diff --git a/searchsploit b/searchsploit index 5fb8ae049..6c0a1da48 100755 --- a/searchsploit +++ b/searchsploit @@ -54,9 +54,8 @@ fi LANG=C -## Usage info -function usage() -{ +## Usage info ~ https://www.tldp.org/LDP/abs/html/standard-options.html +function usage() { echo " Usage: ${progname} [options] term1 [term2] ... [termN]" echo "" echo "==========" @@ -73,46 +72,58 @@ function usage() echo "=========" echo " Options " echo "=========" - echo " -c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe)." - echo " -e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies \"-t\"]." - echo " -h, --help Show this help screen." - echo " -j, --json [Term] Show result in JSON format." - echo " -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory." - echo " -o, --overflow [Term] Exploit titles are allowed to overflow their columns." - echo " -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible)." - echo " -t, --title [Term] Search JUST the exploit title (Default is title AND the file's path)." - echo " -u, --update Check for and install any exploitdb package updates (deb or git)." - echo " -w, --www [Term] Show URLs to Exploit-DB.com rather than the local path." - echo " -x, --examine [EDB-ID] Examine (aka opens) the exploit using \$PAGER." - echo " --colour Disable colour highlighting in search results." - echo " --id Display the EDB-ID value rather than local path." - echo " --nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml)." - echo " Use \"-v\" (verbose) to try even more combinations" - echo " --exclude=\"term\" Remove values from results. By using \"|\" to separate, you can chain multiple values." - echo " e.g. --exclude=\"term1|term2|term3\"." + echo "## Search Terms" + echo " -c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe)" + echo " -e, --exact [Term] Perform an EXACT & order match on exploit title (Default is an AND match on each term) [Implies \"-t\"]" + echo " e.g. \"WordPress 4.1\" would not be detect \"WordPress Core 4.1\")" + echo " -t, --title [Term] Search JUST the exploit title (Default is title AND the file's path)" + echo " --exclude=\"term\" Remove values from results. By using \"|\" to separate, you can chain multiple values" + echo " e.g. --exclude=\"term1|term2|term3\"" + echo "" + echo "## Output" + echo " -j, --json [Term] Show result in JSON format" + echo " -o, --overflow [Term] Exploit titles are allowed to overflow their columns" + echo " -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible)" + echo " -v, --verbose Display more information in output" + echo " -w, --www [Term] Show URLs to Exploit-DB.com rather than the local path" + echo " --id Display the EDB-ID value rather than local path" + echo " --colour Disable colour highlighting in search results" + echo "" + echo "## Non-Searching" + echo " -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory" + echo " -x, --examine [EDB-ID] Examine (aka opens) the exploit using \$PAGER" + echo "" + echo "## Non-Searching" + echo " -h, --help Show this help screen" + echo " -u, --update Check for and install any exploitdb package updates (brew, deb & git)" + echo "" + echo "## Automation" + echo " --nmap [file.xml] Checks all results in Nmap's XML output with service version" + echo " e.g.: nmap [host] -sV -oX file.xml" echo "" echo "=======" echo " Notes " echo "=======" - echo " * You can use any number of search terms." echo " * Search terms are not case-sensitive (by default), and ordering is irrelevant." - echo " * Use '-c' if you wish to reduce results by case-sensitive searching." - echo " * And/Or '-e' if you wish to filter results by using an exact match." - echo " * Use '-t' to exclude the file's path to filter the search results." - echo " * Remove false positives (especially when searching using numbers - i.e. versions)." - echo " * When updating or displaying help, search terms will be ignored." + echo " * You can use any number of search terms" + echo " * Use '-c' if you wish to reduce results by case-sensitive searching" + echo " * And/Or '-e' if you wish to filter results by using an exact match" + echo " * Use '-t' to exclude the file's path to filter the search results" + echo " * Remove false positives (especially when searching using numbers - i.e. versions)" + echo " * When using '--nmap', adding '-v' (verbose), it will search for even more combinations" + echo " * When updating or displaying help, search terms will be ignored" echo "" exit 2 } ## Update database check -function update() -{ +function update() { arraylength="${#files_array[@]}" for (( i=0; i<${arraylength}; i++ )); do ## Check to see if we already have the value - [[ "${tmp_package[*]}" =~ "${package_array[${i}]}" ]] && continue + [[ "${tmp_package[*]}" =~ "${package_array[${i}]}" ]] \ + && continue ## Else save all the information tmp_git+=("${git_array[${i}]}") @@ -151,39 +162,36 @@ function update() ## Update database (via .deb/apt) -function updatedeb() -{ +function updatedeb() { package_in="${1}" echo -e "[i] Updating via apt package management (Expect weekly-ish updates): ${package_in}\n" sudo apt update \ - || echo -e "\n[-] Issue with apt update (Please check network connectivity & apt SourcesList values)." 1>&2 + || echo -e "\n[-] Issue with apt update (Please check network connectivity & apt SourcesList values)" 1>&2 sudo apt -y install "${package_in}" \ - || echo -e "\n[-] Issue with apt upgrade." 1>&2 + || echo -e "\n[-] Issue with apt upgrade" 1>&2 - echo -e "\n[*] apt update finished." + echo -e "\n[*] apt update finished" } ## Update database (via homebrew) -function updatedbrew() -{ +function updatedbrew() { package_in="${1}" echo -e "[i] Updating via brew package management.\n" brew update \ - || echo -e "\n[-] Issue with brew update (Please check network connectivity)." 1>&2 + || echo -e "\n[-] Issue with brew update (Please check network connectivity)" 1>&2 brew upgrade "${package_in}" - echo -e "\n[*] Brew update finished." + echo -e "\n[*] Brew update finished" } ## Update database (via Git) -function updategit() -{ +function updategit() { package_in="${1}" path_in="${2}" git_in="${3}" @@ -232,14 +240,13 @@ function updategit() || sudo git pull -v upstream master fi - echo -e "\n[*] Git update finished." + echo -e "\n[*] Git update finished" echo "[i] Path: ${path_in}/" } ## Printing dotted lines in the correct manner -function drawline() -{ +function drawline() { printf "%0.s-" $( eval echo {1..$(( COL1 + 1 ))} ) echo -n " " printf "%0.s-" $( eval echo {1..$(( COL2 - 1 ))} ) @@ -248,8 +255,7 @@ function drawline() ## Used in searchsploitout/nmap's XML -function validterm() -{ +function validterm() { ## Check to see if its any phrases which would give a TON of incorrect results if [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "microsoft" ] \ || [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "microsoft windows" ] \ @@ -263,9 +269,9 @@ function validterm() || [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "oracle" ] \ || [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "ssh" ] \ || [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "unknown" ]; then - echo -e "[-] Skipping term: ${1} (Term is too general. Please re-search manually: $0 ${arg} ${1})\n" 1>&2 - ## Issues, return with something - return 1 + echo -e "[-] Skipping term: ${1} (Term is too general. Please re-search manually: $0 ${arg} ${1})\n" 1>&2 + ## Issues, return with something + return 1 fi ## No issues, return without anything @@ -274,19 +280,24 @@ function validterm() ## Used in searchsploitout/nmap's XML -function searchsploitout() -{ +function searchsploitout() { ## Make sure there is a value - [ "${software}" = "" ] && return + [ "${software}" = "" ] \ + && return #echo "" 1>&2 arg="-t" ## Title search by default! - [[ "${JSON}" == "1" ]] && arg="${arg} --json" - [[ "${OVERFLOW}" == "1" ]] && arg="${arg} --overflow" - [[ "${WEBLINK}" == "1" ]] && arg="${arg} --www" - [[ "${COLOUR}" != "1" ]] && arg="${arg} --colour" - [[ "${EDBID}" == "1" ]] && arg="${arg} --id" + [[ "${COLOUR}" != "1" ]] \ + && arg="${arg} --colour" + [[ "${EDBID}" == "1" ]] \ + && arg="${arg} --id" + [[ "${JSON}" == "1" ]] \ + && arg="${arg} --json" + [[ "${OVERFLOW}" == "1" ]] \ + && arg="${arg} --overflow" + [[ "${WEBLINK}" == "1" ]] \ + && arg="${arg} --www" ## Try and remove terms that could confuse searches #software=$( echo "${software}" | sed 's_/_ _g' ) @@ -344,8 +355,7 @@ function searchsploitout() ## Read XML file -function nmapxml() -{ +function nmapxml() { ## Feedback to the end user echo -e "[i] Reading: '${FILE}'\n" 1>&2 @@ -390,8 +400,7 @@ function nmapxml() ## Build search terms -function buildterms() -{ +function buildterms() { tag_in="${1}" ## If we are to use colour ("--colour"), add the values to search for between "or" @@ -407,7 +416,8 @@ function buildterms() ## Search just the title, NOT the path ("-t"/"-e") else ## If there is already a value, prepend text to get ready - [[ "${AWK_SEARCH}" ]] && AWK_SEARCH="${AWK_SEARCH}/ && ${CASE_TAG_FGREP}(\$3) ~ /" + [[ "${AWK_SEARCH}" ]] \ + && AWK_SEARCH="${AWK_SEARCH}/ && ${CASE_TAG_FGREP}(\$3) ~ /" ## Escape any slashes tag_in="$( echo ${tag_in} | sed 's_/_\\/_g' )" @@ -423,8 +433,7 @@ function buildterms() ## Read in the values from files_*.csv -function findresults() -{ +function findresults() { file_in="${1}" path_in="${2}" name_in="${3}" @@ -438,17 +447,17 @@ function findresults() fi - ## JSON require full options if [[ "${JSON}" -eq 1 ]]; then - ## Read in (id, title, path, date, author, type, platform) separated between commas + ## JSON require full options ("--json") + ## Read (id, path, title, date, author, type, platform) separated between commas SEARCH="awk -F '[,]' '{print \$1\",\"\$2\",\"\$3\",\"\$4\",\"\$5\",\"\$6\",\"\$7}' \"${path_in}/${file_in}\"" else - ## Read in (id, title, path) separated between commas (as these are the only visible fields) + ## Read (id, path, title) separated between commas (as these are the only visible fields) SEARCH="awk -F '[,]' '{print \$1\",\"\$2\",\"\$3}' \"${path_in}/${file_in}\"" fi - ## EXACT search command ("-e")? + ## EXACT search command ("-e") if [[ "${EXACT}" -eq 1 ]]; then buildterms "${TAGS}" ## or AND search command? @@ -461,7 +470,8 @@ function findresults() ## If we are NOT to use the path name ("-t"/"-e") - [[ "${FILEPATH}" -eq 0 ]] && SEARCH="${SEARCH} | awk -F '[,]' '${CASE_TAG_FGREP}(\$3) ~ /${AWK_SEARCH}/ {print}'" + [[ "${FILEPATH}" -eq 0 ]] \ + && SEARCH="${SEARCH} | awk -F '[,]' '${CASE_TAG_FGREP}(\$3) ~ /${AWK_SEARCH}/ {print}'" ## If we are to use colour ("--colour"), add the value here @@ -471,16 +481,16 @@ function findresults() ## Dynamically set column widths to the current screen size - [[ "${WEBLINK}" -eq 1 ]] && COL2=45 || COL2=$(( ${#path_in} + 21 )) + [[ "${WEBLINK}" -eq 1 ]] \ + && COL2=45 \ + || COL2=$(( ${#path_in} + 21 )) COL1=$(( $( tput cols ) - COL2 - 1 )) ## Search, format, and print results (--overflow) - if [[ "${OVERFLOW}" -eq 1 ]]; then - FORMAT_COL1=${COL1} - else - FORMAT_COL1=${COL1}'.'${COL1} - fi + [[ "${OVERFLOW}" -eq 1 ]] \ + && FORMAT_COL1=${COL1} \ + || FORMAT_COL1=${COL1}'.'${COL1} ## Maximum length COL2 can be FORMAT_COL2=$(( ${COL2} - 2 )) @@ -490,10 +500,16 @@ function findresults() ## Remove any terms not wanted from the search - [[ "${EXCLUDE}" ]] && SEARCH="${SEARCH} | grep -vEi '${EXCLUDE}'" + [[ "${EXCLUDE}" ]] \ + && SEARCH="${SEARCH} | grep -vEi '${EXCLUDE}'" ## Magic search Fu + + ## If there are no results, no point going on + [[ -z "$OUTPUT" ]] \ + && return + ## Print JSON format (full options) ("--json")? if [[ "${JSON}" -eq 1 ]]; then ## Web link format ("--json --www")? @@ -510,38 +526,37 @@ function findresults() | awk -F ',' '{ printf "\\n\\t\\t'{'\"Title\":\"%s\",\"EDB-ID\":\"%s\",\"Date\":\"%s\",\"Author\":\"%s\",\"Type\":\"%s\",\"Platform\":\"%s\",\"Path\":\"'${path_in}/'%s\"},", $3, $1, $4, $5, $6, $7, $2 }' )" fi OUTPUT="$( echo -e ${OUTPUT} \ - | sort \ + | sort -f \ | sed '$ s/,$//' )" ## Web link format ("--www")? elif [[ "${WEBLINK}" -eq 1 ]]; then OUTPUT="$( eval ${SEARCH} \ | awk -F ',' '{ printf "%-'${FORMAT_COL1}'s | %s\n", $3, "https://www.exploit-db.com/'${url}'/"$1 }' \ - | sort )" + | sort -f )" ## Just the EDB-ID ("--id")? elif [[ "${EDBID}" -eq 1 ]]; then OUTPUT="$( eval ${SEARCH} \ | awk -F ',' '{ printf "%-'${FORMAT_COL1}'s | %s\n", $3, $1 }' \ - | sort )" + | sort -f )" ## Default view else OUTPUT="$( eval ${SEARCH} \ | awk -F ',' '{ printf "%-'${FORMAT_COL1}'s | %.'${FORMAT_COL2}'s\n", $3, $2 }' \ - | sort )" + | sort -f )" fi ## Display colour highlights ("--colour")? - if [[ "${COLOUR_TAG}" ]] && [[ "${JSON}" -eq 0 ]]; then - [[ "${OUTPUT}" ]] && OUTPUT=$( echo -e "${OUTPUT}" | eval ${COLOUR_TAG} ) + if [[ "${COLOUR_TAG}" ]] && [[ "${JSON}" -eq 0 ]] && [[ "${OUTPUT}" ]]; then + OUTPUT=$( echo -e "${OUTPUT}" | eval ${COLOUR_TAG} ) fi } -function printresults() -{ +function printresults() { title_in="${1}" path_in="${2}" - json_title="$(echo ${title_in} | tr /a-z/ /A-Z/)" + json_title="$( echo ${title_in} | tr /a-z/ /A-Z/ )" ## Print header if in JSON ("--json") @@ -567,7 +582,8 @@ function printresults() ## Show content - [[ "${OUTPUT}" ]] && echo "${OUTPUT}" + [[ "${OUTPUT}" ]] \ + && echo "${OUTPUT}" ## Print footer if in JSON ("--json") @@ -590,11 +606,11 @@ if [[ -f "${HOME}/.searchsploit_rc" ]]; then elif [[ -f "/etc/searchsploit_rc" ]]; then rc_file="/etc/searchsploit_rc" ## Method #1 - File itself -elif [[ -f "$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)/.searchsploit_rc" ]]; then - rc_file="$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)/.searchsploit_rc" +elif [[ -f "$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/.searchsploit_rc" ]]; then + rc_file="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/.searchsploit_rc" ## Method #2 - Symbolic link -elif [[ -f "$(dirname "$(readlink "$0")")/.searchsploit_rc" ]]; then - rc_file="$(dirname "$(readlink "$0")")/.searchsploit_rc" +elif [[ -f "$( dirname "$( readlink "$0")" )/.searchsploit_rc" ]]; then + rc_file="$( dirname "$( readlink "$0")" )/.searchsploit_rc" ## Manually specified? elif [[ ! -f "${rc_file}" ]]; then echo "[!] Could not find: rc_file ~ ${rc_file}" @@ -620,6 +636,8 @@ ARGS="-" for param in "$@"; do if [[ "${param}" == "--case" ]]; then SCASE=1 + elif [[ "${param}" == "--colour" ]] || [[ "${param}" == "--color" ]]; then + COLOUR="" elif [[ "${param}" == "--exact" ]]; then EXACT=1 elif [[ "${param}" == "--examine" ]] || [[ "${param}" == "--open" ]] || [[ "${param}" == "--view" ]]; then @@ -627,11 +645,15 @@ for param in "$@"; do EXAMINE=1 elif [[ "${param}" == "--help" ]]; then usage >&2 + elif [[ "${param}" == "--id" ]]; then + EDBID=1 elif [[ "${param}" == "--json" ]]; then JSON=1 elif [[ "${param}" == "--mirror" ]] || [[ "${param}" == "--copy" ]] || [[ "${param}" == "--dup" ]] || [[ "${param}" == "--duplicate" ]]; then GETPATH=1 MIRROR=1 + elif [[ "${param}" == "--nmap" ]]; then + XML=1 elif [[ "${param}" == "--overflow" ]]; then OVERFLOW=1 elif [[ "${param}" == "--path" ]]; then @@ -641,18 +663,12 @@ for param in "$@"; do FILEPATH=0 elif [[ "${param}" == "--update" ]]; then update - elif [[ "${param}" == "--www" ]]; then - WEBLINK=1 - elif [[ "${param}" == "--colour" ]] || [[ "${param}" == "--color" ]]; then - COLOUR="" - elif [[ "${param}" == "--id" ]]; then - EDBID=1 - elif [[ "${param}" == "--nmap" ]]; then - XML=1 - elif [[ "${param}" =~ "--exclude=" ]]; then - EXCLUDE="$( echo "${param}" | cut -d '=' -f 2- )" elif [[ "${param}" == "--verbose" ]]; then VERBOSE=1 + elif [[ "${param}" == "--www" ]]; then + WEBLINK=1 + elif [[ "${param}" =~ "--exclude=" ]]; then + EXCLUDE="$( echo "${param}" | cut -d '=' -f 2- )" else if [[ "${param:0:1}" == "-" ]]; then ARGS=${ARGS}${param:1} @@ -699,17 +715,17 @@ for (( i=0; i<${arraylength}; i++ )); do if [[ -f "${files}" ]]; then continue ## Method #1 - File itself - elif [[ -f "$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)/${files_array[${i}]}" ]]; then - echo "[i] Found (#1): $(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)/${files_array[${i}]}" 1>&2 + elif [[ -f "$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/${files_array[${i}]}" ]]; then + echo "[i] Found (#1): $( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/${files_array[${i}]}" 1>&2 echo "[i] To remove this message, please edit \"${rc_file}\" for \"${files_array[${i}]}\" (package_array: ${package_array[${i}]})" 1>&2 echo 1>&2 - path_array[${i}]="$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)" + path_array[${i}]="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" ## Method #2 - Symbolic link - elif [[ -f "$(dirname "$(readlink "$0")")/${files_array[${i}]}" ]]; then - echo "[i] Found (#2): $(dirname "$(readlink "$0")")/${files_array[${i}]}" 1>&2 + elif [[ -f "$( dirname "$( readlink "$0" )" )/${files_array[${i}]}" ]]; then + echo "[i] Found (#2): $( dirname "$( readlink "$0" )" )/${files_array[${i}]}" 1>&2 echo "[i] To remove this message, please edit \"${rc_file}\" for \"${files_array[${i}]}\" (package_array: ${package_array[${i}]})" 1>&2 echo 1>&2 - path_array[${i}]="$(dirname "$(readlink "$0")")" + path_array[${i}]="$( dirname "$( readlink "$0" )" )" else #echo "[!] Could not find: ${files}" 1>&2 #echo "[i] To remove this message, please remove \"${files_array[${i}]}\" (package_array: ${package_array[${i}]}) from \"${rc_file}\"" 1>&2 @@ -739,7 +755,7 @@ if [[ "${XML}" -eq 1 ]]; then if ! hash xmllint 2>/dev/null; then echo -e "\n[!] Please install xmllint" 1>&2 - echo -e "[i] Kali Linux -> apt -y install libxml2-utils" 1>&2 + echo -e "[i] Kali Linux: sudo apt -y install libxml2-utils" 1>&2 exit 1 fi @@ -814,11 +830,11 @@ if [[ "${GETPATH}" -eq 1 ]]; then ## Linux (Will require $DISPLAY) if hash xclip 2>/dev/null; then echo -ne "${location}" | xclip -selection clipboard 2>/dev/null - echo "Copied EDB-ID #${edbdb}'s path to the clipboard." + echo "Copied EDB-ID #${edbdb}'s path to the clipboard" ## OSX elif hash pbcopy 2>/dev/null; then echo -ne "${location}" | pbcopy - echo "Copied EDB-ID #${edbdb}'s path to the clipboard." + echo "Copied EDB-ID #${edbdb}'s path to the clipboard" fi fi @@ -880,7 +896,8 @@ TAGS="$( echo ${TAGS} | sed -e 's/^[[:space:]]//' )" ## Print header if in JSON ("--json") -[[ "${JSON}" -eq 1 ]] && printf "{\n\t\"SEARCH\": \"${TAGS}\"" +[[ "${JSON}" -eq 1 ]] \ + && printf "{\n\t\"SEARCH\": \"${TAGS}\"" ## Check for files_*.csv @@ -893,7 +910,7 @@ for (( i=0; i<${arraylength}; i++ )); do printresults "${name_array[${i}]}" "${path_array[${i}]}" ## Summary if NOT JSON ("--json") elif [[ "${JSON}" -eq 0 ]]; then - echo "${name_array[${i}]}s: No Result" + echo "${name_array[${i}]}s: No Results" fi ## Reset COLOUR_TAG="" @@ -901,7 +918,8 @@ done ## Print footer if in JSON ("--json") -[[ "${JSON}" -eq 1 ]] && printf "\n}\n" +[[ "${JSON}" -eq 1 ]] \ + && printf "\n}\n" ## Done