From d509b5196d950250b43bcb0459b1751edab77300 Mon Sep 17 00:00:00 2001
From: g0tmi1k <have.you.g0tmi1k@gmail.com>
Date: Tue, 28 Nov 2017 19:09:33 +0000
Subject: [PATCH] Support multiple CSV & Fix JSON

---
 README.md    |  3 ++-
 searchsploit | 51 ++++++++++++++++++++++++++++-----------------------
 2 files changed, 30 insertions(+), 24 deletions(-)
 mode change 100644 => 100755 searchsploit

diff --git a/README.md b/README.md
index a3b2fb23f..2f307f1b7 100644
--- a/README.md
+++ b/README.md
@@ -7,10 +7,11 @@ Our repositories are:
   - Papers: [https://github.com/offensive-security/exploit-database-papers](https://github.com/offensive-security/exploit-database-papers)
 
 The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of [exploits](https://www.exploit-db.com/browse/), [shellcode](https://www.exploit-db.com/shellcode/) and [papers](https://www.exploit-db.com/papers/) gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and Proof-of-Concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
+You can learn more about the project [here (about)](https://www.exploit-db.com/about-exploit-db/) and [here (history)](https://www.exploit-db.com/history/).
 
 This repository is updated daily with the most recently added submissions. Any additional resources can be found in our [binary sploits repository](https://github.com/offensive-security/exploit-database-bin-sploits).
 
-Exploits are located in the `/exploit/` directory, shellcodes can be found in the `/shellcode/` directory and `/files_papers.csv` is an [index file](https://github.com/offensive-security/exploit-database/blob/master/files.csv) for the whole archive.
+Exploits are located in the `/exploit/` directory, shellcodes can be found in the `/shellcode/` directory.
 
 Included with this repository is the **SearchSploit** utility, which will allow you to search through exploits and shellcodes using one or more terms.
 For more information, please see the [SearchSploit manual](https://www.exploit-db.com/searchsploit/).
diff --git a/searchsploit b/searchsploit
old mode 100644
new mode 100755
index edef30220..8648e9ce7
--- a/searchsploit
+++ b/searchsploit
@@ -1,6 +1,6 @@
 #!/bin/bash
 #       Name: SearchSploit - Exploit-DB's CLI search tool
-#    Version: 3.8.7 (Release date: 2017-11-27)
+#    Version: 3.8.8 (Release date: 2017-11-28)
 # Written by: Offensive Security, Unix-Ninja, and g0tmi1k
 #   Homepage: https://github.com/offensive-security/exploit-database
 #     Manual: https://www.exploit-db.com/searchsploit/
@@ -14,7 +14,8 @@
 
 ## OS settings (get the path of where the script is stored + database file)
 gitpath="/opt/exploit-database"
-csvpath="${gitpath}/files.csv"
+csvpathexploits="${gitpath}/files_exploits.csv"
+csvpathshellcode="${gitpath}/files_shellcodes.csv"
 
 
 ## Program settings
@@ -485,9 +486,12 @@ while getopts "cehjmnoptuvwx" arg "${ARGS}"; do
 done
 
 
-## If we cannot find files.csv
-if [[ ! -f "${csvpath}" ]]; then
-  echo "[!] Could not find: ${csvpath}"
+## If we cannot find files_*.csv
+if [[ ! -f "${csvpathexploits}" ]]; then
+  echo "[!] Could not find: ${csvpathexploits}"
+  exit 1
+elif [[ ! -f "${csvpathshellcode}" ]]; then
+  echo "[!] Could not find: ${csvpathshellcode}"
   exit 1
 fi
 
@@ -527,9 +531,9 @@ if [[ "${GETPATH}" -eq 1 ]]; then
     ## Get EDB-ID from input
     edbdb="$( echo ${exploit} | rev | cut -d '/' -f1 | rev | cut -d'.' -f1 | tr -dc '0-9' )"
 
-    ## Check files.csv
-    location=$( cut -d ',' -f 2 "${csvpath}" | grep -m 1 -E "/${edbdb}(\..*)?$" )
-    title=$( grep -m 1 "${location}" "${csvpath}" | cut -d ',' -f 3 | sed 's/"//g' )
+    ## Check files_*.csv
+    location=$( cut -d ',' -f 2 "${csvpathexploits}" "${csvpathshellcode}" | grep -m 1 -E "/${edbdb}(\..*)?$" )
+    title=$( grep -m 1 "${location}" "${csvpathexploits}" "${csvpathshellcode}" | cut -d ',' -f 3 | sed 's/"//g' )
 
     ## Join paths
     location="${gitpath}/${location}"
@@ -634,19 +638,20 @@ else
   echo "{"
   printf "\t\"SEARCH\": \"${TAGS}\",\n"
   printf "\t\"DB_PATH\": \"${gitpath}\",\n"
-  printf "\t\"RESULTS\": [\n"
+  printf "\t\"RESULTS\": ["
 fi
 
 
 ## JSON require full options
 if [[ "${JSON}" -eq 1 ]]; then
-  ## Read in id, title, path, type, date, platform separated between commas
-  SEARCH="awk -F '[,]' '{print \$1\",\"\$3\",\"\$2\",\"\$4\",\"\$6\",\"\$7}' \"${csvpath}\""
+  ## Read in (id, title, path, date, author, type, platform) separated between commas
+  SEARCH="awk -F '[,]' '{print \$1\",\"\$2\",\"\$3\",\"\$4\",\"\$5\",\"\$6\",\"\$7}' \"${csvpathexploits}\" \"${csvpathshellcode}\""
 else
-  ## Read in id, title and path, separated between commas (as these are the only visible fields)
-  SEARCH="awk -F '[,]' '{print \$1\",\"\$3\",\"\$2}' \"${csvpath}\""
+  ## Read in (id, title, path) separated between commas (as these are the only visible fields)
+  SEARCH="awk -F '[,]' '{print \$1\",\"\$2\",\"\$3}' \"${csvpathexploits}\" \"${csvpathshellcode}\""
 fi
 
+
 ## EXACT search command ("-e")?
 if [[ "${EXACT}" -eq 1 ]]; then
  buildterms "${TAGS}"
@@ -692,36 +697,36 @@ fi
 ## Magic search Fu
 ## Print JSON format (full options) ("--json")?
 if [[ "${JSON}" -eq 1 ]]; then
-  ## Web link format ("--www")?
+  ## Web link format ("--json --www")?
   if [[ "${WEBLINK}" -eq 1 ]]; then
     OUTPUT="$( eval ${SEARCH} \
-      | awk -F ',' '{ printf "\\r\\t\\t'{'\"Exploit\":\"%s\",\"URL\":\"https://www.exploit-db.com/exploits/%s/\"},\n", $2, $1 }' ) "
-  ## Just the EDB-ID ("--id")?
+      | awk -F ',' '{ printf "\\n\\t\\t'{'\"Exploit Title\":\"%s\",\"URL\":\"https://www.exploit-db.com/exploits/%s/\"},", $3, $1 }' )"
+  ## Just the EDB-ID ("--json --id")?
   elif [[ "${EDBID}" -eq 1 ]]; then
     OUTPUT="$( eval ${SEARCH} \
-      | awk -F ',' '{ printf "\\r\\t\\t'{'\"Exploit\":\"%s\",\"EDB-ID\":\"%s\"},\n", $2, $1 }' ) "
-  ## Default JSON
+      | awk -F ',' '{ printf "\\n\\t\\t'{'\"Exploit Title\":\"%s\",\"EDB-ID\":\"%s\",\"Path\":\"'${gitpath}/'%s\"},", $3, $1, $2 }' )"
+  ## Default JSON ("--json")?
   else
     OUTPUT="$( eval ${SEARCH} \
-      | awk -F ',' '{ printf "\\r\\t\\t'{'\"Exploit\":\"%s\",\"Platform\":\"%s\",\"Type\":\"%s\",\"Date\":\"%s\",\"Path\":\"'${gitpath}/'%s\",\"EDB-ID\":\"%s\"},\n", $2, $5, $6, $4, $3, $1 }' ) "
+      | awk -F ',' '{ printf "\\n\\t\\t'{'\"Exploit Title\":\"%s\",\"EDB-ID\":\"%s\",\"Date\":\"%s\",\"Author\":\"%s\",\"Type\":\"%s\",\"Platform\":\"%s\",\"Path\":\"'${gitpath}/'%s\"},", $3, $1, $4, $5, $6, $7, $2 }' )"
   fi
   OUTPUT="$( echo -e ${OUTPUT} \
     | sort \
-    | sed '$ s/,$//g' )"
+    | sed '$ s/,$//' )"
 ## Web link format ("--www")?
 elif [[ "${WEBLINK}" -eq 1 ]]; then
   OUTPUT="$( eval ${SEARCH} \
-    | awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $2, "https://www.exploit-db.com/exploits/"$1"/"}' \
+    | awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, "https://www.exploit-db.com/exploits/"$1"/"}' \
     | sort )"
 ## Just the EDB-ID ("--id")?
 elif [[ "${EDBID}" -eq 1 ]]; then
   OUTPUT="$( eval ${SEARCH} \
-    | awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $2, $1 }' \
+    | awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, $1 }' \
     | sort )"
 ## Default view
 else
   OUTPUT="$( eval ${SEARCH} \
-    | awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $2, $3 }' \
+    | awk -F ',' '{ printf "%-'${FORMAT}'s | %s\n", $3, $2 }' \
     | sort )"
 fi