bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix for EDBID: 47041

Browse source
This commit is contained in:
g0tmi1k 2020-05-28 12:14:47 +01:00
parent d7ce1d69e6
commit a24770728d
1 changed files with 9 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
searchsploit
View file

@ -1,6 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Name: SearchSploit - Exploit-DB's CLI search tool # Name: SearchSploit - Exploit-DB's CLI search tool
# Version: 4.1.1 (2020-05-01) # Version: 4.1.2 (2020-05-28)
# Written by: Offensive Security, Unix-Ninja, and g0tmi1k # Written by: Offensive Security, Unix-Ninja, and g0tmi1k
# Homepage: https://github.com/offensive-security/exploitdb # Homepage: https://github.com/offensive-security/exploitdb
# Manual: https://www.exploit-db.com/searchsploit # Manual: https://www.exploit-db.com/searchsploit
@ -383,7 +383,7 @@ function nmapxml() {
## Read in XMP (IP, name, service and version) ## Read in XMP (IP, name, service and version)
xmllint --xpath '//address/@addr|//service/@name|//service/@product|//service/@version' "${FILE}" \ xmllint --xpath '//address/@addr|//service/@name|//service/@product|//service/@version' "${FILE}" \
| sed -e $'s/addr=/\\\n[IP] /g; s/name=/\\\n[NAME] /g; s/product=/\\\n[PRODUCT] /g;s/" version="/\\\n[VERSION] /g; s/"//g' \ | sed -e $'s/addr=/\\\n[IP] /g; s/name=/\\\n[NAME] /g; s/product=/\\\n[PRODUCT] /g;s/" version="/\\\n[VERSION] /g; s/"//g' \
| grep -v '\[IP\].*\:' \ | grep -v '\[IP\].*\:' \
| while read line; do | while read line; do
type=$( echo "${line}" | cut -d" " -f 1 ) type=$( echo "${line}" | cut -d" " -f 1 )
@ -566,7 +566,7 @@ function findresults() {
done < <( done < <(
echo "${TITLE}" \ echo "${TITLE}" \
| grep ${REGEX_GREP} -o "((\d+)(\.?\d*)(\.?\d*)((\.|\-)?(\d|x)*)(\s*))?((<|>)=?)(\s*)(\d+)(\.?\d*)(\.?\d*)((\.|\-)?(\d|x)*)" \ | grep ${REGEX_GREP} -o "((\d+)(\.?\d*)(\.?\d*)((\.|\-)?(\d|x)*)(\s*))?((<|>)=?)(\s*)(\d+)(\.?\d*)(\.?\d*)((\.|\-)?(\d|x)*)" \
| sed 's_=__; s_>_<_' | sed 's_=__; s_>_<_'
) )
## Do the same search (just without the version) & loop around all the exploit titles (as thats where the versions are) ## Do the same search (just without the version) & loop around all the exploit titles (as thats where the versions are)
## Two main "parts" ## Two main "parts"
@ -597,7 +597,7 @@ function findresults() {
fi fi
## Magic search Fu + strip double quotes ## Magic search Fu + strip double quotes + Fix any escaping `\` (need todo it again for JSON only later: issues/#173)
OUTPUT="$( OUTPUT="$(
( \ ( \
eval ${SEARCH}; \ eval ${SEARCH}; \
@ -607,6 +607,7 @@ function findresults() {
| sort -u | sort -u
)" )"
## If there are no results, no point going on ## If there are no results, no point going on
[[ -z "$OUTPUT" ]] \ [[ -z "$OUTPUT" ]] \
&& return && return
@ -616,14 +617,17 @@ function findresults() {
## Web link format ("--json --www")? ## Web link format ("--json --www")?
if [[ "${WEBLINK}" -eq 1 ]]; then if [[ "${WEBLINK}" -eq 1 ]]; then
OUTPUT="$( echo "${OUTPUT}" \ OUTPUT="$( echo "${OUTPUT}" \
| sed 's_\\_\\\\_g' \
| awk -F ',' '{ printf "\\n\\t\\t'{'\"Title\":\"%s\",\"URL\":\"https://www.exploit-db.com/'${url}'/%s\"},", $3, $1 }' )" | awk -F ',' '{ printf "\\n\\t\\t'{'\"Title\":\"%s\",\"URL\":\"https://www.exploit-db.com/'${url}'/%s\"},", $3, $1 }' )"
## Just the EDB-ID ("--json --id")? ## Just the EDB-ID ("--json --id")?
elif [[ "${EDBID}" -eq 1 ]]; then elif [[ "${EDBID}" -eq 1 ]]; then
OUTPUT="$( echo "${OUTPUT}" \ OUTPUT="$( echo "${OUTPUT}" \
| sed 's_\\_\\\\_g' \
| awk -F ',' '{ printf "\\n\\t\\t'{'\"Title\":\"%s\",\"EDB-ID\":\"%s\",\"Path\":\"'${path_in}/'%s\"},", $3, $1, $2 }' )" | awk -F ',' '{ printf "\\n\\t\\t'{'\"Title\":\"%s\",\"EDB-ID\":\"%s\",\"Path\":\"'${path_in}/'%s\"},", $3, $1, $2 }' )"
## Default JSON ("--json")? ## Default JSON ("--json")?
else else
OUTPUT="$( echo "${OUTPUT}" \ OUTPUT="$( echo "${OUTPUT}" \
| sed 's_\\_\\\\_g' \
| awk -F ',' '{ printf "\\n\\t\\t'{'\"Title\":\"%s\",\"EDB-ID\":\"%s\",\"Date\":\"%s\",\"Author\":\"%s\",\"Type\":\"%s\",\"Platform\":\"%s\",\"Path\":\"'${path_in}/'%s\"},", $3, $1, $4, $5, $6, $7, $2 }' )" | awk -F ',' '{ printf "\\n\\t\\t'{'\"Title\":\"%s\",\"EDB-ID\":\"%s\",\"Date\":\"%s\",\"Author\":\"%s\",\"Type\":\"%s\",\"Platform\":\"%s\",\"Path\":\"'${path_in}/'%s\"},", $3, $1, $4, $5, $6, $7, $2 }' )"
fi fi
OUTPUT="$( echo -e ${OUTPUT} \ OUTPUT="$( echo -e ${OUTPUT} \
@ -642,7 +646,7 @@ function findresults() {
## Default view ## Default view
else else
OUTPUT="$( echo "${OUTPUT}" \ OUTPUT="$( echo "${OUTPUT}" \
| sed 's_,exploits/_,_; s_,shellcodes/_,_; s_,papers/_,_' \ | sed 's_,exploits/_,_; s_,shellcodes/_,_; s_,papers/_,_' \
| awk -F ',' '{ printf "%-'${FORMAT_COL1}'s | %.'${FORMAT_COL2}'s\n", $3, $2 }' \ | awk -F ',' '{ printf "%-'${FORMAT_COL1}'s | %.'${FORMAT_COL2}'s\n", $3, $2 }' \
| sort -f )" | sort -f )"
fi fi