bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix apt install of exploitdb-{bin-sploits/papers}

Browse source
This commit is contained in:
g0tmi1k 2020-04-06 13:34:23 +01:00
parent 764ac4bf5c
commit 87fab8631b
1 changed files with 68 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

123
searchsploit
View file

@ -1,6 +1,6 @@
#!/bin/bash
# Name: SearchSploit - Exploit-DB's CLI search tool
# Version: 4.0.5 (2019-03-27)
# Version: 4.0.6 (2020-04-06)
# Written by: Offensive Security, Unix-Ninja, and g0tmi1k
# Homepage: https://github.com/offensive-security/exploitdb
# Manual: https://www.exploit-db.com/searchsploit
@ -73,34 +73,34 @@ function usage()
echo "========="
echo " Options "
echo "========="
echo " -c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe)."
echo " -e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies \"-t\"]."
echo " -h, --help Show this help screen."
echo " -j, --json [Term] Show result in JSON format."
echo " -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory."
echo " -o, --overflow [Term] Exploit titles are allowed to overflow their columns."
echo " -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible)."
echo " -t, --title [Term] Search JUST the exploit title (Default is title AND the file's path)."
echo " -u, --update Check for and install any exploitdb package updates (deb or git)."
echo " -w, --www [Term] Show URLs to Exploit-DB.com rather than the local path."
echo " -x, --examine [EDB-ID] Examine (aka opens) the exploit using \$PAGER."
echo " --colour Disable colour highlighting in search results."
echo " --id Display the EDB-ID value rather than local path."
echo " --nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml)."
echo " -c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe)"
echo " -e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies \"-t\"]"
echo " -h, --help Show this help screen"
echo " -j, --json [Term] Show result in JSON format"
echo " -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory"
echo " -o, --overflow [Term] Exploit titles are allowed to overflow their columns"
echo " -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible)"
echo " -t, --title [Term] Search JUST the exploit title (Default is title AND the file's path)"
echo " -u, --update Check for and install any exploitdb package updates (deb or git)"
echo " -w, --www [Term] Show URLs to Exploit-DB.com rather than the local path"
echo " -x, --examine [EDB-ID] Examine (aka opens) the exploit using \$PAGER"
echo " --colour Disable colour highlighting in search results"
echo " --id Display the EDB-ID value rather than local path"
echo " --nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml)"
echo " Use \"-v\" (verbose) to try even more combinations"
echo " --exclude=\"term\" Remove values from results. By using \"|\" to separated you can chain multiple values."
echo " e.g. --exclude=\"term1|term2|term3\"."
echo " --exclude=\"term\" Remove values from results. By using \"|\" to separated you can chain multiple values"
echo " e.g. --exclude=\"term1|term2|term3\""
echo ""
echo "======="
echo " Notes "
echo "======="
echo " * You can use any number of search terms."
echo " * Search terms are not case-sensitive (by default), and ordering is irrelevant."
echo " * Use '-c' if you wish to reduce results by case-sensitive searching."
echo " * And/Or '-e' if you wish to filter results by using an exact match."
echo " * Use '-t' to exclude the file's path to filter the search results."
echo " * Remove false positives (especially when searching using numbers - i.e. versions)."
echo " * When updating or displaying help, search terms will be ignored."
echo " * You can use any number of search terms"
echo " * Search terms are not case-sensitive (by default), and ordering is irrelevant"
echo " * Use '-c' if you wish to reduce results by case-sensitive searching"
echo " * And/Or '-e' if you wish to filter results by using an exact match"
echo " * Use '-t' to exclude the file's path to filter the search results"
echo " * Remove false positives (especially when searching using numbers - i.e. versions)"
echo " * When updating or displaying help, search terms will be ignored"
echo ""
exit 2
}
@ -112,7 +112,8 @@ function update()
arraylength="${#files_array[@]}"
for (( i=0; i<${arraylength}; i++ )); do
## Check to see if we already have the value
[[ "${tmp_package[*]}" =~ "${package_array[${i}]}" ]] && continue
[[ "${tmp_package[*]}" =~ "${package_array[${i}]}" ]] \
&& continue
## Else save all the information
tmp_git+=("${git_array[${i}]}")
@ -128,24 +129,24 @@ function update()
path="${tmp_path[${i}]}"
package="${tmp_package[${i}]}"
# Update from the repos (e.g. Kali)
dpkg -l "${package}" 2>/dev/null >/dev/null
## Update from the repos (e.g. Kali)
apt-cache search "${package}" 2>/dev/null >/dev/null #dpkg -l "${package}" 2>/dev/null >/dev/null
if [[ "$?" == "0" ]]; then
updatedeb "${package}"
else
# Update from homebrew (e.g. OSX)
## Update from homebrew (e.g. OSX)
brew 2>/dev/null >/dev/null
if [[ "$?" == "0" ]]; then
# This only really only updates "./searchsploit". The rest (can) come via git as its updated more frequently
## This only really only updates "./searchsploit". The rest (can) come via git as its updated more frequently
updatedbrew "${package}"
fi
# Update via Git
## Update via Git
updategit "${package}" "${path}" "${git}"
fi
done
# Done
## Done
exit 6
}
@ -158,11 +159,11 @@ function updatedeb()
echo -e "[i] Updating via apt package management (Expect weekly-ish updates): ${package_in}\n"
sudo apt update \
|| echo -e "\n[-] Issue with apt update (Please check network connectivity & apt SourcesList values)." 1>&2
|| echo -e "\n[-] Issue with apt update (Please check network connectivity & apt SourcesList values)" 1>&2
sudo apt -y install "${package_in}" \
|| echo -e "\n[-] Issue with apt upgrade." 1>&2
|| echo -e "\n[-] Issue with apt upgrade" 1>&2
echo -e "\n[*] apt update finished."
echo -e "\n[*] apt update finished"
}
@ -171,13 +172,13 @@ function updatedbrew()
{
package_in="${1}"
echo -e "[i] Updating via brew package management.\n"
echo -e "[i] Updating via brew package management\n"
brew update \
|| echo -e "\n[-] Issue with brew update (Please check network connectivity)." 1>&2
|| echo -e "\n[-] Issue with brew update (Please check network connectivity)" 1>&2
brew upgrade "${package_in}"
echo -e "\n[*] Brew update finished."
echo -e "\n[*] Brew update finished"
}
@ -232,7 +233,7 @@ function updategit()
|| sudo git pull -v upstream master
fi
echo -e "\n[*] Git update finished."
echo -e "\n[*] Git update finished"
echo "[i] Path: ${path_in}/"
}
@ -277,7 +278,8 @@ function validterm()
function searchsploitout()
{
## Make sure there is a value
[ "${software}" = "" ] && return
[ "${software}" = "" ] \
&& return
#echo "" 1>&2
@ -373,6 +375,7 @@ function nmapxml()
;;
"[PRODUCT]")
## We have a name, but no version (yet?) e.g. dnsmasq
echo "${software}"
software="${input}"
;;
"[VERSION]")
@ -395,7 +398,8 @@ function buildterms()
## If we are to use colour ("--colour"), add the values to search for between "or"
if [[ "${COLOUR}" -eq 1 ]]; then
[[ "${COLOUR_TAG}" ]] && COLOUR_TAG="${COLOUR_TAG}|"
[[ "${COLOUR_TAG}" ]] \
&& COLOUR_TAG="${COLOUR_TAG}|"
COLOUR_TAG="${COLOUR_TAG}${tag_in}"
fi
@ -406,7 +410,8 @@ function buildterms()
## Search just the title, NOT the path ("-t"/"-e")
else
## If there is already a value, prepend text to get ready
[[ "${AWK_SEARCH}" ]] && AWK_SEARCH="${AWK_SEARCH}/ && ${CASE_TAG_FGREP}(\$3) ~ /"
[[ "${AWK_SEARCH}" ]] \
&& AWK_SEARCH="${AWK_SEARCH}/ && ${CASE_TAG_FGREP}(\$3) ~ /"
## Escape any slashes
tag_in="$( echo ${tag_in} | sed 's_/_\\/_g' )"
@ -449,7 +454,7 @@ function findresults()
## EXACT search command ("-e")?
if [[ "${EXACT}" -eq 1 ]]; then
buildterms "${TAGS}"
buildterms "${TAGS}"
## or AND search command?
else
## For each term
@ -460,7 +465,8 @@ function findresults()
## If we are NOT to use the path name ("-t"/"-e")
[[ "${FILEPATH}" -eq 0 ]] && SEARCH="${SEARCH} | awk -F '[,]' '${CASE_TAG_FGREP}(\$3) ~ /${AWK_SEARCH}/ {print}'"
[[ "${FILEPATH}" -eq 0 ]] \
&& SEARCH="${SEARCH} | awk -F '[,]' '${CASE_TAG_FGREP}(\$3) ~ /${AWK_SEARCH}/ {print}'"
## If we are to use colour ("--colour"), add the value here
@ -470,7 +476,9 @@ function findresults()
## Dynamically set column widths to the current screen size
[[ "${WEBLINK}" -eq 1 ]] && COL2=45 || COL2=$(( ${#path_in} + 21 ))
[[ "${WEBLINK}" -eq 1 ]] \
&& COL2=45 \
|| COL2=$(( ${#path_in} + 21 ))
COL1=$(( $( tput cols ) - COL2 - 1 ))
@ -489,7 +497,8 @@ function findresults()
## Remove any terms not wanted from the search
[[ "${EXCLUDE}" ]] && SEARCH="${SEARCH} | grep -vEi '${EXCLUDE}'"
[[ "${EXCLUDE}" ]] \
&& SEARCH="${SEARCH} | grep -vEi '${EXCLUDE}'"
## Magic search Fu
@ -531,7 +540,8 @@ function findresults()
## Display colour highlights ("--colour")?
if [[ "${COLOUR_TAG}" ]] && [[ "${JSON}" -eq 0 ]]; then
[[ "${OUTPUT}" ]] && OUTPUT=$( echo -e "${OUTPUT}" | eval ${COLOUR_TAG} )
[[ "${OUTPUT}" ]] \
&& OUTPUT=$( echo -e "${OUTPUT}" | eval ${COLOUR_TAG} )
fi
}
@ -566,7 +576,8 @@ function printresults()
## Show content
[[ "${OUTPUT}" ]] && echo "${OUTPUT}"
[[ "${OUTPUT}" ]] \
&& echo "${OUTPUT}"
## Print footer if in JSON ("--json")
@ -589,11 +600,11 @@ if [[ -f "${HOME}/.searchsploit_rc" ]]; then
elif [[ -f "/etc/searchsploit_rc" ]]; then
rc_file="/etc/searchsploit_rc"
## Method #1 - File itself
elif [[ -f "$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)/.searchsploit_rc" ]]; then
rc_file="$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)/.searchsploit_rc"
elif [[ -f "$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/.searchsploit_rc" ]]; then
rc_file="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/.searchsploit_rc"
## Method #2 - Symbolic link
elif [[ -f "$(dirname "$(readlink "$0")")/.searchsploit_rc" ]]; then
rc_file="$(dirname "$(readlink "$0")")/.searchsploit_rc"
elif [[ -f "$( dirname "$( readlink "$0" )" )/.searchsploit_rc" ]]; then
rc_file="$( dirname "$( readlink "$0" )" )/.searchsploit_rc"
## Manually specified?
elif [[ ! -f "${rc_file}" ]]; then
echo "[!] Could not find: rc_file ~ ${rc_file}"
@ -813,11 +824,11 @@ if [[ "${GETPATH}" -eq 1 ]]; then
## Linux (Will require $DISPLAY)
if hash xclip 2>/dev/null; then
echo -ne "${location}" | xclip -selection clipboard 2>/dev/null
echo "Copied EDB-ID #${edbdb}'s path to the clipboard."
echo "Copied EDB-ID #${edbdb}'s path to the clipboard"
## OSX
elif hash pbcopy 2>/dev/null; then
echo -ne "${location}" | pbcopy
echo "Copied EDB-ID #${edbdb}'s path to the clipboard."
echo "Copied EDB-ID #${edbdb}'s path to the clipboard"
fi
fi
@ -879,7 +890,8 @@ TAGS="$( echo ${TAGS} | sed -e 's/^[[:space:]]//' )"
## Print header if in JSON ("--json")
[[ "${JSON}" -eq 1 ]] && printf "{\n\t\"SEARCH\": \"${TAGS}\""
[[ "${JSON}" -eq 1 ]] \
&& printf "{\n\t\"SEARCH\": \"${TAGS}\""
## Check for files_*.csv
@ -900,7 +912,8 @@ done
## Print footer if in JSON ("--json")
[[ "${JSON}" -eq 1 ]] && printf "\n}\n"
[[ "${JSON}" -eq 1 ]] \
&& printf "\n}\n"
## Done