From a24770728dcdc8828f897efdde542c26e0e65c6b Mon Sep 17 00:00:00 2001
From: g0tmi1k <have.you.g0tmi1k@gmail.com>
Date: Thu, 28 May 2020 12:14:47 +0100
Subject: [PATCH] Fix for EDBID: 47041

---
 searchsploit | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/searchsploit b/searchsploit
index 0d3d55d0e..a9ef50a53 100755
--- a/searchsploit
+++ b/searchsploit
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 #       Name: SearchSploit - Exploit-DB's CLI search tool
-#    Version: 4.1.1 (2020-05-01)
+#    Version: 4.1.2 (2020-05-28)
 # Written by: Offensive Security, Unix-Ninja, and g0tmi1k
 #   Homepage: https://github.com/offensive-security/exploitdb
 #     Manual: https://www.exploit-db.com/searchsploit
@@ -383,7 +383,7 @@ function nmapxml() {
 
   ## Read in XMP (IP, name, service and version)
   xmllint --xpath '//address/@addr|//service/@name|//service/@product|//service/@version' "${FILE}" \
-    | sed -e $'s/addr=/\\\n[IP] /g; s/name=/\\\n[NAME] /g; s/product=/\\\n[PRODUCT] /g;s/" version="/\\\n[VERSION] /g; s/"//g' \
+    | sed -e $'s/addr=/\\\n[IP] /g;   s/name=/\\\n[NAME] /g;   s/product=/\\\n[PRODUCT] /g;s/" version="/\\\n[VERSION] /g;   s/"//g' \
     | grep -v '\[IP\].*\:' \
     | while read line; do
       type=$( echo "${line}" | cut -d" " -f 1 )
@@ -566,7 +566,7 @@ function findresults() {
       done < <(
         echo "${TITLE}" \
           | grep ${REGEX_GREP} -o "((\d+)(\.?\d*)(\.?\d*)((\.|\-)?(\d|x)*)(\s*))?((<|>)=?)(\s*)(\d+)(\.?\d*)(\.?\d*)((\.|\-)?(\d|x)*)" \
-          | sed 's_=__;  s_>_<_'
+          | sed 's_=__;   s_>_<_'
       )
       ## Do the same search (just without the version) & loop around all the exploit titles (as thats where the versions are)
       ## Two main "parts"
@@ -597,7 +597,7 @@ function findresults() {
   fi
 
 
-  ## Magic search Fu + strip double quotes
+  ## Magic search Fu + strip double quotes + Fix any escaping `\` (need todo it again for JSON only later: issues/#173)
   OUTPUT="$(
     ( \
       eval ${SEARCH}; \
@@ -607,6 +607,7 @@ function findresults() {
     | sort -u
   )"
 
+
   ## If there are no results, no point going on
   [[ -z "$OUTPUT" ]] \
     && return
@@ -616,14 +617,17 @@ function findresults() {
     ## Web link format ("--json --www")?
     if [[ "${WEBLINK}" -eq 1 ]]; then
       OUTPUT="$( echo "${OUTPUT}" \
+        | sed 's_\\_\\\\_g' \
         | awk -F ',' '{ printf "\\n\\t\\t'{'\"Title\":\"%s\",\"URL\":\"https://www.exploit-db.com/'${url}'/%s\"},", $3, $1 }' )"
     ## Just the EDB-ID ("--json --id")?
     elif [[ "${EDBID}" -eq 1 ]]; then
       OUTPUT="$( echo "${OUTPUT}" \
+        | sed 's_\\_\\\\_g' \
         | awk -F ',' '{ printf "\\n\\t\\t'{'\"Title\":\"%s\",\"EDB-ID\":\"%s\",\"Path\":\"'${path_in}/'%s\"},", $3, $1, $2 }' )"
     ## Default JSON ("--json")?
     else
       OUTPUT="$( echo "${OUTPUT}" \
+        | sed 's_\\_\\\\_g' \
         | awk -F ',' '{ printf "\\n\\t\\t'{'\"Title\":\"%s\",\"EDB-ID\":\"%s\",\"Date\":\"%s\",\"Author\":\"%s\",\"Type\":\"%s\",\"Platform\":\"%s\",\"Path\":\"'${path_in}/'%s\"},", $3, $1, $4, $5, $6, $7, $2 }' )"
     fi
     OUTPUT="$( echo -e ${OUTPUT} \
@@ -642,7 +646,7 @@ function findresults() {
   ## Default view
   else
     OUTPUT="$( echo "${OUTPUT}" \
-      | sed 's_,exploits/_,_; s_,shellcodes/_,_; s_,papers/_,_' \
+      | sed 's_,exploits/_,_;   s_,shellcodes/_,_;   s_,papers/_,_' \
       | awk -F ',' '{ printf "%-'${FORMAT_COL1}'s | %.'${FORMAT_COL2}'s\n", $3, $2 }' \
       | sort -f )"
   fi