bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed a few minor bugs in SearchSploit & more verbose output.

Browse source
This commit is contained in:
g0tmi1k 2016-09-16 16:22:52 +01:00
parent 5fefdd465d
commit a53a982fb2
2 changed files with 124 additions and 93 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
README.md
View file

@ -1,4 +1,4 @@
The Exploit-Database Git Repository
The Exploit Database Git Repository
===================================
This is the official repository of [The Exploit Database](https://www.exploit-db.com/), a project sponsored by [Offensive Security](https://www.offensive-security.com/).
@ -12,36 +12,40 @@ Included with this repository is the **searchsploit** utility, which will allow
```
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
Example:
=========
Examples
=========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json Show result in JSON format.
-m, --mirror Mirror (Copy) exploit to current path.
-o, --overflow Exploit title's are allowed to overflow their columns.
-p, --path Show the full path to an exploit (Copies path to clipboard if possible).
-t, --title Search just the exploit title (Default is title AND the file's path).
-u, --update Update exploit database from git.
-w, --www Show URLs to Exploit-DB.com rather than local path.
-x, --examine Examine exploit in terminal pager.
--colour Disable colour highlighting.
--id Display EDB-ID value rather than local path.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Update the database via Git.
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
=======
Notes
=======
* Use any number of search terms.
* Search terms are not case sensitive, and order is irrelevant.
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching numbers/major versions).
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
@ -50,12 +54,18 @@ root@kali:~# searchsploit afd windows local
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows 2003/XP - afd.sys Privilege Escalation Exploit (K-plugin) | ./windows/local/6757.txt
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) | ./windows/local/6757.txt
Microsoft Windows XP - afd.sys Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows XP/2003 - afd.sys Local Privilege Escalation Exploit (MS11-080)| ./windows/local/18176.py
Microsoft Windows - AfdJoinLeaf Privilege Escalation (MS11-080) | ./windows/local/21844.rb
Microsoft Windows - afd.sys Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - afd.sys Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied the file path to the clipboard.
root@kali:~#
```

101
searchsploit
View file

@ -1,6 +1,6 @@
#!/bin/bash
# Name: SearchSploit - Exploit-DB's CLI search tool
# Version: 3.4 (Release date: 2016-08-17)
# Version: 3.5 (Release date: 2016-09-16)
# Written by: Offensive Security, Unix-Ninja & g0tmi1k
# Homepage: https://github.com/offensive-security/exploit-database
#
@ -22,22 +22,23 @@ progname="$( basename "$0" )"
## Default options
CLIPBOARD=0
COLOUR=1
COPY_EXPLOIT=0
EDBID=0
EXACT=0
EXAMINE=0
FILEPATH=1
GETPATH=0
JSON=0
MIRROR=0
OVERFLOW=0
WEBLINK=0
SCASE=0
WEBLINK=0
COLOUR_TAG=""
TAGS=""
SEARCH=""
CASE_TAG_GREP="-i"
CASE_TAG_FGREP="tolower"
COLOUR_TAG=""
SEARCH=""
## Set LANG variable to avoid illegal byte sequence errors
@ -55,36 +56,41 @@ fi
function usage()
{
echo " Usage: ${progname} [options] term1 [term2] ... [termN]"
echo "Example:"
echo
echo "=========="
echo " Examples "
echo "=========="
echo " ${progname} afd windows local"
echo " ${progname} -t oracle windows"
echo " ${progname} -p 39446"
echo
echo "========="
echo " Options "
echo "========="
echo " -c, --case Perform a case-sensitive search (Default is inSEnsITiVe)."
echo " -e, --exact Perform an EXACT match on exploit title (Default is AND) [Implies \"-t\"]."
echo " -c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe)."
echo " -e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies \"-t\"]."
echo " -h, --help Show this help screen."
echo " -j, --json Show result in JSON format."
echo " -m, --mirror Mirror (Copy) exploit to current path."
echo " -o, --overflow Exploit title's are allowed to overflow their columns."
echo " -p, --path Show the full path to an exploit (Copies path to clipboard if possible)."
echo " -t, --title Search just the exploit title (Default is title AND the file's path)."
echo " -u, --update Update exploit database from git."
echo " -w, --www Show URLs to Exploit-DB.com rather than local path."
echo " -x, --examine Examine exploit in terminal pager."
echo " --colour Disable colour highlighting."
echo " --id Display EDB-ID value rather than local path."
echo " -j, --json [Term] Show result in JSON format."
echo " -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory."
echo " -o, --overflow [Term] Exploit titles are allowed to overflow their columns."
echo " -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible)."
echo " -t, --title [Term] Search JUST the exploit title (Default is title AND the file's path)."
echo " -u, --update Update the database via Git."
echo " -w, --www [Term] Show URLs to Exploit-DB.com rather than the local path."
echo " -x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER."
echo " --colour Disable colour highlighting in search results."
echo " --id Display the EDB-ID value rather than local path."
echo
echo "======="
echo " Notes "
echo "======="
echo " * Use any number of search terms."
echo " * Search terms are not case sensitive, and order is irrelevant."
echo " * You can use any number of search terms."
echo " * Search terms are not case-sensitive (by default), and ordering is irrelevant."
echo " * Use '-c' if you wish to reduce results by case-sensitive searching."
echo " * And/Or '-e' if you wish to filter results by using an exact match."
echo " * Use '-t' to exclude the file's path to filter the search results."
echo " * Remove false positives (especially when searching numbers/major versions)."
echo " * Remove false positives (especially when searching using numbers - i.e. versions)."
echo " * When updating from git or displaying help, search terms will be ignored."
echo ""
exit 2
@ -161,10 +167,14 @@ for param in "$@"; do
usage >&2
elif [[ "${param}" == "--json" ]]; then
JSON=1
elif [[ "${param}" == "--mirror" ]]; then
GETPATH=1
MIRROR=1
elif [[ "${param}" == "--overflow" ]]; then
OVERFLOW=1
elif [[ "${param}" == "--path" ]]; then
GETPATH=1
CLIPBOARD=1
elif [[ "${param}" == "--title" ]]; then
FILEPATH=0
elif [[ "${param}" == "--update" ]]; then
@ -196,9 +206,9 @@ while getopts "cehjmoptuwx" arg "${ARGS}"; do
e) EXACT=1;;
h) usage >&2;;
j) JSON=1;;
m) COPY_EXPLOIT=1;;
m) GETPATH=1; MIRROR=1;;
o) OVERFLOW=1;;
p) GETPATH=1;;
p) GETPATH=1; CLIPBOARD=1;;
t) FILEPATH=0;;
u) update;;
w) WEBLINK=1;;
@ -210,11 +220,15 @@ done
## Print the full path. If pbcopy/xclip is available then copy to the clipboard
if [[ "${GETPATH}" -eq 1 ]]; then
for exploit in $(echo ${TAGS}); do
## Get EDB-ID from input
edbdb="$( echo ${TAGS} | tr -dc '0-9' )"
edbdb="$( echo ${exploit} | tr -dc '0-9' )"
## Check files.csv
location=$( cut -d, -f2 "${csvpath}" | grep -m 1 -E "/${edbdb}(\..*)?$" )
title=$( grep -m 1 "${location}" "${csvpath}" | cut -d, -f3 | sed 's/"//g' )
## Join paths
location="${gitpath}/${location}"
@ -222,47 +236,54 @@ if [[ "${GETPATH}" -eq 1 ]]; then
if [[ -f "${location}" ]]; then
## Display out
echo "Exploit: ${title}"
echo " URL: https://www.exploit-db.com/exploits/${edbdb}/"
echo " Path: ${location}"
echo ""
## Copy to clipboard?
if [[ "${CLIPBOARD}" -eq 1 ]]; then
## Are any copy programs available?
if hash xclip 2>/dev/null || hash pbcopy 2>/dev/null; then
## Linux
if hash xclip 2>/dev/null; then
echo -ne "${location}" | xclip -selection clipboard
echo "Copied the file path to the clipboard."
echo "Copied EDB-ID ${edbdb}'s path to the clipboard."
## OSX
elif hash pbcopy 2>/dev/null; then
echo -ne "${location}" | pbcopy
echo "Copied the file path to the clipboard."
echo "Copied EDB-ID ${edbdb}'s path to the clipboard."
fi
fi
## Done (early!)
exit 0
fi
## Open the exploit up?
if [[ "${EXAMINE}" -eq 1 ]]; then
if [[ "${PAGER}" ]]; then
/bin/sh -c ${PAGER} ${location}
/bin/sh -c "${PAGER} ${location}"
elif [[ -f "$( which pager 2>/dev/null )" ]]; then
pager ${location}
pager "${location}"
else
less ${location}
less "${location}"
fi
echo -e "\n"
fi
## Done
exit 0
if [[ "${MIRROR}" -eq 1 ]]; then
echo "Copied to '$(pwd)/'"
cp -i "${location}" "$(pwd)/"
echo -e "\n"
fi
else
## Feedback
echo "Could not find exploit EDB-ID #${edbdb}"
## Quit
exit 1
echo "Could not find EDB-ID #${edbdb}"
echo -e "\n"
fi
fi
if [[ "${COPY_EXPLOIT}" -eq 1 ]]; then
for exploit in $TAGS; do
find ${cvspath} -name ${exploit}'.*' -exec cp {} . \; -exec echo 'Copied {} to '$(pwd) \;
done
## Done
exit 0
fi