diff --git a/searchsploit b/searchsploit index f5103ee46..311006a11 100755 --- a/searchsploit +++ b/searchsploit @@ -25,10 +25,11 @@ VERBOSE=0 WEBLINK=0 EDBID=0 COLOUR='true' +FILEPATH=0 ## If files.csv is in the searchsploit path, use that instead -if [ -f "$( dirname "$0" )/files.csv" ]; then +if [[ -f "$( dirname "$0" )/files.csv" ]]; then csvpath="$( dirname "$0" )/files.csv" fi @@ -37,25 +38,31 @@ fi function usage() { echo "Usage: ${progname} [options] term1 [term2] ... [termN]" - echo "Example: ${progname} oracle windows local" + echo "Example:" + echo " ${progname} afd windows local" + echo " ${progname} -f oracle windows remote" echo echo "=========" echo " Options " echo "=========" - echo " -c, --case Perform case-sensitive searches. (default is insensitive)" - echo " -h, --help Show this help screen" - echo " -u, --update Update Database from GIT" - echo " -v, --verbose Verbose output. (Title lines are allowed to overflow their columns)" - echo " -w, --www Show URLs to Exploit-DB.com rather than local path" - echo " --colour Disables colour highlighting on match" - echo " --id Display EDB-ID value rather than local path" + echo " -c, --case Perform case-sensitive searches (Default is insensitive)." + echo " -f, --file Searches include file's path (Default is just the exploit title)." + echo " -h, --help Show this help screen." + echo " -u, --update Update Database from git." + echo " -v, --verbose Verbose output. Title lines are allowed to overflow their columns." + echo " -w, --www Show URLs to Exploit-DB.com rather than local path." + echo " --colour Disables colour highlighting on match." + echo " --id Display EDB-ID value rather than local path." echo echo "=======" echo " Notes " echo "=======" - echo " * Use any number of search terms you would like (minimum: 1)" - echo " * Search terms are not case sensitive, and order is irrelevant" - echo " * When updating from git, searches will be ignored" + echo " * Use any number of search terms you would like (at least 1 value), in any order." + echo " * Search terms are not case sensitive, and order is irrelevant." + echo " * Use '-c' if you wish to reduce results by case-sensitive searching." + echo "* Use '-f' to include the file's path to increase the search results." + echo " * Could possibly increase false positives (especially when searching numbers)." + echo " * When updating from git or displaying help, searches will be ignored." exit 1 } @@ -71,7 +78,7 @@ function drawline() ## Check for empty args -if [ $# -eq 0 ]; then +if [[ $# -eq 0 ]]; then usage >&2 fi @@ -79,23 +86,25 @@ fi ## Parse long arguments ARGS="-" for param in "$@"; do - if [ "${param}" == "--help" ]; then + if [[ "${param}" == "--help" ]]; then usage >&2 - elif [ "${param}" == "--web" ]; then + elif [[ "${param}" == "--web" ]]; then WEBLINK=1 - elif [ "${param}" == "--case" ]; then + elif [[ "${param}" == "--case" ]]; then SCASE='' - elif [ "${param}" == "--update" ]; then + elif [[ "${param}" == "--update" ]]; then UPDATE=1 - elif [ "${param}" == "--verbose" ]; then + elif [[ "${param}" == "--verbose" ]]; then VERBOSE=1 - elif [ "${param}" == "--id" ]; then + elif [[ "${param}" == "--id" ]]; then EDBID=1 - elif [ "${param}" == "--colour" ] || [ "${param}" == "--color" ]; then + elif [[ "${param}" == "--file" ]]; then + FILEPATH=1 + elif [[ "${param}" == "--colour" ]] || [[ "${param}" == "--color" ]]; then COLOUR='' else - if [ "${param:0:1}" == "-" ]; then - ARGS=$ARGS${param:1} + if [[ "${param:0:1}" == "-" ]]; then + ARGS=${ARGS}${param:1} shift continue fi @@ -105,34 +114,35 @@ done ## Parse short arguments -while getopts "uchvw" arg "$ARGS"; do - if [ "$arg" = "?" ]; then +while getopts "uchvwf" arg "${ARGS}"; do + if [[ "${arg}" = "?" ]]; then usage >&2; fi - case $arg in + case ${arg} in c) SCASE='';; h) usage >&2;; u) UPDATE=1;; v) VERBOSE=1;; w) WEBLINK=1;; + f) FILEPATH=1;; esac shift $(( OPTIND - 1 )) done ## Was an update requested? -if [ "$UPDATE" -eq 1 ]; then - cd ${gitpath}/ +if [[ "${UPDATE}" -eq 1 ]]; then + cd "${gitpath}/" # Make sure a git repo is init before updating - if [ "$( git rev-parse --is-inside-work-tree )" != "true" ]; then - if [ "$( ls )" = "" ]; then + if [[ "$( git rev-parse --is-inside-work-tree )" != "true" ]]; then + if [[ "$( ls )" = "" ]]; then # If directory is empty, just clone - git clone $gitremote . + git clone "${gitremote}" . else # If not empty, init and add remote git init > /dev/null - git remote add origin $gitremote + git remote add origin "${gitremote}" fi fi @@ -143,7 +153,7 @@ if [ "$UPDATE" -eq 1 ]; then git pull origin master # If conflicts, clean and try again - if [ "$?" -ne 0 ]; then + if [[ "$?" -ne 0 ]]; then git clean -d -fx "" git pull origin master fi @@ -154,10 +164,10 @@ fi ## Dynamically set column widths -if [[ ${WEBLINK} -eq '1' ]]; then +if [[ "${WEBLINK}" -eq '1' ]]; then COL2=45 else - COL2=34 + COL2=35 fi COL1=$(( $( tput cols ) - COL2 - 1 )) @@ -165,9 +175,9 @@ COL1=$(( $( tput cols ) - COL2 - 1 )) ## Print header drawline printf "%-${COL1}s %s" " Exploit Title" -if [[ ${WEBLINK} -eq '1' ]]; then +if [[ "${WEBLINK}" -eq '1' ]]; then echo "| URL" -elif [[ ${EDBID} -eq '1' ]]; then +elif [[ "${EDBID}" -eq '1' ]]; then echo "| EDB-ID" else echo "| Path" @@ -179,23 +189,39 @@ drawline ## Create (AND) search command SEARCH= for tag in ${TAGS}; do - if [ "${SEARCH}" ]; then - SEARCH="${SEARCH}/ && ${SCASE}(\$1) ~ /" - fi - if [ "${COLOUR}" ]; then + if [[ "${COLOUR}" ]]; then COLOUR="${COLOUR}\|${tag}" fi - if [[ ${SCASE} ]]; then - tag="$( echo ${tag} | tr '[:upper:]' '[:lower:]' )" + if [[ "${FILEPATH}" -eq 1 ]]; then + if [[ "${SCASE}" ]]; then + SCASE='-i' + fi + + if [[ "${SEARCH}" ]]; then + SEARCH="${SEARCH} |" + fi + + SEARCH="${SEARCH} fgrep ${SCASE} \"${tag}\"" + else + if [[ "${SEARCH}" ]]; then + SEARCH="${SEARCH}/ && ${SCASE}(\$1) ~ /" + fi + + if [[ "${SCASE}" ]]; then + tag="$( echo ${tag} | tr '[:upper:]' '[:lower:]' )" + fi + + SEARCH="${SEARCH}${tag}" fi - - SEARCH="${SEARCH}${tag}" done -SEARCH="awk -F '[|]' '${SCASE}(\$1) ~ /${SEARCH}/ {print}'" -if [ "${COLOUR}" ]; then +if [[ "${FILEPATH}" -ne 1 ]]; then + SEARCH="awk -F '[|]' '${SCASE}(\$1) ~ /${SEARCH}/ {print}'" +fi + +if [[ "${COLOUR}" ]]; then SEARCH="${SEARCH} | grep --color=always -ie \"\${COLOUR}\"" fi @@ -205,7 +231,7 @@ LANG=C ## Search, format, and print results -if [ "${VERBOSE}" -eq 0 ]; then +if [[ "${VERBOSE}" -eq 0 ]]; then FORMAT=${COL1}'.'${COL1} else FORMAT=${COL1} @@ -213,16 +239,14 @@ fi ## Web link format? -if [[ ${WEBLINK} -eq '1' ]]; then +if [[ "${WEBLINK}" -eq '1' ]]; then ## Magic search Fu awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, "https://www.exploit-db.com/exploits/"$1"/"}' "${csvpath}" \ - | eval "${SEARCH}" \ - -elif [[ ${EDBID} -eq '1' ]]; then + | eval "${SEARCH}" +elif [[ "${EDBID}" -eq '1' ]]; then ## Magic search Fu awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $1}' "${csvpath}" \ - | eval "${SEARCH}" \ - + | eval "${SEARCH}" else ## Magic search Fu awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $2}' "${csvpath}" \