bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #59 from g0tmi1k/searchsploit

Browse source 
SearchSploit - Screen width will not affect the results
This commit is contained in:
g0tmi1k 2016-11-07 16:54:07 +00:00 committed by GitHub
commit b80848bd60
1 changed files with 79 additions and 70 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

147
searchsploit
View file

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Name: SearchSploit - Exploit-DB's CLI search tool # Name: SearchSploit - Exploit-DB's CLI search tool
# Version: 3.7 (Release date: 2016-10-26) # Version: 3.7.1 (Release date: 2016-11-07)
# Written by: Offensive Security, Unix-Ninja & g0tmi1k # Written by: Offensive Security, Unix-Ninja & g0tmi1k
# Homepage: https://github.com/offensive-security/exploit-database # Homepage: https://github.com/offensive-security/exploit-database
# #
@ -41,6 +41,7 @@ TAGS=""
SEARCH="" SEARCH=""
CASE_TAG_GREP="-i" CASE_TAG_GREP="-i"
CASE_TAG_FGREP="tolower" CASE_TAG_FGREP="tolower"
AWK_SEARCH=""
## Set LANG variable to avoid illegal byte sequence errors ## Set LANG variable to avoid illegal byte sequence errors
@ -305,13 +306,51 @@ function nmapxml()
#searchsploitout #searchsploitout
echo "${software}" >> /tmp/searchsploitout echo "${software}" >> /tmp/searchsploitout
## Read in from file (so there isn't any duplicates but unable to print out IPs) ## Read in from file (so there are no duplicates - ...but unable to print out IPs)
cat /tmp/searchsploitout | tr '[:upper:]' '[:lower:]' | awk '!x[$0]++' | while read software; do cat /tmp/searchsploitout | tr '[:upper:]' '[:lower:]' | awk '!x[$0]++' | while read software; do
searchsploitout searchsploitout
done done
} }
## Build search terms
function buildterms()
{
tag="${1}"
## If we are to use colour ("--colour"), add the values to search for between "or"
if [[ "${COLOUR}" -eq 1 ]]; then
if [[ "${COLOUR_TAG}" ]]; then
COLOUR_TAG="${COLOUR_TAG}|"
fi
COLOUR_TAG="${COLOUR_TAG}${tag}"
fi
## Search both title AND path
if [[ "${FILEPATH}" -eq 1 ]]; then
## Search command for each term (with case sensitive flag, "-c")
SEARCH="${SEARCH} | grep --color=never -F ${CASE_TAG_GREP} \"${tag}\""
## Search just the title, NOT the path ("-t"/"-e")
else
## If there is already a value, prepend text to get ready
if [[ "${AWK_SEARCH}" ]]; then
AWK_SEARCH="${AWK_SEARCH}/ && ${CASE_TAG_FGREP}(\$3) ~ /"
fi
## Escape any slashes
tag="$( echo ${tag} | sed 's_/_\\/_g' )"
## Case sensitive ("-c")?
if [[ "${SCASE}" -eq 1 ]]; then
AWK_SEARCH="${AWK_SEARCH}${tag}"
else
AWK_SEARCH="${AWK_SEARCH}$( echo ${tag} | tr '[:upper:]' '[:lower:]' )"
fi
fi
}
## Check for empty args ## Check for empty args
if [[ $# -eq 0 ]]; then if [[ $# -eq 0 ]]; then
usage >&2 usage >&2
@ -494,7 +533,7 @@ if [[ "${GETPATH}" -eq 1 ]]; then
fi fi
## If we are doing an exact match, do not check folder path (Implies "-t"). ## If we are doing an exact match ("-e")? If so, do NOT check folder path (Implies "-t").
if [[ "${EXACT}" -eq 1 ]]; then if [[ "${EXACT}" -eq 1 ]]; then
FILEPATH=0 FILEPATH=0
fi fi
@ -519,7 +558,7 @@ COL1=$(( $( tput cols ) - COL2 - 1 ))
## Remove leading space ## Remove leading space
TAGS="$(echo ${TAGS} | sed -e 's/^[[:space:]]//')" TAGS="$(echo ${TAGS} | sed -e 's/^[[:space:]]//')"
## Print header if not in JSON ## Print header if NOT in JSON ("--json")
if [[ "${JSON}" -eq 0 ]]; then if [[ "${JSON}" -eq 0 ]]; then
drawline drawline
printf "%-${COL1}s %s" " Exploit Title" printf "%-${COL1}s %s" " Exploit Title"
@ -541,71 +580,31 @@ else
fi fi
## EXACT search command? ## Read in id, title and path, separated between commas (as these are the only visible fields)
if [[ "${EXACT}" -eq 1 ]]; then SEARCH="awk -F '[,]' '{print \$1\",\"\$2\",\"\$3}' \"${csvpath}\""
## Case sensitive?
if [[ "${SCASE}" -eq 1 ]]; then
SEARCH="${TAGS}"
else
## Case insensitive
SEARCH="$( echo ${TAGS} | tr '[:upper:]' '[:lower:]' )"
fi
## If we are to use colour, add the values to search for
if [[ "${COLOUR}" -eq 1 ]]; then ## EXACT search command ("-e")?
COLOUR_TAG="${SEARCH}" if [[ "${EXACT}" -eq 1 ]]; then
fi buildterms "${TAGS}"
## or AND search command? ## or AND search command?
else else
## For each term ## For each term
for tag in ${TAGS}; do for TAG in ${TAGS}; do
## If we are to use colour, add the values to search for between "or" buildterms "${TAG}"
if [[ "${COLOUR}" -eq 1 ]]; then
if [[ "${COLOUR_TAG}" ]]; then
COLOUR_TAG="${COLOUR_TAG}\|"
fi
COLOUR_TAG="${COLOUR_TAG}${tag}"
fi
## Search both title AND path?
if [[ "${FILEPATH}" -eq 1 ]]; then
## Is there a value already?
if [[ "${SEARCH}" ]]; then
SEARCH="${SEARCH} |"
fi
## Search command for each term
SEARCH="${SEARCH} fgrep ${CASE_TAG_GREP} \"${tag}\""
## Search just the title, not the path
else
## If there is already a value, prepend text to get ready
if [[ "${SEARCH}" ]]; then
SEARCH="${SEARCH}/ && ${CASE_TAG_FGREP}(\$1) ~ /"
fi
## Escape any slashes
tag="$( echo ${tag} | sed 's_/_\\/_g' )"
## Case sensitive?
if [[ "${SCASE}" -eq 1 ]]; then
SEARCH="${SEARCH}${tag}"
else
SEARCH="${SEARCH}$( echo ${tag} | tr '[:upper:]' '[:lower:]' )"
fi
fi
done done
fi fi
## If we are not to use the path name ## If we are NOT to use the path name ("-t"/"-e")
if [[ "${FILEPATH}" -eq 0 ]]; then if [[ "${FILEPATH}" -eq 0 ]]; then
SEARCH="awk -F '[|]' '${CASE_TAG_FGREP}(\$1) ~ /${SEARCH}/ {print}'" SEARCH="${SEARCH} | awk -F '[,]' '${CASE_TAG_FGREP}(\$3) ~ /${AWK_SEARCH}/ {print}'"
fi fi
## If we are to use colour, add the value here ## If we are to use colour ("--colour"), add the value here
if [[ "${COLOUR_TAG}" ]] && [[ "${JSON}" -eq 0 ]]; then if [[ "${COLOUR_TAG}" ]] && [[ "${JSON}" -eq 0 ]]; then
SEARCH="${SEARCH} | grep --color=always -ie \"\${COLOUR_TAG}\"" COLOUR_TAG="grep --color=always -iE \"${COLOUR_TAG}|$\""
fi fi
@ -618,29 +617,38 @@ fi
## Magic search Fu ## Magic search Fu
## Web link format? ## Web link format ("--www")?
if [[ "${WEBLINK}" -eq 1 ]]; then if [[ "${WEBLINK}" -eq 1 ]]; then
OUTPUT="$( awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, "https://www.exploit-db.com/exploits/"$1"/"}' "${csvpath}" \ OUTPUT="$( eval ${SEARCH} \
| eval "${SEARCH}" )" | awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, "https://www.exploit-db.com/exploits/"$1"/"}' )"
## Just the EDB-ID? ## Just the EDB-ID ("--id")?
elif [[ "${EDBID}" -eq 1 ]]; then elif [[ "${EDBID}" -eq 1 ]]; then
OUTPUT="$( awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $1}' "${csvpath}" \ OUTPUT="$( eval ${SEARCH} \
| eval "${SEARCH}" )" | awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $1 }' )"
## Print JSON format (full options) ## Print JSON format (full options) ("--json")?
elif [[ "${JSON}" -eq 1 ]]; then elif [[ "${JSON}" -eq 1 ]]; then
OUTPUT="$( awk -F "\"*,\"*" '{ printf "\r\t\t'{'\"Exploit\":\"%s\",\"Path\":\"'${gitpath}/'%s\",\"EDB-ID\":%s},\n", $3, $2, $1}' "${csvpath}" \ OUTPUT="$( eval ${SEARCH} \
| eval "${SEARCH}" \ | awk -F "\"*,\"*" '{ printf "\r\t\t'{'\"Exploit\":\"%s\",\"Path\":\"'${gitpath}/'%s\",\"EDB-ID\":%s},\n", $3, $2, $1 }' \
| sed '$ s/,$//g' )" | sed '$ s/,$//g' )"
## Default view ## Default view
else else
OUTPUT="$( awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $2}' "${csvpath}" \ OUTPUT="$( eval ${SEARCH} \
| eval "${SEARCH}" \ | awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $2 }' \
| sed "s/| platforms/| ./" )" | sed "s/| platforms/| /" )"
fi fi
## Display colour highlights ("--colour")?
if [[ "${COLOUR_TAG}" ]] && [[ "${JSON}" -eq 0 ]]; then
OUTPUT=$( echo -e "${OUTPUT}" | eval ${COLOUR_TAG} )
fi
## Show content
echo "${OUTPUT}" echo "${OUTPUT}"
## Print footer if not in JSON
## Print footer if NOT in JSON ("--json")
if [[ "${JSON}" -eq 0 ]]; then if [[ "${JSON}" -eq 0 ]]; then
drawline drawline
## Print JSON footer ## Print JSON footer
@ -649,5 +657,6 @@ else
echo "}" echo "}"
fi fi
## Done ## Done
exit 0 exit 0