bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed a few minor bugs in SearchSploit & more verbose output.

Browse source
This commit is contained in:
g0tmi1k 2016-09-16 16:22:52 +01:00
parent 5fefdd465d
commit a53a982fb2
2 changed files with 124 additions and 93 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
README.md
View file

@ -1,4 +1,4 @@
The Exploit-Database Git Repository The Exploit Database Git Repository
=================================== ===================================
This is the official repository of [The Exploit Database](https://www.exploit-db.com/), a project sponsored by [Offensive Security](https://www.offensive-security.com/). This is the official repository of [The Exploit Database](https://www.exploit-db.com/), a project sponsored by [Offensive Security](https://www.offensive-security.com/).
@ -12,36 +12,40 @@ Included with this repository is the **searchsploit** utility, which will allow
``` ```
root@kali:~# searchsploit -h root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN] Usage: searchsploit [options] term1 [term2] ... [termN]
Example:
=========
Examples
=========
searchsploit afd windows local searchsploit afd windows local
searchsploit -t oracle windows searchsploit -t oracle windows
searchsploit -p 39446
========= =========
Options Options
========= =========
-c, --case Perform a case-sensitive search (Default is inSEnsITiVe). -c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact Perform an EXACT match on exploit title (Default is AND) [Implies "-t"]. -e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen. -h, --help Show this help screen.
-j, --json Show result in JSON format. -j, --json [Term] Show result in JSON format.
-m, --mirror Mirror (Copy) exploit to current path. -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow Exploit title's are allowed to overflow their columns. -o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path Show the full path to an exploit (Copies path to clipboard if possible). -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title Search just the exploit title (Default is title AND the file's path). -t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Update exploit database from git. -u, --update Update the database via Git.
-w, --www Show URLs to Exploit-DB.com rather than local path. -w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine Examine exploit in terminal pager. -x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting. --colour Disable colour highlighting in search results.
--id Display EDB-ID value rather than local path. --id Display the EDB-ID value rather than local path.
======= =======
Notes Notes
======= =======
* Use any number of search terms. * You can use any number of search terms.
* Search terms are not case sensitive, and order is irrelevant. * Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching. * Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match. * And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results. * Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching numbers/major versions). * Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored. * When updating from git or displaying help, search terms will be ignored.
root@kali:~# root@kali:~#
@ -50,12 +54,18 @@ root@kali:~# searchsploit afd windows local
Exploit Title | Path Exploit Title | Path
| (/usr/share/exploitdb/platforms) | (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ---------------------------------- --------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows 2003/XP - afd.sys Privilege Escalation Exploit (K-plugin) | ./windows/local/6757.txt Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) | ./windows/local/6757.txt
Microsoft Windows XP - afd.sys Local Kernel Denial of Service | ./windows/dos/17133.c Microsoft Windows XP - afd.sys Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows XP/2003 - afd.sys Local Privilege Escalation Exploit (MS11-080)| ./windows/local/18176.py Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - AfdJoinLeaf Privilege Escalation (MS11-080) | ./windows/local/21844.rb Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) | ./windows/local/21844.rb
Microsoft Windows - afd.sys Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - afd.sys Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
--------------------------------------------------------------------------------- ---------------------------------- --------------------------------------------------------------------------------- ----------------------------------
root@kali:~# root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied the file path to the clipboard.
root@kali:~#
``` ```

161
searchsploit
View file

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Name: SearchSploit - Exploit-DB's CLI search tool # Name: SearchSploit - Exploit-DB's CLI search tool
# Version: 3.4 (Release date: 2016-08-17) # Version: 3.5 (Release date: 2016-09-16)
# Written by: Offensive Security, Unix-Ninja & g0tmi1k # Written by: Offensive Security, Unix-Ninja & g0tmi1k
# Homepage: https://github.com/offensive-security/exploit-database # Homepage: https://github.com/offensive-security/exploit-database
# #
@ -22,22 +22,23 @@ progname="$( basename "$0" )"
## Default options ## Default options
CLIPBOARD=0
COLOUR=1 COLOUR=1
COPY_EXPLOIT=0
EDBID=0 EDBID=0
EXACT=0 EXACT=0
EXAMINE=0 EXAMINE=0
FILEPATH=1 FILEPATH=1
GETPATH=0 GETPATH=0
JSON=0 JSON=0
MIRROR=0
OVERFLOW=0 OVERFLOW=0
WEBLINK=0
SCASE=0 SCASE=0
WEBLINK=0
COLOUR_TAG=""
TAGS="" TAGS=""
SEARCH=""
CASE_TAG_GREP="-i" CASE_TAG_GREP="-i"
CASE_TAG_FGREP="tolower" CASE_TAG_FGREP="tolower"
COLOUR_TAG=""
SEARCH=""
## Set LANG variable to avoid illegal byte sequence errors ## Set LANG variable to avoid illegal byte sequence errors
@ -55,36 +56,41 @@ fi
function usage() function usage()
{ {
echo " Usage: ${progname} [options] term1 [term2] ... [termN]" echo " Usage: ${progname} [options] term1 [term2] ... [termN]"
echo "Example:" echo
echo "=========="
echo " Examples "
echo "=========="
echo " ${progname} afd windows local" echo " ${progname} afd windows local"
echo " ${progname} -t oracle windows" echo " ${progname} -t oracle windows"
echo " ${progname} -p 39446"
echo echo
echo "=========" echo "========="
echo " Options " echo " Options "
echo "=========" echo "========="
echo " -c, --case Perform a case-sensitive search (Default is inSEnsITiVe)." echo " -c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe)."
echo " -e, --exact Perform an EXACT match on exploit title (Default is AND) [Implies \"-t\"]." echo " -e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies \"-t\"]."
echo " -h, --help Show this help screen." echo " -h, --help Show this help screen."
echo " -j, --json Show result in JSON format." echo " -j, --json [Term] Show result in JSON format."
echo " -m, --mirror Mirror (Copy) exploit to current path." echo " -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory."
echo " -o, --overflow Exploit title's are allowed to overflow their columns." echo " -o, --overflow [Term] Exploit titles are allowed to overflow their columns."
echo " -p, --path Show the full path to an exploit (Copies path to clipboard if possible)." echo " -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible)."
echo " -t, --title Search just the exploit title (Default is title AND the file's path)." echo " -t, --title [Term] Search JUST the exploit title (Default is title AND the file's path)."
echo " -u, --update Update exploit database from git." echo " -u, --update Update the database via Git."
echo " -w, --www Show URLs to Exploit-DB.com rather than local path." echo " -w, --www [Term] Show URLs to Exploit-DB.com rather than the local path."
echo " -x, --examine Examine exploit in terminal pager." echo " -x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER."
echo " --colour Disable colour highlighting." echo " --colour Disable colour highlighting in search results."
echo " --id Display EDB-ID value rather than local path." echo " --id Display the EDB-ID value rather than local path."
echo echo
echo "=======" echo "======="
echo " Notes " echo " Notes "
echo "=======" echo "======="
echo " * Use any number of search terms." echo " * You can use any number of search terms."
echo " * Search terms are not case sensitive, and order is irrelevant." echo " * Search terms are not case-sensitive (by default), and ordering is irrelevant."
echo " * Use '-c' if you wish to reduce results by case-sensitive searching." echo " * Use '-c' if you wish to reduce results by case-sensitive searching."
echo " * And/Or '-e' if you wish to filter results by using an exact match." echo " * And/Or '-e' if you wish to filter results by using an exact match."
echo " * Use '-t' to exclude the file's path to filter the search results." echo " * Use '-t' to exclude the file's path to filter the search results."
echo " * Remove false positives (especially when searching numbers/major versions)." echo " * Remove false positives (especially when searching using numbers - i.e. versions)."
echo " * When updating from git or displaying help, search terms will be ignored." echo " * When updating from git or displaying help, search terms will be ignored."
echo "" echo ""
exit 2 exit 2
@ -161,10 +167,14 @@ for param in "$@"; do
usage >&2 usage >&2
elif [[ "${param}" == "--json" ]]; then elif [[ "${param}" == "--json" ]]; then
JSON=1 JSON=1
elif [[ "${param}" == "--mirror" ]]; then
GETPATH=1
MIRROR=1
elif [[ "${param}" == "--overflow" ]]; then elif [[ "${param}" == "--overflow" ]]; then
OVERFLOW=1 OVERFLOW=1
elif [[ "${param}" == "--path" ]]; then elif [[ "${param}" == "--path" ]]; then
GETPATH=1 GETPATH=1
CLIPBOARD=1
elif [[ "${param}" == "--title" ]]; then elif [[ "${param}" == "--title" ]]; then
FILEPATH=0 FILEPATH=0
elif [[ "${param}" == "--update" ]]; then elif [[ "${param}" == "--update" ]]; then
@ -196,9 +206,9 @@ while getopts "cehjmoptuwx" arg "${ARGS}"; do
e) EXACT=1;; e) EXACT=1;;
h) usage >&2;; h) usage >&2;;
j) JSON=1;; j) JSON=1;;
m) COPY_EXPLOIT=1;; m) GETPATH=1; MIRROR=1;;
o) OVERFLOW=1;; o) OVERFLOW=1;;
p) GETPATH=1;; p) GETPATH=1; CLIPBOARD=1;;
t) FILEPATH=0;; t) FILEPATH=0;;
u) update;; u) update;;
w) WEBLINK=1;; w) WEBLINK=1;;
@ -210,59 +220,70 @@ done
## Print the full path. If pbcopy/xclip is available then copy to the clipboard ## Print the full path. If pbcopy/xclip is available then copy to the clipboard
if [[ "${GETPATH}" -eq 1 ]]; then if [[ "${GETPATH}" -eq 1 ]]; then
## Get EDB-ID from input
edbdb="$( echo ${TAGS} | tr -dc '0-9' )"
## Check files.csv
location=$( cut -d, -f2 "${csvpath}" | grep -m 1 -E "/${edbdb}(\..*)?$" )
title=$( grep -m 1 "${location}" "${csvpath}" | cut -d, -f3 | sed 's/"//g')
## Join paths
location="${gitpath}/${location}"
## Did we find the exploit? for exploit in $(echo ${TAGS}); do
if [[ -f "${location}" ]]; then ## Get EDB-ID from input
## Display out edbdb="$( echo ${exploit} | tr -dc '0-9' )"
echo "Exploit: ${title}"
echo " Path: ${location}"
echo ""
## Are any copy programs available? ## Check files.csv
if hash xclip 2>/dev/null || hash pbcopy 2>/dev/null; then location=$( cut -d, -f2 "${csvpath}" | grep -m 1 -E "/${edbdb}(\..*)?$" )
## Linux title=$( grep -m 1 "${location}" "${csvpath}" | cut -d, -f3 | sed 's/"//g' )
if hash xclip 2>/dev/null; then
echo -ne "${location}" | xclip -selection clipboard ## Join paths
echo "Copied the file path to the clipboard." location="${gitpath}/${location}"
## OSX
elif hash pbcopy 2>/dev/null; then ## Did we find the exploit?
echo -ne "${location}" | pbcopy if [[ -f "${location}" ]]; then
echo "Copied the file path to the clipboard." ## Display out
echo "Exploit: ${title}"
echo " URL: https://www.exploit-db.com/exploits/${edbdb}/"
echo " Path: ${location}"
echo ""
## Copy to clipboard?
if [[ "${CLIPBOARD}" -eq 1 ]]; then
## Are any copy programs available?
if hash xclip 2>/dev/null || hash pbcopy 2>/dev/null; then
## Linux
if hash xclip 2>/dev/null; then
echo -ne "${location}" | xclip -selection clipboard
echo "Copied EDB-ID ${edbdb}'s path to the clipboard."
## OSX
elif hash pbcopy 2>/dev/null; then
echo -ne "${location}" | pbcopy
echo "Copied EDB-ID ${edbdb}'s path to the clipboard."
fi
fi
## Done (early!)
exit 0
fi fi
fi
if [[ "${EXAMINE}" -eq 1 ]]; then ## Open the exploit up?
if [[ "${PAGER}" ]]; then if [[ "${EXAMINE}" -eq 1 ]]; then
/bin/sh -c ${PAGER} ${location} if [[ "${PAGER}" ]]; then
elif [[ -f "$(which pager 2> /dev/null)" ]]; then /bin/sh -c "${PAGER} ${location}"
pager ${location} elif [[ -f "$( which pager 2>/dev/null )" ]]; then
else pager "${location}"
less ${location} else
less "${location}"
fi
echo -e "\n"
fi fi
if [[ "${MIRROR}" -eq 1 ]]; then
echo "Copied to '$(pwd)/'"
cp -i "${location}" "$(pwd)/"
echo -e "\n"
fi
else
## Feedback
echo "Could not find EDB-ID #${edbdb}"
echo -e "\n"
fi fi
## Done
exit 0
else
## Feedback
echo "Could not find exploit EDB-ID #${edbdb}"
## Quit
exit 1
fi
fi
if [[ "${COPY_EXPLOIT}" -eq 1 ]]; then
for exploit in $TAGS; do
find ${cvspath} -name ${exploit}'.*' -exec cp {} . \; -exec echo 'Copied {} to '$(pwd) \;
done done
## Done
exit 0 exit 0
fi fi