diff --git a/README.md b/README.md index 51b11bc20..e3771bc6e 100755 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -The Exploit-Database Git Repository +The Exploit Database Git Repository =================================== This is the official repository of [The Exploit Database](https://www.exploit-db.com/), a project sponsored by [Offensive Security](https://www.offensive-security.com/). @@ -12,36 +12,40 @@ Included with this repository is the **searchsploit** utility, which will allow ``` root@kali:~# searchsploit -h Usage: searchsploit [options] term1 [term2] ... [termN] -Example: + +========= + Examples +========= searchsploit afd windows local searchsploit -t oracle windows + searchsploit -p 39446 ========= Options ========= - -c, --case Perform a case-sensitive search (Default is inSEnsITiVe). - -e, --exact Perform an EXACT match on exploit title (Default is AND) [Implies "-t"]. - -h, --help Show this help screen. - -j, --json Show result in JSON format. - -m, --mirror Mirror (Copy) exploit to current path. - -o, --overflow Exploit title's are allowed to overflow their columns. - -p, --path Show the full path to an exploit (Copies path to clipboard if possible). - -t, --title Search just the exploit title (Default is title AND the file's path). - -u, --update Update exploit database from git. - -w, --www Show URLs to Exploit-DB.com rather than local path. - -x, --examine Examine exploit in terminal pager. - --colour Disable colour highlighting. - --id Display EDB-ID value rather than local path. + -c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe). + -e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"]. + -h, --help Show this help screen. + -j, --json [Term] Show result in JSON format. + -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory. + -o, --overflow [Term] Exploit titles are allowed to overflow their columns. + -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible). + -t, --title [Term] Search JUST the exploit title (Default is title AND the file's path). + -u, --update Update the database via Git. + -w, --www [Term] Show URLs to Exploit-DB.com rather than the local path. + -x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER. + --colour Disable colour highlighting in search results. + --id Display the EDB-ID value rather than local path. ======= Notes ======= - * Use any number of search terms. - * Search terms are not case sensitive, and order is irrelevant. + * You can use any number of search terms. + * Search terms are not case-sensitive (by default), and ordering is irrelevant. * Use '-c' if you wish to reduce results by case-sensitive searching. * And/Or '-e' if you wish to filter results by using an exact match. * Use '-t' to exclude the file's path to filter the search results. - * Remove false positives (especially when searching numbers/major versions). + * Remove false positives (especially when searching using numbers - i.e. versions). * When updating from git or displaying help, search terms will be ignored. root@kali:~# @@ -50,12 +54,18 @@ root@kali:~# searchsploit afd windows local Exploit Title | Path | (/usr/share/exploitdb/platforms) --------------------------------------------------------------------------------- ---------------------------------- -Microsoft Windows 2003/XP - afd.sys Privilege Escalation Exploit (K-plugin) | ./windows/local/6757.txt +Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) | ./windows/local/6757.txt Microsoft Windows XP - afd.sys Local Kernel Denial of Service | ./windows/dos/17133.c -Microsoft Windows XP/2003 - afd.sys Local Privilege Escalation Exploit (MS11-080)| ./windows/local/18176.py -Microsoft Windows - AfdJoinLeaf Privilege Escalation (MS11-080) | ./windows/local/21844.rb -Microsoft Windows - afd.sys Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py -Microsoft Windows 7 (x64) - afd.sys Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py +Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py +Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) | ./windows/local/21844.rb +Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py +Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py --------------------------------------------------------------------------------- ---------------------------------- root@kali:~# +root@kali:~# searchsploit -p 39446 +Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) + Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py + +Copied the file path to the clipboard. +root@kali:~# ``` diff --git a/searchsploit b/searchsploit index a75063ae2..553a26393 100755 --- a/searchsploit +++ b/searchsploit @@ -1,6 +1,6 @@ #!/bin/bash # Name: SearchSploit - Exploit-DB's CLI search tool -# Version: 3.4 (Release date: 2016-08-17) +# Version: 3.5 (Release date: 2016-09-16) # Written by: Offensive Security, Unix-Ninja & g0tmi1k # Homepage: https://github.com/offensive-security/exploit-database # @@ -22,22 +22,23 @@ progname="$( basename "$0" )" ## Default options +CLIPBOARD=0 COLOUR=1 -COPY_EXPLOIT=0 EDBID=0 EXACT=0 EXAMINE=0 FILEPATH=1 GETPATH=0 JSON=0 +MIRROR=0 OVERFLOW=0 -WEBLINK=0 SCASE=0 +WEBLINK=0 +COLOUR_TAG="" TAGS="" +SEARCH="" CASE_TAG_GREP="-i" CASE_TAG_FGREP="tolower" -COLOUR_TAG="" -SEARCH="" ## Set LANG variable to avoid illegal byte sequence errors @@ -55,36 +56,41 @@ fi function usage() { echo " Usage: ${progname} [options] term1 [term2] ... [termN]" - echo "Example:" + echo + echo "==========" + echo " Examples " + echo "==========" echo " ${progname} afd windows local" echo " ${progname} -t oracle windows" + echo " ${progname} -p 39446" echo echo "=========" echo " Options " echo "=========" - echo " -c, --case Perform a case-sensitive search (Default is inSEnsITiVe)." - echo " -e, --exact Perform an EXACT match on exploit title (Default is AND) [Implies \"-t\"]." - echo " -h, --help Show this help screen." - echo " -j, --json Show result in JSON format." - echo " -m, --mirror Mirror (Copy) exploit to current path." - echo " -o, --overflow Exploit title's are allowed to overflow their columns." - echo " -p, --path Show the full path to an exploit (Copies path to clipboard if possible)." - echo " -t, --title Search just the exploit title (Default is title AND the file's path)." - echo " -u, --update Update exploit database from git." - echo " -w, --www Show URLs to Exploit-DB.com rather than local path." - echo " -x, --examine Examine exploit in terminal pager." - echo " --colour Disable colour highlighting." - echo " --id Display EDB-ID value rather than local path." + echo " -c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe)." + echo " -e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies \"-t\"]." + echo " -h, --help Show this help screen." + echo " -j, --json [Term] Show result in JSON format." + echo " -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory." + echo " -o, --overflow [Term] Exploit titles are allowed to overflow their columns." + echo " -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible)." + echo " -t, --title [Term] Search JUST the exploit title (Default is title AND the file's path)." + echo " -u, --update Update the database via Git." + echo " -w, --www [Term] Show URLs to Exploit-DB.com rather than the local path." + echo " -x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER." + echo " --colour Disable colour highlighting in search results." + echo " --id Display the EDB-ID value rather than local path." + echo echo "=======" echo " Notes " echo "=======" - echo " * Use any number of search terms." - echo " * Search terms are not case sensitive, and order is irrelevant." + echo " * You can use any number of search terms." + echo " * Search terms are not case-sensitive (by default), and ordering is irrelevant." echo " * Use '-c' if you wish to reduce results by case-sensitive searching." echo " * And/Or '-e' if you wish to filter results by using an exact match." echo " * Use '-t' to exclude the file's path to filter the search results." - echo " * Remove false positives (especially when searching numbers/major versions)." + echo " * Remove false positives (especially when searching using numbers - i.e. versions)." echo " * When updating from git or displaying help, search terms will be ignored." echo "" exit 2 @@ -161,10 +167,14 @@ for param in "$@"; do usage >&2 elif [[ "${param}" == "--json" ]]; then JSON=1 + elif [[ "${param}" == "--mirror" ]]; then + GETPATH=1 + MIRROR=1 elif [[ "${param}" == "--overflow" ]]; then OVERFLOW=1 elif [[ "${param}" == "--path" ]]; then GETPATH=1 + CLIPBOARD=1 elif [[ "${param}" == "--title" ]]; then FILEPATH=0 elif [[ "${param}" == "--update" ]]; then @@ -196,9 +206,9 @@ while getopts "cehjmoptuwx" arg "${ARGS}"; do e) EXACT=1;; h) usage >&2;; j) JSON=1;; - m) COPY_EXPLOIT=1;; + m) GETPATH=1; MIRROR=1;; o) OVERFLOW=1;; - p) GETPATH=1;; + p) GETPATH=1; CLIPBOARD=1;; t) FILEPATH=0;; u) update;; w) WEBLINK=1;; @@ -210,59 +220,70 @@ done ## Print the full path. If pbcopy/xclip is available then copy to the clipboard if [[ "${GETPATH}" -eq 1 ]]; then - ## Get EDB-ID from input - edbdb="$( echo ${TAGS} | tr -dc '0-9' )" - ## Check files.csv - location=$( cut -d, -f2 "${csvpath}" | grep -m 1 -E "/${edbdb}(\..*)?$" ) - title=$( grep -m 1 "${location}" "${csvpath}" | cut -d, -f3 | sed 's/"//g') - ## Join paths - location="${gitpath}/${location}" - ## Did we find the exploit? - if [[ -f "${location}" ]]; then - ## Display out - echo "Exploit: ${title}" - echo " Path: ${location}" - echo "" + for exploit in $(echo ${TAGS}); do + ## Get EDB-ID from input + edbdb="$( echo ${exploit} | tr -dc '0-9' )" - ## Are any copy programs available? - if hash xclip 2>/dev/null || hash pbcopy 2>/dev/null; then - ## Linux - if hash xclip 2>/dev/null; then - echo -ne "${location}" | xclip -selection clipboard - echo "Copied the file path to the clipboard." - ## OSX - elif hash pbcopy 2>/dev/null; then - echo -ne "${location}" | pbcopy - echo "Copied the file path to the clipboard." + ## Check files.csv + location=$( cut -d, -f2 "${csvpath}" | grep -m 1 -E "/${edbdb}(\..*)?$" ) + title=$( grep -m 1 "${location}" "${csvpath}" | cut -d, -f3 | sed 's/"//g' ) + + ## Join paths + location="${gitpath}/${location}" + + ## Did we find the exploit? + if [[ -f "${location}" ]]; then + ## Display out + echo "Exploit: ${title}" + echo " URL: https://www.exploit-db.com/exploits/${edbdb}/" + echo " Path: ${location}" + echo "" + + ## Copy to clipboard? + if [[ "${CLIPBOARD}" -eq 1 ]]; then + ## Are any copy programs available? + if hash xclip 2>/dev/null || hash pbcopy 2>/dev/null; then + ## Linux + if hash xclip 2>/dev/null; then + echo -ne "${location}" | xclip -selection clipboard + echo "Copied EDB-ID ${edbdb}'s path to the clipboard." + ## OSX + elif hash pbcopy 2>/dev/null; then + echo -ne "${location}" | pbcopy + echo "Copied EDB-ID ${edbdb}'s path to the clipboard." + fi + fi + + ## Done (early!) + exit 0 fi - fi - if [[ "${EXAMINE}" -eq 1 ]]; then - if [[ "${PAGER}" ]]; then - /bin/sh -c ${PAGER} ${location} - elif [[ -f "$(which pager 2> /dev/null)" ]]; then - pager ${location} - else - less ${location} + ## Open the exploit up? + if [[ "${EXAMINE}" -eq 1 ]]; then + if [[ "${PAGER}" ]]; then + /bin/sh -c "${PAGER} ${location}" + elif [[ -f "$( which pager 2>/dev/null )" ]]; then + pager "${location}" + else + less "${location}" + fi + echo -e "\n" fi + + if [[ "${MIRROR}" -eq 1 ]]; then + echo "Copied to '$(pwd)/'" + cp -i "${location}" "$(pwd)/" + echo -e "\n" + fi + else + ## Feedback + echo "Could not find EDB-ID #${edbdb}" + echo -e "\n" fi - - ## Done - exit 0 - else - ## Feedback - echo "Could not find exploit EDB-ID #${edbdb}" - - ## Quit - exit 1 - fi -fi - -if [[ "${COPY_EXPLOIT}" -eq 1 ]]; then - for exploit in $TAGS; do - find ${cvspath} -name ${exploit}'.*' -exec cp {} . \; -exec echo 'Copied {} to '$(pwd) \; done + + ## Done exit 0 fi