bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SearchSploit v4 - Now with paper support!

Browse source
This commit is contained in:
g0tmi1k 2018-01-23 11:33:41 +00:00
parent ae615f0abc
commit b7c71cdfb9
3 changed files with 439 additions and 225 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
.searchsploit_rc Normal file
View file

@ -0,0 +1,26 @@
##-- Program Settings
progname="$( basename "$0" )"
##-- Exploits
files_array+=("files_exploits.csv")
path_array+=("/opt/exploit-database")
name_array+=("Exploit")
git_array+=("https://github.com/offensive-security/exploit-database.git")
package_array+=("exploitdb")
##-- Shellcodes
files_array+=("files_shellcodes.csv")
path_array+=("/opt/exploit-database")
name_array+=("Shellcode")
git_array+=("https://github.com/offensive-security/exploit-database.git")
package_array+=("exploitdb")
##-- Papers
files_array+=("files_papers.csv")
path_array+=("/opt/exploit-database-papers")
name_array+=("Paper")
git_array+=("https://github.com/offensive-security/exploit-database-papers.git")
package_array+=("exploitdb-papers")

68
README.md
View file

@ -1,4 +1,5 @@
# The Exploit Database Git Repository
This is an official repository of [The Exploit Database](http://www.exploit-db.com/), a [project](https://www.offensive-security.com/community-projects/) sponsored by [Offensive Security](https://www.offensive-security.com/).
Our repositories are:
@ -9,12 +10,22 @@ Our repositories are:
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of [exploits](https://www.exploit-db.com/browse/), [shellcode](https://www.exploit-db.com/shellcode/) and [papers](https://www.exploit-db.com/papers/) gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and Proof-of-Concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
You can learn more about the project [here (about)](https://www.exploit-db.com/about-exploit-db/) and [here (history)](https://www.exploit-db.com/history/).
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our [binary sploits repository](https://github.com/offensive-security/exploit-database-bin-sploits).
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our [binary exploits repository](https://github.com/offensive-security/exploit-database-bin-sploits).
Exploits are located in the `/exploit/` directory, shellcodes can be found in the `/shellcode/` directory.
Included with this repository is the **SearchSploit** utility, which will allow you to search through exploits and shellcodes using one or more terms.
For more information, please see the [SearchSploit manual](https://www.exploit-db.com/searchsploit/).
## License
This project is released under "[GNU General Public License v2.0](https://github.com/offensive-security/exploit-database/blob/master/LICENSE.md)".
- - -
# SearchSploit
Included with this repository is the **SearchSploit** utility, which will allow you to search through exploits, shellcodes and papers _(if installed)_ using one or more terms.
For more information, please see the **[SearchSploit manual](https://www.exploit-db.com/searchsploit/)**.
## Usage/Example
```
root@kali:~# searchsploit -h
@ -64,6 +75,7 @@ root@kali:~# searchsploit -h
root@kali:~#
root@kali:~# searchsploit afd windows local
---------------------------------------------------------------------------------------- -----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/)
@ -77,15 +89,53 @@ Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service
Microsoft Windows XP/2003 - 'afd.sys' Local Privilege Escalation (K-plugin) (MS08-066) | exploits/windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Local Privilege Escalation (MS11-080) | exploits/windows/local/18176.py
---------------------------------------------------------------------------------------- -----------------------------------
Shellcodes: No Result
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/exploits/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/exploits/win_x86/local/39446.py
File Type: Python script, ASCII text executable, with CRLF line terminators
Copied EDB-ID #39446's path to the clipboard.
root@kali:~#
```
SearchSploit requires either "CoreUtils" or "utilities" (e.g. `bash`, `sed`, `grep`, `awk`, etc.) for the core features to work. The self updating function will require `git`, and the Nmap XML option to work, will require `xmllint` (found in the `libxml2-utils` package in Debian-based systems).
## Install
SearchSploit requires either "CoreUtils" or "utilities" (e.g. `bash`, `sed`, `grep`, `awk`, etc.) for the core features to work.
The self updating function will require `git`, and the Nmap XML option to work, will require `xmllint` (found in the `libxml2-utils` package in Debian-based systems).
You can find a **more in-depth guide in the [SearchSploit manual](https://www.exploit-db.com/searchsploit/)**.
**Kali Linux**
Exploit-DB/SearchSploit is already packaged inside of Kali-Linux. A simple straightforward is to:
```
root@kali:~# apt -y install exploitdb
```
_NOTE: Optional is to install the additional packages:_
```
root@kali:~# apt -y install exploitdb-bin-sploits exploitdb-papers
```
**Git**
In short: clone the repository, add the binary into $PATH, and edit the config file to reflect the git path:
```
$ sudo git clone https://github.com/offensive-security/exploit-database.git /opt/exploit-database
$ sudo ln -sf /opt/exploit-database/searchsploit /usr/local/bin/searchsploit
$ sed 's|path_array+=(.*)|path_array+=("/opt/exploit-database")|g' /opt/exploit-database/.searchsploit_rc > ~/.searchsploit_rc
```
## Credit
The following people made this possible:
- [Offensive Security](https://www.offensive-security.com/)
- [Unix-Ninja](https://github.com/unix-ninja)
- [g0tmi1k](https://blog.g0tmi1k.com/)

570
searchsploit
View file

@ -1,6 +1,6 @@
#!/bin/bash
# Name: SearchSploit - Exploit-DB's CLI search tool
# Version: 3.8.8 (Release date: 2017-11-28)
# Version: 4.0.0 (Release date: 2018-01-23)
# Written by: Offensive Security, Unix-Ninja, and g0tmi1k
# Homepage: https://github.com/offensive-security/exploit-database
# Manual: https://www.exploit-db.com/searchsploit/
@ -9,18 +9,12 @@
# Exit code '0' means finished normally
# Exit code '1' means something went wrong
# Exit code '2' means help screen
# Exit code '6' means updated exploitdb package (APT or Git)
# Exit code '6' means updated packages (APT, brew or Git)
#-----------------------------------------------------------------------------#
## OS settings (get the path of where the script is stored + database file)
gitpath="/opt/exploit-database"
csvpathexploits="${gitpath}/files_exploits.csv"
csvpathshellcode="${gitpath}/files_shellcodes.csv"
## Program settings
gitremote="https://github.com/offensive-security/exploit-database.git"
progname="$( basename "$0" )"
## Settings File
rc_file=""
## Default options
@ -48,12 +42,14 @@ AWK_SEARCH=""
COLOUR_OFF_GREP=
COLOUR_ON_GREP=
## Check if our grep supports --color
if grep --help 2>&1 | grep "[-]-color" >/dev/null 2>&1 ; then
COLOUR_OFF_GREP="--color=never"
COLOUR_ON_GREP="--color=always"
fi
## Set LANG variable to avoid illegal byte sequence errors
LANG=C
@ -112,22 +108,41 @@ function usage()
## Update database check
function update()
{
# Update from the repos (e.g. Kali)
dpkg -l exploitdb 2>/dev/null >/dev/null
if [[ "$?" == "0" ]]; then
updatedeb
exit 6
fi
arraylength="${#files_array[@]}"
for (( i=0; i<${arraylength}; i++ )); do
## Check to see if we already have the value
[[ "${tmp_package[*]}" =~ "${package_array[${i}]}" ]] && continue
# Update from homebrew (e.g. OSX)
brew 2>/dev/null >/dev/null
if [[ "$?" == "0" ]]; then
# This only really updates ./searchsploit
updatedbrew
fi
## Else save all the information
tmp_git+=("${git_array[${i}]}")
tmp_path+=("${path_array[${i}]}")
tmp_package+=("${package_array[${i}]}")
done
# Update via Git
updategit
## Loop around all the new arrays
arraylength="${#tmp_git[@]}"
for (( i=0; i<${arraylength}; i++ )); do
git="${tmp_git[${i}]}"
path="${tmp_path[${i}]}"
package="${tmp_package[${i}]}"
# Update from the repos (e.g. Kali)
dpkg -l "${package}" 2>/dev/null >/dev/null
if [[ "$?" == "0" ]]; then
updatedeb "${package}"
else
# Update from homebrew (e.g. OSX)
brew 2>/dev/null >/dev/null
if [[ "$?" == "0" ]]; then
# This only really only updates "./searchsploit". The rest (can) come via git as its updated more frequently
updatedbrew "${package}"
fi
# Update via Git
updategit "${package}" "${path}" "${git}"
fi
done
# Done
exit 6
@ -137,55 +152,65 @@ function update()
## Update database (via .deb/apt)
function updatedeb()
{
echo -e "[i] Updating via APT package management (Expect weekly-ish updates).\n"
package_in="${1}"
echo -e "[i] Updating via apt package management (Expect weekly-ish updates): ${package_in}\n"
sudo apt update \
|| echo -e "\n[-] Issue with apt update (Please check network connectivity & APT SourcesList values)." 1>&2
sudo apt -y install exploitdb \
|| echo -e "\n[-] Issue with apt update (Please check network connectivity & apt SourcesList values)." 1>&2
sudo apt -y install "${package_in}" \
|| echo -e "\n[-] Issue with apt upgrade." 1>&2
echo -e "\n[*] APT update finished."
echo -e "\n[*] apt update finished."
}
## Update database (via homebrew)
function updatedbrew()
{
package_in="${1}"
echo -e "[i] Updating via brew package management.\n"
brew update \
|| echo -e "\n[-] Issue with brew update (Please check network connectivity)." 1>&2
brew upgrade exploitdb
brew upgrade "${package_in}"
echo -e "\n[*] Brew update finished."
}
## Update database (via Git)
function updategit()
{
echo -e "[i] Updating via Git (Expect daily updates): ${gitpath}\n"
package_in="${1}"
path_in="${2}"
git_in="${3}"
echo -e "[i] Updating via Git (Expect daily updates): ${package_in} ~ ${path_in}\n"
## Make sure we are in the correct folder
mkdir -p "${gitpath}/" 2>/dev/null \
|| sudo mkdir -p "${gitpath}/"
cd "${gitpath}/"
mkdir -p "${path_in}/" 2>/dev/null \
|| sudo mkdir -p "${path_in}/"
cd "${path_in}/"
## Are we in a Git repo?
if [[ "$( git rev-parse --is-inside-work-tree 2>/dev/null )" != "true" ]]; then
if [[ "$( ls )" = "" ]]; then
# If directory is empty, just clone
echo -e "\n[-] Nothing here (${gitpath}). Starting fresh..."
git clone "${gitremote}" "${gitpath}/" 2>/dev/null \
|| sudo git clone "${gitremote}" "${gitpath}/"
echo -e "\n[-] Nothing here (${path_in}). Starting fresh..."
git clone -v "${git_in}" "${path_in}/" 2>/dev/null \
|| sudo git clone -v "${git_in}" "${path_in}/"
fi
fi
# Is our Git remote added? (aka wouldn't be via homebrew method)
if [[ "$( git remote -v )" != *"upstream"*"${gitremote}"* ]]; then
echo -e "\n[-] Missing Git remote upstream (${gitremote})"
if [[ "$( git remote -v )" != *"upstream"*"${git_in}"* ]]; then
echo -e "\n[-] Missing Git remote upstream (${git_in})"
git init 2>/dev/null \
|| sudo git init
git remote add upstream "${gitremote}" 2>/dev/null \
|| sudo git remote add upstream "${gitremote}"
git remote add upstream "${git_in}" 2>/dev/null \
|| sudo git remote add upstream "${git_in}"
fi
# Make sure to prep checkout first
@ -194,21 +219,20 @@ function updategit()
# Update from git
echo -e "\n[i] Git pull'ing"
git pull upstream master 2>/dev/null \
|| sudo git pull upstream master
git pull -v upstream master 2>/dev/null \
|| sudo git pull -v upstream master
# If conflicts, clean and try again
if [[ "$?" -ne 0 ]]; then
echo -e "\n[-] Git conflict"
git clean -d -fx "" \
|| sudo git clean -d -fx ""
git pull upstream master \
|| sudo git pull upstream master
git pull -v upstream master \
|| sudo git pull -v upstream master
fi
echo -e "\n[*] Git update finished."
echo "[i] Path: ${gitpath}/"
exit 6
echo "[i] Path: ${path_in}/"
}
@ -239,8 +263,11 @@ function validterm()
|| [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "ssh" ] \
|| [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "unknown" ]; then
echo -e "[-] Skipping term: ${1} (Term is too general. Please re-search manually: $0 ${arg} ${1})\n" 1>&2
## Issues, return with something
return 1
fi
## No issues, return without anything
return 0
}
@ -249,9 +276,7 @@ function validterm()
function searchsploitout()
{
## Make sure there is a value
if [ "${software}" = "" ]; then
return
fi
[ "${software}" = "" ] && return
#echo "" 1>&2
@ -373,41 +398,215 @@ function nmapxml()
## Build search terms
function buildterms()
{
tag="${1}"
tag_in="${1}"
## If we are to use colour ("--colour"), add the values to search for between "or"
if [[ "${COLOUR}" -eq 1 ]]; then
if [[ "${COLOUR_TAG}" ]]; then
COLOUR_TAG="${COLOUR_TAG}|"
fi
COLOUR_TAG="${COLOUR_TAG}${tag}"
[[ "${COLOUR_TAG}" ]] && COLOUR_TAG="${COLOUR_TAG}|"
COLOUR_TAG="${COLOUR_TAG}${tag_in}"
fi
## Search both title AND path
if [[ "${FILEPATH}" -eq 1 ]]; then
## Search command for each term (with case sensitive flag, "-c")
SEARCH="${SEARCH} | grep ${COLOUR_OFF_GREP} -F ${CASE_TAG_GREP} \"${tag}\""
SEARCH="${SEARCH} | grep ${COLOUR_OFF_GREP} -F ${CASE_TAG_GREP} \"${tag_in}\""
## Search just the title, NOT the path ("-t"/"-e")
else
## If there is already a value, prepend text to get ready
if [[ "${AWK_SEARCH}" ]]; then
AWK_SEARCH="${AWK_SEARCH}/ && ${CASE_TAG_FGREP}(\$2) ~ /"
fi
[[ "${AWK_SEARCH}" ]] && AWK_SEARCH="${AWK_SEARCH}/ && ${CASE_TAG_FGREP}(\$3) ~ /"
## Escape any slashes
tag="$( echo ${tag} | sed 's_/_\\/_g' )"
tag_in="$( echo ${tag_in} | sed 's_/_\\/_g' )"
## Case sensitive ("-c")?
if [[ "${SCASE}" -eq 1 ]]; then
AWK_SEARCH="${AWK_SEARCH}${tag}"
AWK_SEARCH="${AWK_SEARCH}${tag_in}"
else
AWK_SEARCH="${AWK_SEARCH}$( echo ${tag} | tr '[:upper:]' '[:lower:]' )"
AWK_SEARCH="${AWK_SEARCH}$( echo ${tag_in} | tr '[:upper:]' '[:lower:]' )"
fi
fi
}
## Check for empty args
## Read in the values from files_*.csv
function findresults()
{
file_in="${1}"
path_in="${2}"
name_in="${3}"
[[ "${name_in}" == "Paper"* ]] && url="papers" || url="exploits"
## JSON require full options
if [[ "${JSON}" -eq 1 ]]; then
## Read in (id, title, path, date, author, type, platform) separated between commas
SEARCH="awk -F '[,]' '{print \$1\",\"\$2\",\"\$3\",\"\$4\",\"\$5\",\"\$6\",\"\$7}' \"${path_in}/${file_in}\""
else
## Read in (id, title, path) separated between commas (as these are the only visible fields)
SEARCH="awk -F '[,]' '{print \$1\",\"\$2\",\"\$3}' \"${path_in}/${file_in}\""
fi
## EXACT search command ("-e")?
if [[ "${EXACT}" -eq 1 ]]; then
buildterms "${TAGS}"
## or AND search command?
else
## For each term
for TAG in ${TAGS}; do
buildterms "${TAG}"
done
fi
## If we are NOT to use the path name ("-t"/"-e")
[[ "${FILEPATH}" -eq 0 ]] && SEARCH="${SEARCH} | awk -F '[,]' '${CASE_TAG_FGREP}(\$3) ~ /${AWK_SEARCH}/ {print}'"
## If we are to use colour ("--colour"), add the value here
if [[ "${COLOUR_TAG}" ]] && [[ "${JSON}" -eq 0 ]]; then
COLOUR_TAG="grep ${COLOUR_ON_GREP} -iE \"${COLOUR_TAG}|$\""
fi
## Dynamically set column widths to the current screen size
[[ "${WEBLINK}" -eq 1 ]] && COL2=45 || COL2=$(( ${#path_in} + 20 ))
COL1=$(( $( tput cols ) - COL2 - 1 ))
## Search, format, and print results (--overflow)
if [[ "${OVERFLOW}" -eq 1 ]]; then
FORMAT=${COL1}
else
FORMAT=${COL1}'.'${COL1}
fi
## Strip un-wanted values
SEARCH="${SEARCH} | sed 's/\"//g'"
## Remove any terms not wanted from the search
[[ "${EXCLUDE}" ]] && SEARCH="${SEARCH} | grep -vEi '${EXCLUDE}'"
## Magic search Fu
## Print JSON format (full options) ("--json")?
if [[ "${JSON}" -eq 1 ]]; then
## Web link format ("--json --www")?
if [[ "${WEBLINK}" -eq 1 ]]; then
OUTPUT="$( eval ${SEARCH} \
| awk -F ',' '{ printf "\\n\\t\\t'{'\"Title\":\"%s\",\"URL\":\"https://www.exploit-db.com/'${url}'/%s/\"},", $3, $1 }' )"
## Just the EDB-ID ("--json --id")?
elif [[ "${EDBID}" -eq 1 ]]; then
OUTPUT="$( eval ${SEARCH} \
| awk -F ',' '{ printf "\\n\\t\\t'{'\"Title\":\"%s\",\"EDB-ID\":\"%s\",\"Path\":\"'${path_in}/'%s\"},", $3, $1, $2 }' )"
## Default JSON ("--json")?
else
OUTPUT="$( eval ${SEARCH} \
| awk -F ',' '{ printf "\\n\\t\\t'{'\"Title\":\"%s\",\"EDB-ID\":\"%s\",\"Date\":\"%s\",\"Author\":\"%s\",\"Type\":\"%s\",\"Platform\":\"%s\",\"Path\":\"'${path_in}/'%s\"},", $3, $1, $4, $5, $6, $7, $2 }' )"
fi
OUTPUT="$( echo -e ${OUTPUT} \
| sort \
| sed '$ s/,$//' )"
## Web link format ("--www")?
elif [[ "${WEBLINK}" -eq 1 ]]; then
OUTPUT="$( eval ${SEARCH} \
| awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, "https://www.exploit-db.com/'${url}'/"$1"/"}' \
| sort )"
## Just the EDB-ID ("--id")?
elif [[ "${EDBID}" -eq 1 ]]; then
OUTPUT="$( eval ${SEARCH} \
| awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, $1 }' \
| sort )"
## Default view
else
OUTPUT="$( eval ${SEARCH} \
| awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, $2 }' \
| sort )"
fi
## Display colour highlights ("--colour")?
if [[ "${COLOUR_TAG}" ]] && [[ "${JSON}" -eq 0 ]]; then
[[ "${OUTPUT}" ]] && OUTPUT=$( echo -e "${OUTPUT}" | eval ${COLOUR_TAG} )
fi
}
function printresults()
{
title_in="${1}"
path_in="${2}"
json_title="$(echo ${title_in} | tr /a-z/ /A-Z/)"
## Print header if in JSON ("--json")
if [[ "${JSON}" -eq 1 ]]; then
printf ",\n\t\"DB_PATH_${json_title}\": \"${path_in}\",\n"
printf "\t\"RESULTS_${json_title}\": ["
## ASCII table
else
drawline
printf "%-${COL1}s %s" " ${title_in} Title"
if [[ "${WEBLINK}" -eq 1 ]]; then
echo "| URL"
elif [[ "${EDBID}" -eq 1 ]]; then
echo "| EDB-ID"
else
echo "| Path"
#echo " > Results (0)"
printf "%-${COL1}s "
echo "| (${path_in}/)"
fi
drawline
fi
## Show content
[[ "${OUTPUT}" ]] && echo "${OUTPUT}"
## Print footer if in JSON ("--json")
if [[ "${JSON}" -eq 1 ]]; then
printf "\t]"
else
drawline
fi
}
#-----------------------------------------------------------------------------#
## Locate setting file
## User home folder config
if [[ -f "${HOME}/.searchsploit_rc" ]]; then
rc_file="${HOME}/.searchsploit_rc"
## Global config
elif [[ -f "/etc/searchsploit_rc" ]]; then
rc_file="/etc/searchsploit_rc"
## Method #1 - File itself
elif [[ -f "$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)/.searchsploit_rc" ]]; then
rc_file="$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)/.searchsploit_rc"
## Method #2 - Symbolic link
elif [[ -f "$(dirname "$(readlink "$0")")/.searchsploit_rc" ]]; then
rc_file="$(dirname "$(readlink "$0")")/.searchsploit_rc"
## Manually specified?
elif [[ ! -f "${rc_file}" ]]; then
echo "[!] Could not find: rc_file ~ ${rc_file}"
exit 1
fi
## Use config file
source "${rc_file}"
#-----------------------------------------------------------------------------#
## Check for empty arguments
if [[ $# -eq 0 ]]; then
usage >&2
fi
@ -486,14 +685,40 @@ while getopts "cehjmnoptuvwx" arg "${ARGS}"; do
done
## If we cannot find files_*.csv
if [[ ! -f "${csvpathexploits}" ]]; then
echo "[!] Could not find: ${csvpathexploits}"
exit 1
elif [[ ! -f "${csvpathshellcode}" ]]; then
echo "[!] Could not find: ${csvpathshellcode}"
exit 1
fi
#-----------------------------------------------------------------------------#
## Check for files_*.csv
arraylength="${#files_array[@]}"
for (( i=0; i<${arraylength}; i++ )); do
files="${path_array[${i}]}/${files_array[${i}]}"
if [[ -f "${files}" ]]; then
continue
## Method #1 - File itself
elif [[ -f "$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)/${files_array[${i}]}" ]]; then
echo "[i] Found (#1): $(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)/${files_array[${i}]}"
echo "[i] To remove this message, please edit \"${rc_file}\" for \"${files_array[${i}]}\" (package_array: ${package_array[${i}]})"
path_array[${i}]="$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)"
## Method #2 - Symbolic link
elif [[ -f "$(dirname "$(readlink "$0")")/${files_array[${i}]}" ]]; then
echo "[i] Found (#2): $(dirname "$(readlink "$0")")/${files_array[${i}]}"
echo "[i] To remove this message, please edit \"${rc_file}\" for \"${files_array[${i}]}\" (package_array: ${package_array[${i}]})"
path_array[${i}]="$(dirname "$(readlink "$0")")"
else
#echo "[!] Could not find: ${files}"
#echo "[i] To remove this message, please remove \"${files_array[${i}]}\" (package_array: ${package_array[${i}]}) from \"${rc_file}\""
unset "files_array[${i}]"
unset "path_array[${i}]"
unset "name_array[${i}]"
unset "git_array[${i}]"
unset "package_array[${i}]"
fi
echo
done
#-----------------------------------------------------------------------------#
## Read in XML
@ -514,7 +739,7 @@ if [[ "${XML}" -eq 1 ]]; then
fi
if [[ "${VERBOSE}" -ne 1 ]]; then
echo "[i] SearchSploit's XML mode (without verbose enabled)"
echo "[i] SearchSploit's XML mode (without verbose enabled). To enable: ${progname} -v --xml..."
fi
## Do the magic
@ -531,19 +756,39 @@ if [[ "${GETPATH}" -eq 1 ]]; then
## Get EDB-ID from input
edbdb="$( echo ${exploit} | rev | cut -d '/' -f1 | rev | cut -d'.' -f1 | tr -dc '0-9' )"
## Check files_*.csv
location=$( cut -d ',' -f 2 "${csvpathexploits}" "${csvpathshellcode}" | grep -m 1 -E "/${edbdb}(\..*)?$" )
title=$( grep -m 1 "${location}" "${csvpathexploits}" "${csvpathshellcode}" | cut -d ',' -f 3 | sed 's/"//g' )
## Join paths
location="${gitpath}/${location}"
## Loop until we find something
arraylength="${#files_array[@]}"
for (( i=0; i<${arraylength}; i++ )); do
files="${path_array[${i}]}/${files_array[${i}]}"
## Check to see if the files_*.csv has a value
path=$( cut -d ',' -f 2 "${files}" | grep -m 1 -E "/${edbdb}(\..*)?$" )
if [[ "${path}" ]]; then
location="${path_array[${i}]}/${path}"
name="${name_array[${i}]}"
[[ "${name}" == "Paper"* ]] && url="papers/${edbdb}/" || url="exploits/${edbdb}/"
break
fi
done
## Did we find the exploit?
if [[ -f "${location}" ]]; then
## Get title
title=$( grep -m 1 "${path}" "${files}" | cut -d ',' -f 3 | sed 's/"//g' )
## File type
fileinfo="$(file -b "${location}")"
## How long is the name?
PADDING=$(( 9 - ${#name} ))
## Display out
echo "Exploit: ${title}"
echo " URL: https://www.exploit-db.com/exploits/${edbdb}/"
echo " Path: ${location}"
printf "%-${PADDING}s%s"
echo "${name}: ${title}"
echo " URL: https://www.exploit-db.com/${url}"
echo " Path: ${location}"
echo "File Type: ${fileinfo}"
echo ""
## Copy to clipboard?
@ -584,7 +829,7 @@ if [[ "${GETPATH}" -eq 1 ]]; then
fi
else
## Feedback
echo "Could not find EDB-ID #${edbdb}"
echo "[!] Could not find EDB-ID #${edbdb}"
echo -e "\n"
fi
done
@ -594,6 +839,9 @@ if [[ "${GETPATH}" -eq 1 ]]; then
fi
#-----------------------------------------------------------------------------#
## If we are doing an exact match ("-e")? If so, do NOT check folder path (Implies "-t").
if [[ "${EXACT}" -eq 1 ]]; then
FILEPATH=0
@ -608,147 +856,37 @@ if [[ "${SCASE}" -eq 1 ]]; then
fi
## Dynamically set column widths to the current screen size
if [[ "${WEBLINK}" -eq 1 ]]; then
COL2=45
else
COL2=$(( ${#gitpath} + 15 ))
fi
COL1=$(( $( tput cols ) - COL2 - 1 ))
## Remove leading space
TAGS="$( echo ${TAGS} | sed -e 's/^[[:space:]]//' )"
## Print header if NOT in JSON ("--json")
if [[ "${JSON}" -eq 0 ]]; then
drawline
printf "%-${COL1}s %s" " Exploit Title"
if [[ "${WEBLINK}" -eq 1 ]]; then
echo "| URL"
elif [[ "${EDBID}" -eq 1 ]]; then
echo "| EDB-ID"
else
echo "| Path"
printf "%-${COL1}s "
echo "| (${gitpath}/)"
#-----------------------------------------------------------------------------#
## Print header if in JSON ("--json")
[[ "${JSON}" -eq 1 ]] && printf "{\n\t\"SEARCH\": \"${TAGS}\""
## Check for files_*.csv
arraylength="${#files_array[@]}"
for (( i=0; i<${arraylength}; i++ )); do
## Search
findresults "${files_array[${i}]}" "${path_array[${i}]}" "${name_array[${i}]}"
## Print results if in JSON ("--json") or if there is any results
if ([[ "${JSON}" -eq 1 ]] || [[ "${OUTPUT}" ]]); then
printresults "${name_array[${i}]}" "${path_array[${i}]}"
## Summary if NOT JSON ("--json")
elif [[ "${JSON}" -eq 0 ]]; then
echo "${name_array[${i}]}s: No Result"
fi
drawline
## Print JSON header
else
echo "{"
printf "\t\"SEARCH\": \"${TAGS}\",\n"
printf "\t\"DB_PATH\": \"${gitpath}\",\n"
printf "\t\"RESULTS\": ["
fi
## Reset
COLOUR_TAG=""
done
## JSON require full options
if [[ "${JSON}" -eq 1 ]]; then
## Read in (id, title, path, date, author, type, platform) separated between commas
SEARCH="awk -F '[,]' '{print \$1\",\"\$2\",\"\$3\",\"\$4\",\"\$5\",\"\$6\",\"\$7}' \"${csvpathexploits}\" \"${csvpathshellcode}\""
else
## Read in (id, title, path) separated between commas (as these are the only visible fields)
SEARCH="awk -F '[,]' '{print \$1\",\"\$2\",\"\$3}' \"${csvpathexploits}\" \"${csvpathshellcode}\""
fi
## EXACT search command ("-e")?
if [[ "${EXACT}" -eq 1 ]]; then
buildterms "${TAGS}"
## or AND search command?
else
## For each term
for TAG in ${TAGS}; do
buildterms "${TAG}"
done
fi
## If we are NOT to use the path name ("-t"/"-e")
if [[ "${FILEPATH}" -eq 0 ]]; then
SEARCH="${SEARCH} | awk -F '[,]' '${CASE_TAG_FGREP}(\$2) ~ /${AWK_SEARCH}/ {print}'"
fi
## If we are to use colour ("--colour"), add the value here
if [[ "${COLOUR_TAG}" ]] && [[ "${JSON}" -eq 0 ]]; then
COLOUR_TAG="grep ${COLOUR_ON_GREP} -iE \"${COLOUR_TAG}|$\""
fi
## Search, format, and print results
if [[ "${OVERFLOW}" -eq 1 ]]; then
FORMAT=${COL1}
else
FORMAT=${COL1}'.'${COL1}
fi
## Strip un-wanted values
SEARCH="${SEARCH} | sed 's/\"//g'"
## Remove any terms not wanted from the search
if [[ "${EXCLUDE}" ]]; then
SEARCH="${SEARCH} | grep -vEi '${EXCLUDE}'"
fi
## Magic search Fu
## Print JSON format (full options) ("--json")?
if [[ "${JSON}" -eq 1 ]]; then
## Web link format ("--json --www")?
if [[ "${WEBLINK}" -eq 1 ]]; then
OUTPUT="$( eval ${SEARCH} \
| awk -F ',' '{ printf "\\n\\t\\t'{'\"Exploit Title\":\"%s\",\"URL\":\"https://www.exploit-db.com/exploits/%s/\"},", $3, $1 }' )"
## Just the EDB-ID ("--json --id")?
elif [[ "${EDBID}" -eq 1 ]]; then
OUTPUT="$( eval ${SEARCH} \
| awk -F ',' '{ printf "\\n\\t\\t'{'\"Exploit Title\":\"%s\",\"EDB-ID\":\"%s\",\"Path\":\"'${gitpath}/'%s\"},", $3, $1, $2 }' )"
## Default JSON ("--json")?
else
OUTPUT="$( eval ${SEARCH} \
| awk -F ',' '{ printf "\\n\\t\\t'{'\"Exploit Title\":\"%s\",\"EDB-ID\":\"%s\",\"Date\":\"%s\",\"Author\":\"%s\",\"Type\":\"%s\",\"Platform\":\"%s\",\"Path\":\"'${gitpath}/'%s\"},", $3, $1, $4, $5, $6, $7, $2 }' )"
fi
OUTPUT="$( echo -e ${OUTPUT} \
| sort \
| sed '$ s/,$//' )"
## Web link format ("--www")?
elif [[ "${WEBLINK}" -eq 1 ]]; then
OUTPUT="$( eval ${SEARCH} \
| awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, "https://www.exploit-db.com/exploits/"$1"/"}' \
| sort )"
## Just the EDB-ID ("--id")?
elif [[ "${EDBID}" -eq 1 ]]; then
OUTPUT="$( eval ${SEARCH} \
| awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, $1 }' \
| sort )"
## Default view
else
OUTPUT="$( eval ${SEARCH} \
| awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, $2 }' \
| sort )"
fi
## Display colour highlights ("--colour")?
if [[ "${COLOUR_TAG}" ]] && [[ "${JSON}" -eq 0 ]]; then
[[ "${OUTPUT}" ]] && OUTPUT=$( echo -e "${OUTPUT}" | eval ${COLOUR_TAG} )
fi
## Show content
[[ "${OUTPUT}" ]] && echo "${OUTPUT}"
## Print footer if NOT in JSON ("--json")
if [[ "${JSON}" -eq 0 ]]; then
drawline
## Print JSON footer
else
printf "\t]\n"
echo "}"
fi
## Print footer if in JSON ("--json")
[[ "${JSON}" -eq 1 ]] && printf "\n}\n"
## Done
exit 0
exit 0