From b7c71cdfb9d86f26930792c9389cfd3bfb5b7f36 Mon Sep 17 00:00:00 2001 From: g0tmi1k Date: Tue, 23 Jan 2018 11:33:41 +0000 Subject: [PATCH] SearchSploit v4 - Now with paper support! --- .searchsploit_rc | 26 +++ README.md | 68 +++++- searchsploit | 570 +++++++++++++++++++++++++++++------------------ 3 files changed, 439 insertions(+), 225 deletions(-) create mode 100644 .searchsploit_rc diff --git a/.searchsploit_rc b/.searchsploit_rc new file mode 100644 index 000000000..55ca40ff6 --- /dev/null +++ b/.searchsploit_rc @@ -0,0 +1,26 @@ +##-- Program Settings +progname="$( basename "$0" )" + + +##-- Exploits +files_array+=("files_exploits.csv") +path_array+=("/opt/exploit-database") +name_array+=("Exploit") +git_array+=("https://github.com/offensive-security/exploit-database.git") +package_array+=("exploitdb") + + +##-- Shellcodes +files_array+=("files_shellcodes.csv") +path_array+=("/opt/exploit-database") +name_array+=("Shellcode") +git_array+=("https://github.com/offensive-security/exploit-database.git") +package_array+=("exploitdb") + + +##-- Papers +files_array+=("files_papers.csv") +path_array+=("/opt/exploit-database-papers") +name_array+=("Paper") +git_array+=("https://github.com/offensive-security/exploit-database-papers.git") +package_array+=("exploitdb-papers") diff --git a/README.md b/README.md index 2f307f1b7..3745bb785 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,5 @@ # The Exploit Database Git Repository + This is an official repository of [The Exploit Database](http://www.exploit-db.com/), a [project](https://www.offensive-security.com/community-projects/) sponsored by [Offensive Security](https://www.offensive-security.com/). Our repositories are: @@ -9,12 +10,22 @@ Our repositories are: The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of [exploits](https://www.exploit-db.com/browse/), [shellcode](https://www.exploit-db.com/shellcode/) and [papers](https://www.exploit-db.com/papers/) gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and Proof-of-Concepts rather than advisories, making it a valuable resource for those who need actionable data right away. You can learn more about the project [here (about)](https://www.exploit-db.com/about-exploit-db/) and [here (history)](https://www.exploit-db.com/history/). -This repository is updated daily with the most recently added submissions. Any additional resources can be found in our [binary sploits repository](https://github.com/offensive-security/exploit-database-bin-sploits). +This repository is updated daily with the most recently added submissions. Any additional resources can be found in our [binary exploits repository](https://github.com/offensive-security/exploit-database-bin-sploits). Exploits are located in the `/exploit/` directory, shellcodes can be found in the `/shellcode/` directory. -Included with this repository is the **SearchSploit** utility, which will allow you to search through exploits and shellcodes using one or more terms. -For more information, please see the [SearchSploit manual](https://www.exploit-db.com/searchsploit/). +## License + +This project is released under "[GNU General Public License v2.0](https://github.com/offensive-security/exploit-database/blob/master/LICENSE.md)". + +- - - + +# SearchSploit + +Included with this repository is the **SearchSploit** utility, which will allow you to search through exploits, shellcodes and papers _(if installed)_ using one or more terms. +For more information, please see the **[SearchSploit manual](https://www.exploit-db.com/searchsploit/)**. + +## Usage/Example ``` root@kali:~# searchsploit -h @@ -64,6 +75,7 @@ root@kali:~# searchsploit -h root@kali:~# root@kali:~# searchsploit afd windows local + ---------------------------------------------------------------------------------------- ----------------------------------- Exploit Title | Path | (/usr/share/exploitdb/) @@ -77,15 +89,53 @@ Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service Microsoft Windows XP/2003 - 'afd.sys' Local Privilege Escalation (K-plugin) (MS08-066) | exploits/windows/local/6757.txt Microsoft Windows XP/2003 - 'afd.sys' Local Privilege Escalation (MS11-080) | exploits/windows/local/18176.py ---------------------------------------------------------------------------------------- ----------------------------------- +Shellcodes: No Result root@kali:~# root@kali:~# searchsploit -p 39446 -Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) - URL: https://www.exploit-db.com/exploits/39446/ - Path: /usr/share/exploitdb/exploits/win_x86/local/39446.py - -Copied EDB-ID 39446's path to the clipboard. + Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) + URL: https://www.exploit-db.com/exploits/39446/ + Path: /usr/share/exploitdb/exploits/win_x86/local/39446.py +File Type: Python script, ASCII text executable, with CRLF line terminators +Copied EDB-ID #39446's path to the clipboard. root@kali:~# ``` -SearchSploit requires either "CoreUtils" or "utilities" (e.g. `bash`, `sed`, `grep`, `awk`, etc.) for the core features to work. The self updating function will require `git`, and the Nmap XML option to work, will require `xmllint` (found in the `libxml2-utils` package in Debian-based systems). +## Install + +SearchSploit requires either "CoreUtils" or "utilities" (e.g. `bash`, `sed`, `grep`, `awk`, etc.) for the core features to work. +The self updating function will require `git`, and the Nmap XML option to work, will require `xmllint` (found in the `libxml2-utils` package in Debian-based systems). + +You can find a **more in-depth guide in the [SearchSploit manual](https://www.exploit-db.com/searchsploit/)**. + +**Kali Linux** + +Exploit-DB/SearchSploit is already packaged inside of Kali-Linux. A simple straightforward is to: + +``` +root@kali:~# apt -y install exploitdb +``` + +_NOTE: Optional is to install the additional packages:_ + +``` +root@kali:~# apt -y install exploitdb-bin-sploits exploitdb-papers +``` + +**Git** + +In short: clone the repository, add the binary into $PATH, and edit the config file to reflect the git path: + +``` +$ sudo git clone https://github.com/offensive-security/exploit-database.git /opt/exploit-database +$ sudo ln -sf /opt/exploit-database/searchsploit /usr/local/bin/searchsploit +$ sed 's|path_array+=(.*)|path_array+=("/opt/exploit-database")|g' /opt/exploit-database/.searchsploit_rc > ~/.searchsploit_rc +``` + +## Credit + +The following people made this possible: + +- [Offensive Security](https://www.offensive-security.com/) +- [Unix-Ninja](https://github.com/unix-ninja) +- [g0tmi1k](https://blog.g0tmi1k.com/) diff --git a/searchsploit b/searchsploit index 8648e9ce7..6fab28e50 100755 --- a/searchsploit +++ b/searchsploit @@ -1,6 +1,6 @@ #!/bin/bash # Name: SearchSploit - Exploit-DB's CLI search tool -# Version: 3.8.8 (Release date: 2017-11-28) +# Version: 4.0.0 (Release date: 2018-01-23) # Written by: Offensive Security, Unix-Ninja, and g0tmi1k # Homepage: https://github.com/offensive-security/exploit-database # Manual: https://www.exploit-db.com/searchsploit/ @@ -9,18 +9,12 @@ # Exit code '0' means finished normally # Exit code '1' means something went wrong # Exit code '2' means help screen -# Exit code '6' means updated exploitdb package (APT or Git) +# Exit code '6' means updated packages (APT, brew or Git) +#-----------------------------------------------------------------------------# -## OS settings (get the path of where the script is stored + database file) -gitpath="/opt/exploit-database" -csvpathexploits="${gitpath}/files_exploits.csv" -csvpathshellcode="${gitpath}/files_shellcodes.csv" - - -## Program settings -gitremote="https://github.com/offensive-security/exploit-database.git" -progname="$( basename "$0" )" +## Settings File +rc_file="" ## Default options @@ -48,12 +42,14 @@ AWK_SEARCH="" COLOUR_OFF_GREP= COLOUR_ON_GREP= + ## Check if our grep supports --color if grep --help 2>&1 | grep "[-]-color" >/dev/null 2>&1 ; then COLOUR_OFF_GREP="--color=never" COLOUR_ON_GREP="--color=always" fi + ## Set LANG variable to avoid illegal byte sequence errors LANG=C @@ -112,22 +108,41 @@ function usage() ## Update database check function update() { - # Update from the repos (e.g. Kali) - dpkg -l exploitdb 2>/dev/null >/dev/null - if [[ "$?" == "0" ]]; then - updatedeb - exit 6 - fi + arraylength="${#files_array[@]}" + for (( i=0; i<${arraylength}; i++ )); do + ## Check to see if we already have the value + [[ "${tmp_package[*]}" =~ "${package_array[${i}]}" ]] && continue - # Update from homebrew (e.g. OSX) - brew 2>/dev/null >/dev/null - if [[ "$?" == "0" ]]; then - # This only really updates ./searchsploit - updatedbrew - fi + ## Else save all the information + tmp_git+=("${git_array[${i}]}") + tmp_path+=("${path_array[${i}]}") + tmp_package+=("${package_array[${i}]}") + done - # Update via Git - updategit + + ## Loop around all the new arrays + arraylength="${#tmp_git[@]}" + for (( i=0; i<${arraylength}; i++ )); do + git="${tmp_git[${i}]}" + path="${tmp_path[${i}]}" + package="${tmp_package[${i}]}" + + # Update from the repos (e.g. Kali) + dpkg -l "${package}" 2>/dev/null >/dev/null + if [[ "$?" == "0" ]]; then + updatedeb "${package}" + else + # Update from homebrew (e.g. OSX) + brew 2>/dev/null >/dev/null + if [[ "$?" == "0" ]]; then + # This only really only updates "./searchsploit". The rest (can) come via git as its updated more frequently + updatedbrew "${package}" + fi + + # Update via Git + updategit "${package}" "${path}" "${git}" + fi + done # Done exit 6 @@ -137,55 +152,65 @@ function update() ## Update database (via .deb/apt) function updatedeb() { - echo -e "[i] Updating via APT package management (Expect weekly-ish updates).\n" + package_in="${1}" + + echo -e "[i] Updating via apt package management (Expect weekly-ish updates): ${package_in}\n" sudo apt update \ - || echo -e "\n[-] Issue with apt update (Please check network connectivity & APT SourcesList values)." 1>&2 - sudo apt -y install exploitdb \ + || echo -e "\n[-] Issue with apt update (Please check network connectivity & apt SourcesList values)." 1>&2 + sudo apt -y install "${package_in}" \ || echo -e "\n[-] Issue with apt upgrade." 1>&2 - echo -e "\n[*] APT update finished." + echo -e "\n[*] apt update finished." } + ## Update database (via homebrew) function updatedbrew() { + package_in="${1}" + echo -e "[i] Updating via brew package management.\n" brew update \ || echo -e "\n[-] Issue with brew update (Please check network connectivity)." 1>&2 - brew upgrade exploitdb + brew upgrade "${package_in}" echo -e "\n[*] Brew update finished." } + ## Update database (via Git) function updategit() { - echo -e "[i] Updating via Git (Expect daily updates): ${gitpath}\n" + package_in="${1}" + path_in="${2}" + git_in="${3}" + + echo -e "[i] Updating via Git (Expect daily updates): ${package_in} ~ ${path_in}\n" ## Make sure we are in the correct folder - mkdir -p "${gitpath}/" 2>/dev/null \ - || sudo mkdir -p "${gitpath}/" - cd "${gitpath}/" + mkdir -p "${path_in}/" 2>/dev/null \ + || sudo mkdir -p "${path_in}/" + cd "${path_in}/" ## Are we in a Git repo? if [[ "$( git rev-parse --is-inside-work-tree 2>/dev/null )" != "true" ]]; then if [[ "$( ls )" = "" ]]; then # If directory is empty, just clone - echo -e "\n[-] Nothing here (${gitpath}). Starting fresh..." - git clone "${gitremote}" "${gitpath}/" 2>/dev/null \ - || sudo git clone "${gitremote}" "${gitpath}/" + echo -e "\n[-] Nothing here (${path_in}). Starting fresh..." + git clone -v "${git_in}" "${path_in}/" 2>/dev/null \ + || sudo git clone -v "${git_in}" "${path_in}/" fi fi # Is our Git remote added? (aka wouldn't be via homebrew method) - if [[ "$( git remote -v )" != *"upstream"*"${gitremote}"* ]]; then - echo -e "\n[-] Missing Git remote upstream (${gitremote})" + if [[ "$( git remote -v )" != *"upstream"*"${git_in}"* ]]; then + echo -e "\n[-] Missing Git remote upstream (${git_in})" git init 2>/dev/null \ || sudo git init - git remote add upstream "${gitremote}" 2>/dev/null \ - || sudo git remote add upstream "${gitremote}" + git remote add upstream "${git_in}" 2>/dev/null \ + || sudo git remote add upstream "${git_in}" fi # Make sure to prep checkout first @@ -194,21 +219,20 @@ function updategit() # Update from git echo -e "\n[i] Git pull'ing" - git pull upstream master 2>/dev/null \ - || sudo git pull upstream master + git pull -v upstream master 2>/dev/null \ + || sudo git pull -v upstream master # If conflicts, clean and try again if [[ "$?" -ne 0 ]]; then echo -e "\n[-] Git conflict" git clean -d -fx "" \ || sudo git clean -d -fx "" - git pull upstream master \ - || sudo git pull upstream master + git pull -v upstream master \ + || sudo git pull -v upstream master fi echo -e "\n[*] Git update finished." - echo "[i] Path: ${gitpath}/" - exit 6 + echo "[i] Path: ${path_in}/" } @@ -239,8 +263,11 @@ function validterm() || [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "ssh" ] \ || [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "unknown" ]; then echo -e "[-] Skipping term: ${1} (Term is too general. Please re-search manually: $0 ${arg} ${1})\n" 1>&2 + ## Issues, return with something return 1 fi + + ## No issues, return without anything return 0 } @@ -249,9 +276,7 @@ function validterm() function searchsploitout() { ## Make sure there is a value - if [ "${software}" = "" ]; then - return - fi + [ "${software}" = "" ] && return #echo "" 1>&2 @@ -373,41 +398,215 @@ function nmapxml() ## Build search terms function buildterms() { - tag="${1}" + tag_in="${1}" ## If we are to use colour ("--colour"), add the values to search for between "or" if [[ "${COLOUR}" -eq 1 ]]; then - if [[ "${COLOUR_TAG}" ]]; then - COLOUR_TAG="${COLOUR_TAG}|" - fi - COLOUR_TAG="${COLOUR_TAG}${tag}" + [[ "${COLOUR_TAG}" ]] && COLOUR_TAG="${COLOUR_TAG}|" + COLOUR_TAG="${COLOUR_TAG}${tag_in}" fi ## Search both title AND path if [[ "${FILEPATH}" -eq 1 ]]; then ## Search command for each term (with case sensitive flag, "-c") - SEARCH="${SEARCH} | grep ${COLOUR_OFF_GREP} -F ${CASE_TAG_GREP} \"${tag}\"" + SEARCH="${SEARCH} | grep ${COLOUR_OFF_GREP} -F ${CASE_TAG_GREP} \"${tag_in}\"" ## Search just the title, NOT the path ("-t"/"-e") else ## If there is already a value, prepend text to get ready - if [[ "${AWK_SEARCH}" ]]; then - AWK_SEARCH="${AWK_SEARCH}/ && ${CASE_TAG_FGREP}(\$2) ~ /" - fi + [[ "${AWK_SEARCH}" ]] && AWK_SEARCH="${AWK_SEARCH}/ && ${CASE_TAG_FGREP}(\$3) ~ /" ## Escape any slashes - tag="$( echo ${tag} | sed 's_/_\\/_g' )" + tag_in="$( echo ${tag_in} | sed 's_/_\\/_g' )" ## Case sensitive ("-c")? if [[ "${SCASE}" -eq 1 ]]; then - AWK_SEARCH="${AWK_SEARCH}${tag}" + AWK_SEARCH="${AWK_SEARCH}${tag_in}" else - AWK_SEARCH="${AWK_SEARCH}$( echo ${tag} | tr '[:upper:]' '[:lower:]' )" + AWK_SEARCH="${AWK_SEARCH}$( echo ${tag_in} | tr '[:upper:]' '[:lower:]' )" fi fi } -## Check for empty args +## Read in the values from files_*.csv +function findresults() +{ + file_in="${1}" + path_in="${2}" + name_in="${3}" + [[ "${name_in}" == "Paper"* ]] && url="papers" || url="exploits" + + + ## JSON require full options + if [[ "${JSON}" -eq 1 ]]; then + ## Read in (id, title, path, date, author, type, platform) separated between commas + SEARCH="awk -F '[,]' '{print \$1\",\"\$2\",\"\$3\",\"\$4\",\"\$5\",\"\$6\",\"\$7}' \"${path_in}/${file_in}\"" + else + ## Read in (id, title, path) separated between commas (as these are the only visible fields) + SEARCH="awk -F '[,]' '{print \$1\",\"\$2\",\"\$3}' \"${path_in}/${file_in}\"" + fi + + + ## EXACT search command ("-e")? + if [[ "${EXACT}" -eq 1 ]]; then + buildterms "${TAGS}" + ## or AND search command? + else + ## For each term + for TAG in ${TAGS}; do + buildterms "${TAG}" + done + fi + + + ## If we are NOT to use the path name ("-t"/"-e") + [[ "${FILEPATH}" -eq 0 ]] && SEARCH="${SEARCH} | awk -F '[,]' '${CASE_TAG_FGREP}(\$3) ~ /${AWK_SEARCH}/ {print}'" + + + ## If we are to use colour ("--colour"), add the value here + if [[ "${COLOUR_TAG}" ]] && [[ "${JSON}" -eq 0 ]]; then + COLOUR_TAG="grep ${COLOUR_ON_GREP} -iE \"${COLOUR_TAG}|$\"" + fi + + + ## Dynamically set column widths to the current screen size + [[ "${WEBLINK}" -eq 1 ]] && COL2=45 || COL2=$(( ${#path_in} + 20 )) + COL1=$(( $( tput cols ) - COL2 - 1 )) + + + ## Search, format, and print results (--overflow) + if [[ "${OVERFLOW}" -eq 1 ]]; then + FORMAT=${COL1} + else + FORMAT=${COL1}'.'${COL1} + fi + + + ## Strip un-wanted values + SEARCH="${SEARCH} | sed 's/\"//g'" + + + ## Remove any terms not wanted from the search + [[ "${EXCLUDE}" ]] && SEARCH="${SEARCH} | grep -vEi '${EXCLUDE}'" + + + ## Magic search Fu + ## Print JSON format (full options) ("--json")? + if [[ "${JSON}" -eq 1 ]]; then + ## Web link format ("--json --www")? + if [[ "${WEBLINK}" -eq 1 ]]; then + OUTPUT="$( eval ${SEARCH} \ + | awk -F ',' '{ printf "\\n\\t\\t'{'\"Title\":\"%s\",\"URL\":\"https://www.exploit-db.com/'${url}'/%s/\"},", $3, $1 }' )" + ## Just the EDB-ID ("--json --id")? + elif [[ "${EDBID}" -eq 1 ]]; then + OUTPUT="$( eval ${SEARCH} \ + | awk -F ',' '{ printf "\\n\\t\\t'{'\"Title\":\"%s\",\"EDB-ID\":\"%s\",\"Path\":\"'${path_in}/'%s\"},", $3, $1, $2 }' )" + ## Default JSON ("--json")? + else + OUTPUT="$( eval ${SEARCH} \ + | awk -F ',' '{ printf "\\n\\t\\t'{'\"Title\":\"%s\",\"EDB-ID\":\"%s\",\"Date\":\"%s\",\"Author\":\"%s\",\"Type\":\"%s\",\"Platform\":\"%s\",\"Path\":\"'${path_in}/'%s\"},", $3, $1, $4, $5, $6, $7, $2 }' )" + fi + OUTPUT="$( echo -e ${OUTPUT} \ + | sort \ + | sed '$ s/,$//' )" + ## Web link format ("--www")? + elif [[ "${WEBLINK}" -eq 1 ]]; then + OUTPUT="$( eval ${SEARCH} \ + | awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, "https://www.exploit-db.com/'${url}'/"$1"/"}' \ + | sort )" + ## Just the EDB-ID ("--id")? + elif [[ "${EDBID}" -eq 1 ]]; then + OUTPUT="$( eval ${SEARCH} \ + | awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, $1 }' \ + | sort )" + ## Default view + else + OUTPUT="$( eval ${SEARCH} \ + | awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, $2 }' \ + | sort )" + fi + + + ## Display colour highlights ("--colour")? + if [[ "${COLOUR_TAG}" ]] && [[ "${JSON}" -eq 0 ]]; then + [[ "${OUTPUT}" ]] && OUTPUT=$( echo -e "${OUTPUT}" | eval ${COLOUR_TAG} ) + fi +} + + +function printresults() +{ + title_in="${1}" + path_in="${2}" + json_title="$(echo ${title_in} | tr /a-z/ /A-Z/)" + + + ## Print header if in JSON ("--json") + if [[ "${JSON}" -eq 1 ]]; then + printf ",\n\t\"DB_PATH_${json_title}\": \"${path_in}\",\n" + printf "\t\"RESULTS_${json_title}\": [" + ## ASCII table + else + drawline + printf "%-${COL1}s %s" " ${title_in} Title" + if [[ "${WEBLINK}" -eq 1 ]]; then + echo "| URL" + elif [[ "${EDBID}" -eq 1 ]]; then + echo "| EDB-ID" + else + echo "| Path" + #echo " > Results (0)" + printf "%-${COL1}s " + echo "| (${path_in}/)" + fi + drawline + fi + + + ## Show content + [[ "${OUTPUT}" ]] && echo "${OUTPUT}" + + + ## Print footer if in JSON ("--json") + if [[ "${JSON}" -eq 1 ]]; then + printf "\t]" + else + drawline + fi +} + + +#-----------------------------------------------------------------------------# + + +## Locate setting file +## User home folder config +if [[ -f "${HOME}/.searchsploit_rc" ]]; then + rc_file="${HOME}/.searchsploit_rc" +## Global config +elif [[ -f "/etc/searchsploit_rc" ]]; then + rc_file="/etc/searchsploit_rc" +## Method #1 - File itself +elif [[ -f "$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)/.searchsploit_rc" ]]; then + rc_file="$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)/.searchsploit_rc" +## Method #2 - Symbolic link +elif [[ -f "$(dirname "$(readlink "$0")")/.searchsploit_rc" ]]; then + rc_file="$(dirname "$(readlink "$0")")/.searchsploit_rc" +## Manually specified? +elif [[ ! -f "${rc_file}" ]]; then + echo "[!] Could not find: rc_file ~ ${rc_file}" + exit 1 +fi + + +## Use config file +source "${rc_file}" + + +#-----------------------------------------------------------------------------# + + +## Check for empty arguments if [[ $# -eq 0 ]]; then usage >&2 fi @@ -486,14 +685,40 @@ while getopts "cehjmnoptuvwx" arg "${ARGS}"; do done -## If we cannot find files_*.csv -if [[ ! -f "${csvpathexploits}" ]]; then - echo "[!] Could not find: ${csvpathexploits}" - exit 1 -elif [[ ! -f "${csvpathshellcode}" ]]; then - echo "[!] Could not find: ${csvpathshellcode}" - exit 1 -fi +#-----------------------------------------------------------------------------# + + +## Check for files_*.csv +arraylength="${#files_array[@]}" +for (( i=0; i<${arraylength}; i++ )); do + files="${path_array[${i}]}/${files_array[${i}]}" + + if [[ -f "${files}" ]]; then + continue + ## Method #1 - File itself + elif [[ -f "$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)/${files_array[${i}]}" ]]; then + echo "[i] Found (#1): $(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)/${files_array[${i}]}" + echo "[i] To remove this message, please edit \"${rc_file}\" for \"${files_array[${i}]}\" (package_array: ${package_array[${i}]})" + path_array[${i}]="$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)" + ## Method #2 - Symbolic link + elif [[ -f "$(dirname "$(readlink "$0")")/${files_array[${i}]}" ]]; then + echo "[i] Found (#2): $(dirname "$(readlink "$0")")/${files_array[${i}]}" + echo "[i] To remove this message, please edit \"${rc_file}\" for \"${files_array[${i}]}\" (package_array: ${package_array[${i}]})" + path_array[${i}]="$(dirname "$(readlink "$0")")" + else + #echo "[!] Could not find: ${files}" + #echo "[i] To remove this message, please remove \"${files_array[${i}]}\" (package_array: ${package_array[${i}]}) from \"${rc_file}\"" + unset "files_array[${i}]" + unset "path_array[${i}]" + unset "name_array[${i}]" + unset "git_array[${i}]" + unset "package_array[${i}]" + fi + echo +done + + +#-----------------------------------------------------------------------------# ## Read in XML @@ -514,7 +739,7 @@ if [[ "${XML}" -eq 1 ]]; then fi if [[ "${VERBOSE}" -ne 1 ]]; then - echo "[i] SearchSploit's XML mode (without verbose enabled)" + echo "[i] SearchSploit's XML mode (without verbose enabled). To enable: ${progname} -v --xml..." fi ## Do the magic @@ -531,19 +756,39 @@ if [[ "${GETPATH}" -eq 1 ]]; then ## Get EDB-ID from input edbdb="$( echo ${exploit} | rev | cut -d '/' -f1 | rev | cut -d'.' -f1 | tr -dc '0-9' )" - ## Check files_*.csv - location=$( cut -d ',' -f 2 "${csvpathexploits}" "${csvpathshellcode}" | grep -m 1 -E "/${edbdb}(\..*)?$" ) - title=$( grep -m 1 "${location}" "${csvpathexploits}" "${csvpathshellcode}" | cut -d ',' -f 3 | sed 's/"//g' ) - ## Join paths - location="${gitpath}/${location}" + ## Loop until we find something + arraylength="${#files_array[@]}" + for (( i=0; i<${arraylength}; i++ )); do + files="${path_array[${i}]}/${files_array[${i}]}" + ## Check to see if the files_*.csv has a value + path=$( cut -d ',' -f 2 "${files}" | grep -m 1 -E "/${edbdb}(\..*)?$" ) + if [[ "${path}" ]]; then + location="${path_array[${i}]}/${path}" + name="${name_array[${i}]}" + [[ "${name}" == "Paper"* ]] && url="papers/${edbdb}/" || url="exploits/${edbdb}/" + break + fi + done + ## Did we find the exploit? if [[ -f "${location}" ]]; then + ## Get title + title=$( grep -m 1 "${path}" "${files}" | cut -d ',' -f 3 | sed 's/"//g' ) + + ## File type + fileinfo="$(file -b "${location}")" + + ## How long is the name? + PADDING=$(( 9 - ${#name} )) + ## Display out - echo "Exploit: ${title}" - echo " URL: https://www.exploit-db.com/exploits/${edbdb}/" - echo " Path: ${location}" + printf "%-${PADDING}s%s" + echo "${name}: ${title}" + echo " URL: https://www.exploit-db.com/${url}" + echo " Path: ${location}" + echo "File Type: ${fileinfo}" echo "" ## Copy to clipboard? @@ -584,7 +829,7 @@ if [[ "${GETPATH}" -eq 1 ]]; then fi else ## Feedback - echo "Could not find EDB-ID #${edbdb}" + echo "[!] Could not find EDB-ID #${edbdb}" echo -e "\n" fi done @@ -594,6 +839,9 @@ if [[ "${GETPATH}" -eq 1 ]]; then fi +#-----------------------------------------------------------------------------# + + ## If we are doing an exact match ("-e")? If so, do NOT check folder path (Implies "-t"). if [[ "${EXACT}" -eq 1 ]]; then FILEPATH=0 @@ -608,147 +856,37 @@ if [[ "${SCASE}" -eq 1 ]]; then fi -## Dynamically set column widths to the current screen size -if [[ "${WEBLINK}" -eq 1 ]]; then - COL2=45 -else - COL2=$(( ${#gitpath} + 15 )) -fi -COL1=$(( $( tput cols ) - COL2 - 1 )) - ## Remove leading space TAGS="$( echo ${TAGS} | sed -e 's/^[[:space:]]//' )" -## Print header if NOT in JSON ("--json") -if [[ "${JSON}" -eq 0 ]]; then - drawline - printf "%-${COL1}s %s" " Exploit Title" - if [[ "${WEBLINK}" -eq 1 ]]; then - echo "| URL" - elif [[ "${EDBID}" -eq 1 ]]; then - echo "| EDB-ID" - else - echo "| Path" - printf "%-${COL1}s " - echo "| (${gitpath}/)" + +#-----------------------------------------------------------------------------# + + +## Print header if in JSON ("--json") +[[ "${JSON}" -eq 1 ]] && printf "{\n\t\"SEARCH\": \"${TAGS}\"" + + +## Check for files_*.csv +arraylength="${#files_array[@]}" +for (( i=0; i<${arraylength}; i++ )); do + ## Search + findresults "${files_array[${i}]}" "${path_array[${i}]}" "${name_array[${i}]}" + ## Print results if in JSON ("--json") or if there is any results + if ([[ "${JSON}" -eq 1 ]] || [[ "${OUTPUT}" ]]); then + printresults "${name_array[${i}]}" "${path_array[${i}]}" + ## Summary if NOT JSON ("--json") + elif [[ "${JSON}" -eq 0 ]]; then + echo "${name_array[${i}]}s: No Result" fi - drawline -## Print JSON header -else - echo "{" - printf "\t\"SEARCH\": \"${TAGS}\",\n" - printf "\t\"DB_PATH\": \"${gitpath}\",\n" - printf "\t\"RESULTS\": [" -fi + ## Reset + COLOUR_TAG="" +done -## JSON require full options -if [[ "${JSON}" -eq 1 ]]; then - ## Read in (id, title, path, date, author, type, platform) separated between commas - SEARCH="awk -F '[,]' '{print \$1\",\"\$2\",\"\$3\",\"\$4\",\"\$5\",\"\$6\",\"\$7}' \"${csvpathexploits}\" \"${csvpathshellcode}\"" -else - ## Read in (id, title, path) separated between commas (as these are the only visible fields) - SEARCH="awk -F '[,]' '{print \$1\",\"\$2\",\"\$3}' \"${csvpathexploits}\" \"${csvpathshellcode}\"" -fi - - -## EXACT search command ("-e")? -if [[ "${EXACT}" -eq 1 ]]; then - buildterms "${TAGS}" -## or AND search command? -else - ## For each term - for TAG in ${TAGS}; do - buildterms "${TAG}" - done -fi - - -## If we are NOT to use the path name ("-t"/"-e") -if [[ "${FILEPATH}" -eq 0 ]]; then - SEARCH="${SEARCH} | awk -F '[,]' '${CASE_TAG_FGREP}(\$2) ~ /${AWK_SEARCH}/ {print}'" -fi - - -## If we are to use colour ("--colour"), add the value here -if [[ "${COLOUR_TAG}" ]] && [[ "${JSON}" -eq 0 ]]; then - COLOUR_TAG="grep ${COLOUR_ON_GREP} -iE \"${COLOUR_TAG}|$\"" -fi - - -## Search, format, and print results -if [[ "${OVERFLOW}" -eq 1 ]]; then - FORMAT=${COL1} -else - FORMAT=${COL1}'.'${COL1} -fi - - -## Strip un-wanted values -SEARCH="${SEARCH} | sed 's/\"//g'" - - -## Remove any terms not wanted from the search -if [[ "${EXCLUDE}" ]]; then - SEARCH="${SEARCH} | grep -vEi '${EXCLUDE}'" -fi - - -## Magic search Fu -## Print JSON format (full options) ("--json")? -if [[ "${JSON}" -eq 1 ]]; then - ## Web link format ("--json --www")? - if [[ "${WEBLINK}" -eq 1 ]]; then - OUTPUT="$( eval ${SEARCH} \ - | awk -F ',' '{ printf "\\n\\t\\t'{'\"Exploit Title\":\"%s\",\"URL\":\"https://www.exploit-db.com/exploits/%s/\"},", $3, $1 }' )" - ## Just the EDB-ID ("--json --id")? - elif [[ "${EDBID}" -eq 1 ]]; then - OUTPUT="$( eval ${SEARCH} \ - | awk -F ',' '{ printf "\\n\\t\\t'{'\"Exploit Title\":\"%s\",\"EDB-ID\":\"%s\",\"Path\":\"'${gitpath}/'%s\"},", $3, $1, $2 }' )" - ## Default JSON ("--json")? - else - OUTPUT="$( eval ${SEARCH} \ - | awk -F ',' '{ printf "\\n\\t\\t'{'\"Exploit Title\":\"%s\",\"EDB-ID\":\"%s\",\"Date\":\"%s\",\"Author\":\"%s\",\"Type\":\"%s\",\"Platform\":\"%s\",\"Path\":\"'${gitpath}/'%s\"},", $3, $1, $4, $5, $6, $7, $2 }' )" - fi - OUTPUT="$( echo -e ${OUTPUT} \ - | sort \ - | sed '$ s/,$//' )" -## Web link format ("--www")? -elif [[ "${WEBLINK}" -eq 1 ]]; then - OUTPUT="$( eval ${SEARCH} \ - | awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, "https://www.exploit-db.com/exploits/"$1"/"}' \ - | sort )" -## Just the EDB-ID ("--id")? -elif [[ "${EDBID}" -eq 1 ]]; then - OUTPUT="$( eval ${SEARCH} \ - | awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, $1 }' \ - | sort )" -## Default view -else - OUTPUT="$( eval ${SEARCH} \ - | awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, $2 }' \ - | sort )" -fi - - -## Display colour highlights ("--colour")? -if [[ "${COLOUR_TAG}" ]] && [[ "${JSON}" -eq 0 ]]; then - [[ "${OUTPUT}" ]] && OUTPUT=$( echo -e "${OUTPUT}" | eval ${COLOUR_TAG} ) -fi - - -## Show content -[[ "${OUTPUT}" ]] && echo "${OUTPUT}" - -## Print footer if NOT in JSON ("--json") -if [[ "${JSON}" -eq 0 ]]; then - drawline -## Print JSON footer -else - printf "\t]\n" - echo "}" -fi +## Print footer if in JSON ("--json") +[[ "${JSON}" -eq 1 ]] && printf "\n}\n" ## Done -exit 0 \ No newline at end of file +exit 0