Support multiple CSV & Fix JSON
This commit is contained in:
g0tmi1k
parent
a832be6ebb
commit
d509b5196d
2 changed files with 30 additions and 24 deletions
|
|
@ -7,10 +7,11 @@ Our repositories are:
|
|||
- Papers: [https://github.com/offensive-security/exploit-database-papers](https://github.com/offensive-security/exploit-database-papers)
|
||||
|
||||
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of [exploits](https://www.exploit-db.com/browse/), [shellcode](https://www.exploit-db.com/shellcode/) and [papers](https://www.exploit-db.com/papers/) gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and Proof-of-Concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
|
||||
You can learn more about the project [here (about)](https://www.exploit-db.com/about-exploit-db/) and [here (history)](https://www.exploit-db.com/history/).
|
||||
|
||||
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our [binary sploits repository](https://github.com/offensive-security/exploit-database-bin-sploits).
|
||||
|
||||
Exploits are located in the `/exploit/` directory, shellcodes can be found in the `/shellcode/` directory and `/files_papers.csv` is an [index file](https://github.com/offensive-security/exploit-database/blob/master/files.csv) for the whole archive.
|
||||
Exploits are located in the `/exploit/` directory, shellcodes can be found in the `/shellcode/` directory.
|
||||
|
||||
Included with this repository is the **SearchSploit** utility, which will allow you to search through exploits and shellcodes using one or more terms.
|
||||
For more information, please see the [SearchSploit manual](https://www.exploit-db.com/searchsploit/).
|
||||
|
|
|
|||
51
searchsploit
Normal file → Executable file
51
searchsploit
Normal file → Executable file
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash
|
||||
# Name: SearchSploit - Exploit-DB's CLI search tool
|
||||
# Version: 3.8.7 (Release date: 2017-11-27)
|
||||
# Version: 3.8.8 (Release date: 2017-11-28)
|
||||
# Written by: Offensive Security, Unix-Ninja, and g0tmi1k
|
||||
# Homepage: https://github.com/offensive-security/exploit-database
|
||||
# Manual: https://www.exploit-db.com/searchsploit/
|
||||
|
|
@ -14,7 +14,8 @@
|
|||
|
||||
## OS settings (get the path of where the script is stored + database file)
|
||||
gitpath="/opt/exploit-database"
|
||||
csvpath="${gitpath}/files.csv"
|
||||
csvpathexploits="${gitpath}/files_exploits.csv"
|
||||
csvpathshellcode="${gitpath}/files_shellcodes.csv"
|
||||
|
||||
|
||||
## Program settings
|
||||
|
|
@ -485,9 +486,12 @@ while getopts "cehjmnoptuvwx" arg "${ARGS}"; do
|
|||
done
|
||||
|
||||
|
||||
## If we cannot find files.csv
|
||||
if [[ ! -f "${csvpath}" ]]; then
|
||||
echo "[!] Could not find: ${csvpath}"
|
||||
## If we cannot find files_*.csv
|
||||
if [[ ! -f "${csvpathexploits}" ]]; then
|
||||
echo "[!] Could not find: ${csvpathexploits}"
|
||||
exit 1
|
||||
elif [[ ! -f "${csvpathshellcode}" ]]; then
|
||||
echo "[!] Could not find: ${csvpathshellcode}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
|
@ -527,9 +531,9 @@ if [[ "${GETPATH}" -eq 1 ]]; then
|
|||
## Get EDB-ID from input
|
||||
edbdb="$( echo ${exploit} | rev | cut -d '/' -f1 | rev | cut -d'.' -f1 | tr -dc '0-9' )"
|
||||
|
||||
## Check files.csv
|
||||
location=$( cut -d ',' -f 2 "${csvpath}" | grep -m 1 -E "/${edbdb}(\..*)?$" )
|
||||
title=$( grep -m 1 "${location}" "${csvpath}" | cut -d ',' -f 3 | sed 's/"//g' )
|
||||
## Check files_*.csv
|
||||
location=$( cut -d ',' -f 2 "${csvpathexploits}" "${csvpathshellcode}" | grep -m 1 -E "/${edbdb}(\..*)?$" )
|
||||
title=$( grep -m 1 "${location}" "${csvpathexploits}" "${csvpathshellcode}" | cut -d ',' -f 3 | sed 's/"//g' )
|
||||
|
||||
## Join paths
|
||||
location="${gitpath}/${location}"
|
||||
|
|
@ -634,19 +638,20 @@ else
|
|||
echo "{"
|
||||
printf "\t\"SEARCH\": \"${TAGS}\",\n"
|
||||
printf "\t\"DB_PATH\": \"${gitpath}\",\n"
|
||||
printf "\t\"RESULTS\": [\n"
|
||||
printf "\t\"RESULTS\": ["
|
||||
fi
|
||||
|
||||
|
||||
## JSON require full options
|
||||
if [[ "${JSON}" -eq 1 ]]; then
|
||||
## Read in id, title, path, type, date, platform separated between commas
|
||||
SEARCH="awk -F '[,]' '{print \$1\",\"\$3\",\"\$2\",\"\$4\",\"\$6\",\"\$7}' \"${csvpath}\""
|
||||
## Read in (id, title, path, date, author, type, platform) separated between commas
|
||||
SEARCH="awk -F '[,]' '{print \$1\",\"\$2\",\"\$3\",\"\$4\",\"\$5\",\"\$6\",\"\$7}' \"${csvpathexploits}\" \"${csvpathshellcode}\""
|
||||
else
|
||||
## Read in id, title and path, separated between commas (as these are the only visible fields)
|
||||
SEARCH="awk -F '[,]' '{print \$1\",\"\$3\",\"\$2}' \"${csvpath}\""
|
||||
## Read in (id, title, path) separated between commas (as these are the only visible fields)
|
||||
SEARCH="awk -F '[,]' '{print \$1\",\"\$2\",\"\$3}' \"${csvpathexploits}\" \"${csvpathshellcode}\""
|
||||
fi
|
||||
|
||||
|
||||
## EXACT search command ("-e")?
|
||||
if [[ "${EXACT}" -eq 1 ]]; then
|
||||
buildterms "${TAGS}"
|
||||
|
|
@ -692,36 +697,36 @@ fi
|
|||
## Magic search Fu
|
||||
## Print JSON format (full options) ("--json")?
|
||||
if [[ "${JSON}" -eq 1 ]]; then
|
||||
## Web link format ("--www")?
|
||||
## Web link format ("--json --www")?
|
||||
if [[ "${WEBLINK}" -eq 1 ]]; then
|
||||
OUTPUT="$( eval ${SEARCH} \
|
||||
| awk -F ',' '{ printf "\\r\\t\\t'{'\"Exploit\":\"%s\",\"URL\":\"https://www.exploit-db.com/exploits/%s/\"},\n", $2, $1 }' ) "
|
||||
## Just the EDB-ID ("--id")?
|
||||
| awk -F ',' '{ printf "\\n\\t\\t'{'\"Exploit Title\":\"%s\",\"URL\":\"https://www.exploit-db.com/exploits/%s/\"},", $3, $1 }' )"
|
||||
## Just the EDB-ID ("--json --id")?
|
||||
elif [[ "${EDBID}" -eq 1 ]]; then
|
||||
OUTPUT="$( eval ${SEARCH} \
|
||||
| awk -F ',' '{ printf "\\r\\t\\t'{'\"Exploit\":\"%s\",\"EDB-ID\":\"%s\"},\n", $2, $1 }' ) "
|
||||
## Default JSON
|
||||
| awk -F ',' '{ printf "\\n\\t\\t'{'\"Exploit Title\":\"%s\",\"EDB-ID\":\"%s\",\"Path\":\"'${gitpath}/'%s\"},", $3, $1, $2 }' )"
|
||||
## Default JSON ("--json")?
|
||||
else
|
||||
OUTPUT="$( eval ${SEARCH} \
|
||||
| awk -F ',' '{ printf "\\r\\t\\t'{'\"Exploit\":\"%s\",\"Platform\":\"%s\",\"Type\":\"%s\",\"Date\":\"%s\",\"Path\":\"'${gitpath}/'%s\",\"EDB-ID\":\"%s\"},\n", $2, $5, $6, $4, $3, $1 }' ) "
|
||||
| awk -F ',' '{ printf "\\n\\t\\t'{'\"Exploit Title\":\"%s\",\"EDB-ID\":\"%s\",\"Date\":\"%s\",\"Author\":\"%s\",\"Type\":\"%s\",\"Platform\":\"%s\",\"Path\":\"'${gitpath}/'%s\"},", $3, $1, $4, $5, $6, $7, $2 }' )"
|
||||
fi
|
||||
OUTPUT="$( echo -e ${OUTPUT} \
|
||||
| sort \
|
||||
| sed '$ s/,$//g' )"
|
||||
| sed '$ s/,$//' )"
|
||||
## Web link format ("--www")?
|
||||
elif [[ "${WEBLINK}" -eq 1 ]]; then
|
||||
OUTPUT="$( eval ${SEARCH} \
|
||||
| awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $2, "https://www.exploit-db.com/exploits/"$1"/"}' \
|
||||
| awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, "https://www.exploit-db.com/exploits/"$1"/"}' \
|
||||
| sort )"
|
||||
## Just the EDB-ID ("--id")?
|
||||
elif [[ "${EDBID}" -eq 1 ]]; then
|
||||
OUTPUT="$( eval ${SEARCH} \
|
||||
| awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $2, $1 }' \
|
||||
| awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, $1 }' \
|
||||
| sort )"
|
||||
## Default view
|
||||
else
|
||||
OUTPUT="$( eval ${SEARCH} \
|
||||
| awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $2, $3 }' \
|
||||
| awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, $2 }' \
|
||||
| sort )"
|
||||
fi
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue