bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'searchsploit' of https://github.com/g0tmi1k/exploit-database

Browse source
This commit is contained in:
Offensive Security 2015-06-11 14:55:58 +00:00
commit c454787944
1 changed files with 79 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

125
searchsploit
View file

@ -25,10 +25,11 @@ VERBOSE=0
WEBLINK=0 WEBLINK=0
EDBID=0 EDBID=0
COLOUR='true' COLOUR='true'
FILEPATH=0
## If files.csv is in the searchsploit path, use that instead ## If files.csv is in the searchsploit path, use that instead
if [ -f "$( dirname "$0" )/files.csv" ]; then if [[ -f "$( dirname "$0" )/files.csv" ]]; then
csvpath="$( dirname "$0" )/files.csv" csvpath="$( dirname "$0" )/files.csv"
fi fi
@ -37,25 +38,32 @@ fi
function usage() function usage()
{ {
echo " Usage: ${progname} [options] term1 [term2] ... [termN]" echo " Usage: ${progname} [options] term1 [term2] ... [termN]"
echo "Example: ${progname} oracle windows local" echo "Example:"
echo " ${progname} afd windows local"
echo " ${progname} -f oracle windows remote"
echo echo
echo "=========" echo "========="
echo " Options " echo " Options "
echo "=========" echo "========="
echo " -c, --case Perform case-sensitive searches. (default is insensitive)" echo " -c, --case Perform case-sensitive searches (Default is insensitive)."
echo " -h, --help Show this help screen" echo " -f, --file Searches include file's path (Default is just the exploit title)."
echo " -u, --update Update Database from GIT" echo " -h, --help Show this help screen."
echo " -v, --verbose Verbose output. (Title lines are allowed to overflow their columns)" echo " -u, --update Update Database from git."
echo " -w, --www Show URLs to Exploit-DB.com rather than local path" echo " -v, --verbose Verbose output. Title lines are allowed to overflow their columns."
echo " --colour Disables colour highlighting on match" echo " -w, --www Show URLs to Exploit-DB.com rather than local path."
echo " --id Display EDB-ID value rather than local path" echo " --colour Disables colour highlighting on match."
echo " --id Display EDB-ID value rather than local path."
echo echo
echo "=======" echo "======="
echo " Notes " echo " Notes "
echo "=======" echo "======="
echo " * Use any number of search terms you would like (minimum: 1)" echo " * Use any number of search terms you would like (at least 1 value), in any order."
echo " * Search terms are not case sensitive, and order is irrelevant" echo " * Search terms are not case sensitive, and order is irrelevant."
echo " * When updating from git, searches will be ignored" echo " * Use '-c' if you wish to reduce results by case-sensitive searching."
echo "* Use '-f' to include the file's path to increase the search results."
echo " * Could possibly increase false positives (especially when searching numbers)."
echo " * When updating from git or displaying help, searches will be ignored."
echo ""
exit 1 exit 1
} }
@ -71,7 +79,7 @@ function drawline()
## Check for empty args ## Check for empty args
if [ $# -eq 0 ]; then if [[ $# -eq 0 ]]; then
usage >&2 usage >&2
fi fi
@ -79,23 +87,25 @@ fi
## Parse long arguments ## Parse long arguments
ARGS="-" ARGS="-"
for param in "$@"; do for param in "$@"; do
if [ "${param}" == "--help" ]; then if [[ "${param}" == "--help" ]]; then
usage >&2 usage >&2
elif [ "${param}" == "--web" ]; then elif [[ "${param}" == "--web" ]]; then
WEBLINK=1 WEBLINK=1
elif [ "${param}" == "--case" ]; then elif [[ "${param}" == "--case" ]]; then
SCASE='' SCASE=''
elif [ "${param}" == "--update" ]; then elif [[ "${param}" == "--update" ]]; then
UPDATE=1 UPDATE=1
elif [ "${param}" == "--verbose" ]; then elif [[ "${param}" == "--verbose" ]]; then
VERBOSE=1 VERBOSE=1
elif [ "${param}" == "--id" ]; then elif [[ "${param}" == "--id" ]]; then
EDBID=1 EDBID=1
elif [ "${param}" == "--colour" ] || [ "${param}" == "--color" ]; then elif [[ "${param}" == "--file" ]]; then
FILEPATH=1
elif [[ "${param}" == "--colour" ]] || [[ "${param}" == "--color" ]]; then
COLOUR='' COLOUR=''
else else
if [ "${param:0:1}" == "-" ]; then if [[ "${param:0:1}" == "-" ]]; then
ARGS=$ARGS${param:1} ARGS=${ARGS}${param:1}
shift shift
continue continue
fi fi
@ -105,34 +115,35 @@ done
## Parse short arguments ## Parse short arguments
while getopts "uchvw" arg "$ARGS"; do while getopts "uchvwf" arg "${ARGS}"; do
if [ "$arg" = "?" ]; then if [[ "${arg}" = "?" ]]; then
usage >&2; usage >&2;
fi fi
case $arg in case ${arg} in
c) SCASE='';; c) SCASE='';;
h) usage >&2;; h) usage >&2;;
u) UPDATE=1;; u) UPDATE=1;;
v) VERBOSE=1;; v) VERBOSE=1;;
w) WEBLINK=1;; w) WEBLINK=1;;
f) FILEPATH=1;;
esac esac
shift $(( OPTIND - 1 )) shift $(( OPTIND - 1 ))
done done
## Was an update requested? ## Was an update requested?
if [ "$UPDATE" -eq 1 ]; then if [[ "${UPDATE}" -eq 1 ]]; then
cd ${gitpath}/ cd "${gitpath}/"
# Make sure a git repo is init before updating # Make sure a git repo is init before updating
if [ "$( git rev-parse --is-inside-work-tree )" != "true" ]; then if [[ "$( git rev-parse --is-inside-work-tree )" != "true" ]]; then
if [ "$( ls )" = "" ]; then if [[ "$( ls )" = "" ]]; then
# If directory is empty, just clone # If directory is empty, just clone
git clone $gitremote . git clone "${gitremote}" .
else else
# If not empty, init and add remote # If not empty, init and add remote
git init > /dev/null git init > /dev/null
git remote add origin $gitremote git remote add origin "${gitremote}"
fi fi
fi fi
@ -143,7 +154,7 @@ if [ "$UPDATE" -eq 1 ]; then
git pull origin master git pull origin master
# If conflicts, clean and try again # If conflicts, clean and try again
if [ "$?" -ne 0 ]; then if [[ "$?" -ne 0 ]]; then
git clean -d -fx "" git clean -d -fx ""
git pull origin master git pull origin master
fi fi
@ -154,10 +165,10 @@ fi
## Dynamically set column widths ## Dynamically set column widths
if [[ ${WEBLINK} -eq '1' ]]; then if [[ "${WEBLINK}" -eq '1' ]]; then
COL2=45 COL2=45
else else
COL2=34 COL2=35
fi fi
COL1=$(( $( tput cols ) - COL2 - 1 )) COL1=$(( $( tput cols ) - COL2 - 1 ))
@ -165,9 +176,9 @@ COL1=$(( $( tput cols ) - COL2 - 1 ))
## Print header ## Print header
drawline drawline
printf "%-${COL1}s %s" " Exploit Title" printf "%-${COL1}s %s" " Exploit Title"
if [[ ${WEBLINK} -eq '1' ]]; then if [[ "${WEBLINK}" -eq '1' ]]; then
echo "| URL" echo "| URL"
elif [[ ${EDBID} -eq '1' ]]; then elif [[ "${EDBID}" -eq '1' ]]; then
echo "| EDB-ID" echo "| EDB-ID"
else else
echo "| Path" echo "| Path"
@ -179,23 +190,39 @@ drawline
## Create (AND) search command ## Create (AND) search command
SEARCH= SEARCH=
for tag in ${TAGS}; do for tag in ${TAGS}; do
if [ "${SEARCH}" ]; then
SEARCH="${SEARCH}/ && ${SCASE}(\$1) ~ /"
fi
if [ "${COLOUR}" ]; then if [[ "${COLOUR}" ]]; then
COLOUR="${COLOUR}\|${tag}" COLOUR="${COLOUR}\|${tag}"
fi fi
if [[ ${SCASE} ]]; then if [[ "${FILEPATH}" -eq 1 ]]; then
if [[ "${SCASE}" ]]; then
SCASE='-i'
fi
if [[ "${SEARCH}" ]]; then
SEARCH="${SEARCH} |"
fi
SEARCH="${SEARCH} fgrep ${SCASE} \"${tag}\""
else
if [[ "${SEARCH}" ]]; then
SEARCH="${SEARCH}/ && ${SCASE}(\$1) ~ /"
fi
if [[ "${SCASE}" ]]; then
tag="$( echo ${tag} | tr '[:upper:]' '[:lower:]' )" tag="$( echo ${tag} | tr '[:upper:]' '[:lower:]' )"
fi fi
SEARCH="${SEARCH}${tag}" SEARCH="${SEARCH}${tag}"
fi
done done
SEARCH="awk -F '[|]' '${SCASE}(\$1) ~ /${SEARCH}/ {print}'"
if [ "${COLOUR}" ]; then if [[ "${FILEPATH}" -ne 1 ]]; then
SEARCH="awk -F '[|]' '${SCASE}(\$1) ~ /${SEARCH}/ {print}'"
fi
if [[ "${COLOUR}" ]]; then
SEARCH="${SEARCH} | grep --color=always -ie \"\${COLOUR}\"" SEARCH="${SEARCH} | grep --color=always -ie \"\${COLOUR}\""
fi fi
@ -205,7 +232,7 @@ LANG=C
## Search, format, and print results ## Search, format, and print results
if [ "${VERBOSE}" -eq 0 ]; then if [[ "${VERBOSE}" -eq 0 ]]; then
FORMAT=${COL1}'.'${COL1} FORMAT=${COL1}'.'${COL1}
else else
FORMAT=${COL1} FORMAT=${COL1}
@ -213,16 +240,14 @@ fi
## Web link format? ## Web link format?
if [[ ${WEBLINK} -eq '1' ]]; then if [[ "${WEBLINK}" -eq '1' ]]; then
## Magic search Fu ## Magic search Fu
awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, "https://www.exploit-db.com/exploits/"$1"/"}' "${csvpath}" \ awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, "https://www.exploit-db.com/exploits/"$1"/"}' "${csvpath}" \
| eval "${SEARCH}" \ | eval "${SEARCH}"
elif [[ "${EDBID}" -eq '1' ]]; then
elif [[ ${EDBID} -eq '1' ]]; then
## Magic search Fu ## Magic search Fu
awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $1}' "${csvpath}" \ awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $1}' "${csvpath}" \
| eval "${SEARCH}" \ | eval "${SEARCH}"
else else
## Magic search Fu ## Magic search Fu
awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $2}' "${csvpath}" \ awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $2}' "${csvpath}" \