bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix apt install of exploitdb-{bin-sploits/papers}

Browse source
This commit is contained in:
g0tmi1k 2020-04-06 13:34:23 +01:00
parent 764ac4bf5c
commit 87fab8631b
1 changed files with 68 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

123
searchsploit
View file

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Name: SearchSploit - Exploit-DB's CLI search tool # Name: SearchSploit - Exploit-DB's CLI search tool
# Version: 4.0.5 (2019-03-27) # Version: 4.0.6 (2020-04-06)
# Written by: Offensive Security, Unix-Ninja, and g0tmi1k # Written by: Offensive Security, Unix-Ninja, and g0tmi1k
# Homepage: https://github.com/offensive-security/exploitdb # Homepage: https://github.com/offensive-security/exploitdb
# Manual: https://www.exploit-db.com/searchsploit # Manual: https://www.exploit-db.com/searchsploit
@ -73,34 +73,34 @@ function usage()
echo "=========" echo "========="
echo " Options " echo " Options "
echo "=========" echo "========="
echo " -c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe)." echo " -c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe)"
echo " -e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies \"-t\"]." echo " -e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies \"-t\"]"
echo " -h, --help Show this help screen." echo " -h, --help Show this help screen"
echo " -j, --json [Term] Show result in JSON format." echo " -j, --json [Term] Show result in JSON format"
echo " -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory." echo " -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory"
echo " -o, --overflow [Term] Exploit titles are allowed to overflow their columns." echo " -o, --overflow [Term] Exploit titles are allowed to overflow their columns"
echo " -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible)." echo " -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible)"
echo " -t, --title [Term] Search JUST the exploit title (Default is title AND the file's path)." echo " -t, --title [Term] Search JUST the exploit title (Default is title AND the file's path)"
echo " -u, --update Check for and install any exploitdb package updates (deb or git)." echo " -u, --update Check for and install any exploitdb package updates (deb or git)"
echo " -w, --www [Term] Show URLs to Exploit-DB.com rather than the local path." echo " -w, --www [Term] Show URLs to Exploit-DB.com rather than the local path"
echo " -x, --examine [EDB-ID] Examine (aka opens) the exploit using \$PAGER." echo " -x, --examine [EDB-ID] Examine (aka opens) the exploit using \$PAGER"
echo " --colour Disable colour highlighting in search results." echo " --colour Disable colour highlighting in search results"
echo " --id Display the EDB-ID value rather than local path." echo " --id Display the EDB-ID value rather than local path"
echo " --nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml)." echo " --nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml)"
echo " Use \"-v\" (verbose) to try even more combinations" echo " Use \"-v\" (verbose) to try even more combinations"
echo " --exclude=\"term\" Remove values from results. By using \"|\" to separated you can chain multiple values." echo " --exclude=\"term\" Remove values from results. By using \"|\" to separated you can chain multiple values"
echo " e.g. --exclude=\"term1|term2|term3\"." echo " e.g. --exclude=\"term1|term2|term3\""
echo "" echo ""
echo "=======" echo "======="
echo " Notes " echo " Notes "
echo "=======" echo "======="
echo " * You can use any number of search terms." echo " * You can use any number of search terms"
echo " * Search terms are not case-sensitive (by default), and ordering is irrelevant." echo " * Search terms are not case-sensitive (by default), and ordering is irrelevant"
echo " * Use '-c' if you wish to reduce results by case-sensitive searching." echo " * Use '-c' if you wish to reduce results by case-sensitive searching"
echo " * And/Or '-e' if you wish to filter results by using an exact match." echo " * And/Or '-e' if you wish to filter results by using an exact match"
echo " * Use '-t' to exclude the file's path to filter the search results." echo " * Use '-t' to exclude the file's path to filter the search results"
echo " * Remove false positives (especially when searching using numbers - i.e. versions)." echo " * Remove false positives (especially when searching using numbers - i.e. versions)"
echo " * When updating or displaying help, search terms will be ignored." echo " * When updating or displaying help, search terms will be ignored"
echo "" echo ""
exit 2 exit 2
} }
@ -112,7 +112,8 @@ function update()
arraylength="${#files_array[@]}" arraylength="${#files_array[@]}"
for (( i=0; i<${arraylength}; i++ )); do for (( i=0; i<${arraylength}; i++ )); do
## Check to see if we already have the value ## Check to see if we already have the value
[[ "${tmp_package[*]}" =~ "${package_array[${i}]}" ]] && continue [[ "${tmp_package[*]}" =~ "${package_array[${i}]}" ]] \
&& continue
## Else save all the information ## Else save all the information
tmp_git+=("${git_array[${i}]}") tmp_git+=("${git_array[${i}]}")
@ -128,24 +129,24 @@ function update()
path="${tmp_path[${i}]}" path="${tmp_path[${i}]}"
package="${tmp_package[${i}]}" package="${tmp_package[${i}]}"
# Update from the repos (e.g. Kali) ## Update from the repos (e.g. Kali)
dpkg -l "${package}" 2>/dev/null >/dev/null apt-cache search "${package}" 2>/dev/null >/dev/null #dpkg -l "${package}" 2>/dev/null >/dev/null
if [[ "$?" == "0" ]]; then if [[ "$?" == "0" ]]; then
updatedeb "${package}" updatedeb "${package}"
else else
# Update from homebrew (e.g. OSX) ## Update from homebrew (e.g. OSX)
brew 2>/dev/null >/dev/null brew 2>/dev/null >/dev/null
if [[ "$?" == "0" ]]; then if [[ "$?" == "0" ]]; then
# This only really only updates "./searchsploit". The rest (can) come via git as its updated more frequently ## This only really only updates "./searchsploit". The rest (can) come via git as its updated more frequently
updatedbrew "${package}" updatedbrew "${package}"
fi fi
# Update via Git ## Update via Git
updategit "${package}" "${path}" "${git}" updategit "${package}" "${path}" "${git}"
fi fi
done done
# Done ## Done
exit 6 exit 6
} }
@ -158,11 +159,11 @@ function updatedeb()
echo -e "[i] Updating via apt package management (Expect weekly-ish updates): ${package_in}\n" echo -e "[i] Updating via apt package management (Expect weekly-ish updates): ${package_in}\n"
sudo apt update \ sudo apt update \
|| echo -e "\n[-] Issue with apt update (Please check network connectivity & apt SourcesList values)." 1>&2 || echo -e "\n[-] Issue with apt update (Please check network connectivity & apt SourcesList values)" 1>&2
sudo apt -y install "${package_in}" \ sudo apt -y install "${package_in}" \
|| echo -e "\n[-] Issue with apt upgrade." 1>&2 || echo -e "\n[-] Issue with apt upgrade" 1>&2
echo -e "\n[*] apt update finished." echo -e "\n[*] apt update finished"
} }
@ -171,13 +172,13 @@ function updatedbrew()
{ {
package_in="${1}" package_in="${1}"
echo -e "[i] Updating via brew package management.\n" echo -e "[i] Updating via brew package management\n"
brew update \ brew update \
|| echo -e "\n[-] Issue with brew update (Please check network connectivity)." 1>&2 || echo -e "\n[-] Issue with brew update (Please check network connectivity)" 1>&2
brew upgrade "${package_in}" brew upgrade "${package_in}"
echo -e "\n[*] Brew update finished." echo -e "\n[*] Brew update finished"
} }
@ -232,7 +233,7 @@ function updategit()
|| sudo git pull -v upstream master || sudo git pull -v upstream master
fi fi
echo -e "\n[*] Git update finished." echo -e "\n[*] Git update finished"
echo "[i] Path: ${path_in}/" echo "[i] Path: ${path_in}/"
} }
@ -277,7 +278,8 @@ function validterm()
function searchsploitout() function searchsploitout()
{ {
## Make sure there is a value ## Make sure there is a value
[ "${software}" = "" ] && return [ "${software}" = "" ] \
&& return
#echo "" 1>&2 #echo "" 1>&2
@ -373,6 +375,7 @@ function nmapxml()
;; ;;
"[PRODUCT]") "[PRODUCT]")
## We have a name, but no version (yet?) e.g. dnsmasq ## We have a name, but no version (yet?) e.g. dnsmasq
echo "${software}"
software="${input}" software="${input}"
;; ;;
"[VERSION]") "[VERSION]")
@ -395,7 +398,8 @@ function buildterms()
## If we are to use colour ("--colour"), add the values to search for between "or" ## If we are to use colour ("--colour"), add the values to search for between "or"
if [[ "${COLOUR}" -eq 1 ]]; then if [[ "${COLOUR}" -eq 1 ]]; then
[[ "${COLOUR_TAG}" ]] && COLOUR_TAG="${COLOUR_TAG}|" [[ "${COLOUR_TAG}" ]] \
&& COLOUR_TAG="${COLOUR_TAG}|"
COLOUR_TAG="${COLOUR_TAG}${tag_in}" COLOUR_TAG="${COLOUR_TAG}${tag_in}"
fi fi
@ -406,7 +410,8 @@ function buildterms()
## Search just the title, NOT the path ("-t"/"-e") ## Search just the title, NOT the path ("-t"/"-e")
else else
## If there is already a value, prepend text to get ready ## If there is already a value, prepend text to get ready
[[ "${AWK_SEARCH}" ]] && AWK_SEARCH="${AWK_SEARCH}/ && ${CASE_TAG_FGREP}(\$3) ~ /" [[ "${AWK_SEARCH}" ]] \
&& AWK_SEARCH="${AWK_SEARCH}/ && ${CASE_TAG_FGREP}(\$3) ~ /"
## Escape any slashes ## Escape any slashes
tag_in="$( echo ${tag_in} | sed 's_/_\\/_g' )" tag_in="$( echo ${tag_in} | sed 's_/_\\/_g' )"
@ -449,7 +454,7 @@ function findresults()
## EXACT search command ("-e")? ## EXACT search command ("-e")?
if [[ "${EXACT}" -eq 1 ]]; then if [[ "${EXACT}" -eq 1 ]]; then
buildterms "${TAGS}" buildterms "${TAGS}"
## or AND search command? ## or AND search command?
else else
## For each term ## For each term
@ -460,7 +465,8 @@ function findresults()
## If we are NOT to use the path name ("-t"/"-e") ## If we are NOT to use the path name ("-t"/"-e")
[[ "${FILEPATH}" -eq 0 ]] && SEARCH="${SEARCH} | awk -F '[,]' '${CASE_TAG_FGREP}(\$3) ~ /${AWK_SEARCH}/ {print}'" [[ "${FILEPATH}" -eq 0 ]] \
&& SEARCH="${SEARCH} | awk -F '[,]' '${CASE_TAG_FGREP}(\$3) ~ /${AWK_SEARCH}/ {print}'"
## If we are to use colour ("--colour"), add the value here ## If we are to use colour ("--colour"), add the value here
@ -470,7 +476,9 @@ function findresults()
## Dynamically set column widths to the current screen size ## Dynamically set column widths to the current screen size
[[ "${WEBLINK}" -eq 1 ]] && COL2=45 || COL2=$(( ${#path_in} + 21 )) [[ "${WEBLINK}" -eq 1 ]] \
&& COL2=45 \
|| COL2=$(( ${#path_in} + 21 ))
COL1=$(( $( tput cols ) - COL2 - 1 )) COL1=$(( $( tput cols ) - COL2 - 1 ))
@ -489,7 +497,8 @@ function findresults()
## Remove any terms not wanted from the search ## Remove any terms not wanted from the search
[[ "${EXCLUDE}" ]] && SEARCH="${SEARCH} | grep -vEi '${EXCLUDE}'" [[ "${EXCLUDE}" ]] \
&& SEARCH="${SEARCH} | grep -vEi '${EXCLUDE}'"
## Magic search Fu ## Magic search Fu
@ -531,7 +540,8 @@ function findresults()
## Display colour highlights ("--colour")? ## Display colour highlights ("--colour")?
if [[ "${COLOUR_TAG}" ]] && [[ "${JSON}" -eq 0 ]]; then if [[ "${COLOUR_TAG}" ]] && [[ "${JSON}" -eq 0 ]]; then
[[ "${OUTPUT}" ]] && OUTPUT=$( echo -e "${OUTPUT}" | eval ${COLOUR_TAG} ) [[ "${OUTPUT}" ]] \
&& OUTPUT=$( echo -e "${OUTPUT}" | eval ${COLOUR_TAG} )
fi fi
} }
@ -566,7 +576,8 @@ function printresults()
## Show content ## Show content
[[ "${OUTPUT}" ]] && echo "${OUTPUT}" [[ "${OUTPUT}" ]] \
&& echo "${OUTPUT}"
## Print footer if in JSON ("--json") ## Print footer if in JSON ("--json")
@ -589,11 +600,11 @@ if [[ -f "${HOME}/.searchsploit_rc" ]]; then
elif [[ -f "/etc/searchsploit_rc" ]]; then elif [[ -f "/etc/searchsploit_rc" ]]; then
rc_file="/etc/searchsploit_rc" rc_file="/etc/searchsploit_rc"
## Method #1 - File itself ## Method #1 - File itself
elif [[ -f "$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)/.searchsploit_rc" ]]; then elif [[ -f "$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/.searchsploit_rc" ]]; then
rc_file="$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)/.searchsploit_rc" rc_file="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/.searchsploit_rc"
## Method #2 - Symbolic link ## Method #2 - Symbolic link
elif [[ -f "$(dirname "$(readlink "$0")")/.searchsploit_rc" ]]; then elif [[ -f "$( dirname "$( readlink "$0" )" )/.searchsploit_rc" ]]; then
rc_file="$(dirname "$(readlink "$0")")/.searchsploit_rc" rc_file="$( dirname "$( readlink "$0" )" )/.searchsploit_rc"
## Manually specified? ## Manually specified?
elif [[ ! -f "${rc_file}" ]]; then elif [[ ! -f "${rc_file}" ]]; then
echo "[!] Could not find: rc_file ~ ${rc_file}" echo "[!] Could not find: rc_file ~ ${rc_file}"
@ -813,11 +824,11 @@ if [[ "${GETPATH}" -eq 1 ]]; then
## Linux (Will require $DISPLAY) ## Linux (Will require $DISPLAY)
if hash xclip 2>/dev/null; then if hash xclip 2>/dev/null; then
echo -ne "${location}" | xclip -selection clipboard 2>/dev/null echo -ne "${location}" | xclip -selection clipboard 2>/dev/null
echo "Copied EDB-ID #${edbdb}'s path to the clipboard." echo "Copied EDB-ID #${edbdb}'s path to the clipboard"
## OSX ## OSX
elif hash pbcopy 2>/dev/null; then elif hash pbcopy 2>/dev/null; then
echo -ne "${location}" | pbcopy echo -ne "${location}" | pbcopy
echo "Copied EDB-ID #${edbdb}'s path to the clipboard." echo "Copied EDB-ID #${edbdb}'s path to the clipboard"
fi fi
fi fi
@ -879,7 +890,8 @@ TAGS="$( echo ${TAGS} | sed -e 's/^[[:space:]]//' )"
## Print header if in JSON ("--json") ## Print header if in JSON ("--json")
[[ "${JSON}" -eq 1 ]] && printf "{\n\t\"SEARCH\": \"${TAGS}\"" [[ "${JSON}" -eq 1 ]] \
&& printf "{\n\t\"SEARCH\": \"${TAGS}\""
## Check for files_*.csv ## Check for files_*.csv
@ -900,7 +912,8 @@ done
## Print footer if in JSON ("--json") ## Print footer if in JSON ("--json")
[[ "${JSON}" -eq 1 ]] && printf "\n}\n" [[ "${JSON}" -eq 1 ]] \
&& printf "\n}\n"
## Done ## Done