sensitive searching." - echo " * And/Or '-e' if you wish to filter results by using an exact match." - echo " * Use '-t' to exclude the file's path to filter the search results." - echo " * Remove false positives (especially when searching using numbers - i.e. versions)." - echo " * When updating or displaying help, search terms will be ignored." + echo " * You can use any number of search terms" + echo " * Search terms are not case-sensitive (by default), and ordering is irrelevant" + echo " * Use '-c' if you wish to reduce results by case-sensitive searching" + echo " * And/Or '-e' if you wish to filter results by using an exact match" + echo " * Use '-t' to exclude the file's path to filter the search results" + echo " * Remove false positives (especially when searching using numbers - i.e. versions)" + echo " * When updating or displaying help, search terms will be ignored" echo "" exit 2 } @@ -112,7 +112,8 @@ function update() arraylength="${#files_array[@]}" for (( i=0; i<${arraylength}; i++ )); do ## Check to see if we already have the value - [[ "${tmp_package[*]}" =~ "${package_array[${i}]}" ]] && continue + [[ "${tmp_package[*]}" =~ "${package_array[${i}]}" ]] \ + && continue ## Else save all the information tmp_git+=("${git_array[${i}]}") @@ -128,24 +129,24 @@ function update() path="${tmp_path[${i}]}" package="${tmp_package[${i}]}" - # Update from the repos (e.g. Kali) - dpkg -l "${package}" 2>/dev/null >/dev/null + ## Update from the repos (e.g. Kali) + apt-cache search "${package}" 2>/dev/null >/dev/null #dpkg -l "${package}" 2>/dev/null >/dev/null if [[ "$?" == "0" ]]; then updatedeb "${package}" else - # Update from homebrew (e.g. OSX) + ## Update from homebrew (e.g. OSX) brew 2>/dev/null >/dev/null if [[ "$?" == "0" ]]; then - # This only really only updates "./searchsploit". The rest (can) come via git as its updated more frequently + ## This only really only updates "./searchsploit". The rest (can) come via git as its updated more frequently updatedbrew "${package}" fi - # Update via Git + ## Update via Git updategit "${package}" "${path}" "${git}" fi done - # Done + ## Done exit 6 } @@ -158,11 +159,11 @@ function updatedeb() echo -e "[i] Updating via apt package management (Expect weekly-ish updates): ${package_in}\n" sudo apt update \ - || echo -e "\n[-] Issue with apt update (Please check network connectivity & apt SourcesList values)." 1>&2 + || echo -e "\n[-] Issue with apt update (Please check network connectivity & apt SourcesList values)" 1>&2 sudo apt -y install "${package_in}" \ - || echo -e "\n[-] Issue with apt upgrade." 1>&2 + || echo -e "\n[-] Issue with apt upgrade" 1>&2 - echo -e "\n[*] apt update finished." + echo -e "\n[*] apt update finished" } @@ -171,13 +172,13 @@ function updatedbrew() { package_in="${1}" - echo -e "[i] Updating via brew package management.\n" + echo -e "[i] Updating via brew package management\n" brew update \ - || echo -e "\n[-] Issue with brew update (Please check network connectivity)." 1>&2 + || echo -e "\n[-] Issue with brew update (Please check network connectivity)" 1>&2 brew upgrade "${package_in}" - echo -e "\n[*] Brew update finished." + echo -e "\n[*] Brew update finished" } @@ -232,7 +233,7 @@ function updategit() || sudo git pull -v upstream master fi - echo -e "\n[*] Git update finished." + echo -e "\n[*] Git update finished" echo "[i] Path: ${path_in}/" } @@ -277,7 +278,8 @@ function validterm() function searchsploitout() { ## Make sure there is a value - [ "${software}" = "" ] && return + [ "${software}" = "" ] \ + && return #echo "" 1>&2 @@ -373,6 +375,7 @@ function nmapxml() ;; "[PRODUCT]") ## We have a name, but no version (yet?) e.g. dnsmasq + echo "${software}" software="${input}" ;; "[VERSION]") @@ -395,7 +398,8 @@ function buildterms() ## If we are to use colour ("--colour"), add the values to search for between "or" if [[ "${COLOUR}" -eq 1 ]]; then - [[ "${COLOUR_TAG}" ]] && COLOUR_TAG="${COLOUR_TAG}|" + [[ "${COLOUR_TAG}" ]] \ + && COLOUR_TAG="${COLOUR_TAG}|" COLOUR_TAG="${COLOUR_TAG}${tag_in}" fi @@ -406,7 +410,8 @@ function buildterms() ## Search just the title, NOT the path ("-t"/"-e") else ## If there is already a value, prepend text to get ready - [[ "${AWK_SEARCH}" ]] && AWK_SEARCH="${AWK_SEARCH}/ && ${CASE_TAG_FGREP}(\$3) ~ /" + [[ "${AWK_SEARCH}" ]] \ + && AWK_SEARCH="${AWK_SEARCH}/ && ${CASE_TAG_FGREP}(\$3) ~ /" ## Escape any slashes tag_in="$( echo ${tag_in} | sed 's_/_\\/_g' )" @@ -449,7 +454,7 @@ function findresults() ## EXACT search command ("-e")? if [[ "${EXACT}" -eq 1 ]]; then - buildterms "${TAGS}" + buildterms "${TAGS}" ## or AND search command? else ## For each term @@ -460,7 +465,8 @@ function findresults() ## If we are NOT to use the path name ("-t"/"-e") - [[ "${FILEPATH}" -eq 0 ]] && SEARCH="${SEARCH} | awk -F '[,]' '${CASE_TAG_FGREP}(\$3) ~ /${AWK_SEARCH}/ {print}'" + [[ "${FILEPATH}" -eq 0 ]] \ + && SEARCH="${SEARCH} | awk -F '[,]' '${CASE_TAG_FGREP}(\$3) ~ /${AWK_SEARCH}/ {print}'" ## If we are to use colour ("--colour"), add the value here @@ -470,7 +476,9 @@ function findresults() ## Dynamically set column widths to the current screen size - [[ "${WEBLINK}" -eq 1 ]] && COL2=45 || COL2=$(( ${#path_in} + 21 )) + [[ "${WEBLINK}" -eq 1 ]] \ + && COL2=45 \ + || COL2=$(( ${#path_in} + 21 )) COL1=$(( $( tput cols ) - COL2 - 1 )) @@ -489,7 +497,8 @@ function findresults() ## Remove any terms not wanted from the search - [[ "${EXCLUDE}" ]] && SEARCH="${SEARCH} | grep -vEi '${EXCLUDE}'" + [[ "${EXCLUDE}" ]] \ + && SEARCH="${SEARCH} | grep -vEi '${EXCLUDE}'" ## Magic search Fu @@ -531,7 +540,8 @@ function findresults() ## Display colour highlights ("--colour")? if [[ "${COLOUR_TAG}" ]] && [[ "${JSON}" -eq 0 ]]; then - [[ "${OUTPUT}" ]] && OUTPUT=$( echo -e "${OUTPUT}" | eval ${COLOUR_TAG} ) + [[ "${OUTPUT}" ]] \ + && OUTPUT=$( echo -e "${OUTPUT}" | eval ${COLOUR_TAG} ) fi } @@ -566,7 +576,8 @@ function printresults() ## Show content - [[ "${OUTPUT}" ]] && echo "${OUTPUT}" + [[ "${OUTPUT}" ]] \ + && echo "${OUTPUT}" ## Print footer if in JSON ("--json") @@ -589,11 +600,11 @@ if [[ -f "${HOME}/.searchsploit_rc" ]]; then elif [[ -f "/etc/searchsploit_rc" ]]; then rc_file="/etc/searchsploit_rc" ## Method #1 - File itself -elif [[ -f "$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)/.searchsploit_rc" ]]; then - rc_file="$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)/.searchsploit_rc" +elif [[ -f "$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/.searchsploit_rc" ]]; then + rc_file="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/.searchsploit_rc" ## Method #2 - Symbolic link -elif [[ -f "$(dirname "$(readlink "$0")")/.searchsploit_rc" ]]; then - rc_file="$(dirname "$(readlink "$0")")/.searchsploit_rc" +elif [[ -f "$( dirname "$( readlink "$0" )" )/.searchsploit_rc" ]]; then + rc_file="$( dirname "$( readlink "$0" )" )/.searchsploit_rc" ## Manually specified? elif [[ ! -f "${rc_file}" ]]; then echo "[!] Could not find: rc_file ~ ${rc_file}" @@ -813,11 +824,11 @@ if [[ "${GETPATH}" -eq 1 ]]; then ## Linux (Will require $DISPLAY) if hash xclip 2>/dev/null; then echo -ne "${location}" | xclip -selection clipboard 2>/dev/null - echo "Copied EDB-ID #${edbdb}'s path to the clipboard." + echo "Copied EDB-ID #${edbdb}'s path to the clipboard" ## OSX elif hash pbcopy 2>/dev/null; then echo -ne "${location}" | pbcopy - echo "Copied EDB-ID #${edbdb}'s path to the clipboard." + echo "Copied EDB-ID #${edbdb}'s path to the clipboard" fi fi @@ -879,7 +890,8 @@ TAGS="$( echo ${TAGS} | sed -e 's/^[[:space:]]//' )" ## Print header if in JSON ("--json") -[[ "${JSON}" -eq 1 ]] && printf "{\n\t\"SEARCH\": \"${TAGS}\"" +[[ "${JSON}" -eq 1 ]] \ + && printf "{\n\t\"SEARCH\": \"${TAGS}\"" ## Check for files_*.csv @@ -900,7 +912,8 @@ done ## Print footer if in JSON ("--json") -[[ "${JSON}" -eq 1 ]] && printf "\n}\n" +[[ "${JSON}" -eq 1 ]] \ + && printf "\n}\n" ## Done