bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'g0tmi1k-searchsploit'

Browse source
This commit is contained in:
Offensive Security 2015-06-11 13:41:52 +00:00
commit de9e875bbd
1 changed files with 202 additions and 118 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

320
searchsploit
View file

@ -1,156 +1,240 @@
#!/bin/bash #!/bin/bash
# exploitdb CLI search tool # Name: searchsploit - Exploit-DB's CLI search tool
# Version 3 # Version: 3.1 (Release date: 2015-06-11)
# Written by Unix-Ninja # Written by: Offensive Security, Unix-Ninja & g0tmi1k
# Homepage: https://github.com/offensive-security/exploit-database
gitremote=https://github.com/offensive-security/exploit-database.git ## NOTE:
gitpath=/usr/share/exploitdb # Exit code '0' means finished normally
csvpath=${gitpath}/files.csv # Exit code '6' means updated from GitHub
progname=`basename $0`
TAGS=
SCASE='-i' ## OS settings
gitpath="/usr/share/exploitdb"
csvpath="${gitpath}/files.csv"
## Program settings
gitremote="https://github.com/offensive-security/exploit-database.git"
progname="$( basename "$0" )"
## Default options
TAGS=""
SCASE="tolower"
UPDATE=0 UPDATE=0
VERBOSE=0 VERBOSE=0
WEBLINK=0
EDBID=0
COLOUR='true'
# NOTE:
# Exit code 0 means finished normally
# Exit code 6 means updated from github
# if files.csv is in the searchsploit path, use that ## If files.csv is in the searchsploit path, use that instead
if [ -f "$( dirname $0 )/files.csv" ]; then if [ -f "$( dirname "$0" )/files.csv" ]; then
csvpath="$( dirname $0 )/files.csv" csvpath="$( dirname "$0" )/files.csv"
fi fi
# usage info
## Usage info
function usage() function usage()
{ {
echo "Usage: $progname [options] term1 [term2] ... [termN]" echo "Usage: ${progname} [options] term1 [term2] ... [termN]"
echo "Example: $progname oracle windows local" echo "Example: ${progname} oracle windows local"
echo echo
echo "=========" echo "========="
echo " Options " echo " Options "
echo "=========" echo "========="
echo " -c Perform case-sensitive searches; by default, searches will" echo " -c, --case Perform case-sensitive searches. (default is insensitive)"
echo " try to be greedy" echo " -h, --help Show this help screen"
echo " -h, --help Show help screen" echo " -u, --update Update Database from GIT"
echo " -u Update db from git" echo " -v, --verbose Verbose output. (Title lines are allowed to overflow their columns)"
echo " -v By setting verbose output, description lines are allowed to" echo " -w, --www Show URLs to Exploit-DB.com rather than local path"
echo " overflow their columns" echo " --colour Disables colour highlighting on match"
echo echo " --id Display EDB-ID value rather than local path"
echo "=======" echo
echo " NOTES " echo "======="
echo "=======" echo " Notes "
echo " * Use any number of search terms you would like (minimum: 1)" echo "======="
echo " * Search terms are not case sensitive, and order is irrelevant" echo " * Use any number of search terms you would like (minimum: 1)"
echo " * When updating from git, searches will be ignored" echo " * Search terms are not case sensitive, and order is irrelevant"
exit 1 echo " * When updating from git, searches will be ignored"
exit 1
} }
# dynamically set column widths
COL2=35
COL1=$(( `tput cols` - $COL2 - 1 ))
# check for empty args ## Printing dotted lines in the correct manner
function drawline()
{
printf "%0.s-" $( eval echo {1..$(( COL1 + 1 ))} )
echo -n " "
printf "%0.s-" $( eval echo {1..$(( COL2 - 1 ))} )
echo
}
## Check for empty args
if [ $# -eq 0 ]; then if [ $# -eq 0 ]; then
usage >&2 usage >&2
fi fi
# parse long arguments
## Parse long arguments
ARGS="-" ARGS="-"
for param in $@; do for param in "$@"; do
if [ "$param" == "--help" ]; then if [ "${param}" == "--help" ]; then
usage >&2 usage >&2
else elif [ "${param}" == "--web" ]; then
if [ "${param:0:1}" == "-" ]; then WEBLINK=1
ARGS=$ARGS${param:1} elif [ "${param}" == "--case" ]; then
shift SCASE=''
continue elif [ "${param}" == "--update" ]; then
fi UPDATE=1
TAGS="$TAGS $param" elif [ "${param}" == "--verbose" ]; then
VERBOSE=1
elif [ "${param}" == "--id" ]; then
EDBID=1
elif [ "${param}" == "--colour" ] || [ "${param}" == "--color" ]; then
COLOUR=''
else
if [ "${param:0:1}" == "-" ]; then
ARGS=$ARGS${param:1}
shift
continue
fi fi
TAGS="${TAGS} ${param}"
fi
done done
# parse short arguments
while getopts "chuv" arg $ARGS; do ## Parse short arguments
if [ "$arg" = "?" ]; then while getopts "uchvw" arg "$ARGS"; do
usage >&2; if [ "$arg" = "?" ]; then
fi usage >&2;
case $arg in fi
c) SCASE='';; case $arg in
h) usage >&2;; c) SCASE='';;
u) UPDATE=1;; h) usage >&2;;
v) VERBOSE=1;; u) UPDATE=1;;
esac v) VERBOSE=1;;
shift $((OPTIND-1)) w) WEBLINK=1;;
esac
shift $(( OPTIND - 1 ))
done done
# was an update requested?
## Was an update requested?
if [ "$UPDATE" -eq 1 ]; then if [ "$UPDATE" -eq 1 ]; then
cd $gitpath cd ${gitpath}/
# make sure a git repo is init before updating
if [ "$(git rev-parse --is-inside-work-tree)" != "true" ]; then
if [ "$(ls)" = "" ]; then
#if directory is empty, just clone
git clone $gitremote .
else
# if not empty, init and add remote
git init > /dev/null
git remote add origin $gitremote
fi
fi
# make sure to prep checkout first
git checkout -- .
# update from github
git pull origin master
# if conflicts, clean and try again
if [ "$?" -ne 0 ]; then
git clean -d -fx ""
git pull origin master
fi
echo "Update finished." # Make sure a git repo is init before updating
exit 6 if [ "$( git rev-parse --is-inside-work-tree )" != "true" ]; then
if [ "$( ls )" = "" ]; then
# If directory is empty, just clone
git clone $gitremote .
else
# If not empty, init and add remote
git init > /dev/null
git remote add origin $gitremote
fi
fi
# Make sure to prep checkout first
git checkout -- .
# Update from git
git pull origin master
# If conflicts, clean and try again
if [ "$?" -ne 0 ]; then
git clean -d -fx ""
git pull origin master
fi
echo "Update finished."
exit 6
fi fi
# print header
printf "%0.s-" `eval echo {1..$(( $COL1 + 1 ))}`
echo -n " "
printf "%0.s-" `eval echo {1..$(( $COL2 - 1 ))}`
printf "%-${COL1}s %s" " Description" ## Dynamically set column widths
echo "| Path" if [[ ${WEBLINK} -eq '1' ]]; then
COL2=45
else
COL2=34
fi
COL1=$(( $( tput cols ) - COL2 - 1 ))
printf "%0.s-" `eval echo {1..$(( $COL1 + 1 ))}`
echo -n " "
printf "%0.s-" `eval echo {1..$(( $COL2 - 1 ))}`
echo
# create search command ## Print header
drawline
printf "%-${COL1}s %s" " Exploit Title"
if [[ ${WEBLINK} -eq '1' ]]; then
echo "| URL"
elif [[ ${EDBID} -eq '1' ]]; then
echo "| EDB-ID"
else
echo "| Path"
printf "%-${COL1}s "
echo "| (${gitpath}/platforms)"
fi
drawline
## Create (AND) search command
SEARCH= SEARCH=
for tag in $TAGS; do for tag in ${TAGS}; do
if [ "$SEARCH" ]; then if [ "${SEARCH}" ]; then
SEARCH="$SEARCH |" SEARCH="${SEARCH}/ && ${SCASE}(\$1) ~ /"
fi fi
SEARCH="$SEARCH fgrep $SCASE \"$tag\""
done
# set LANG variable to avoid illegal byte sequence errors in sed if [ "${COLOUR}" ]; then
COLOUR="${COLOUR}\|${tag}"
fi
if [[ ${SCASE} ]]; then
tag="$( echo ${tag} | tr '[:upper:]' '[:lower:]' )"
fi
SEARCH="${SEARCH}${tag}"
done
SEARCH="awk -F '[|]' '${SCASE}(\$1) ~ /${SEARCH}/ {print}'"
if [ "${COLOUR}" ]; then
SEARCH="${SEARCH} | grep --color=always -ie \"\${COLOUR}\""
fi
## Set LANG variable to avoid illegal byte sequence errors
LANG=C LANG=C
# search, format, and print results
if [ "$VERBOSE" -eq 0 ]; then ## Search, format, and print results
FORMAT=$COL1'.'$COL1 if [ "${VERBOSE}" -eq 0 ]; then
FORMAT=${COL1}'.'${COL1}
else else
FORMAT=$COL1 FORMAT=${COL1}
fi fi
cat $csvpath \
| eval $SEARCH \
| awk -F "\"*,\"*" '{ printf "%-'$FORMAT's | %s\n", $3, $2}' \
| sed " s/| platforms/| /" \
| eval $SEARCH
printf "%0.s-" `eval echo {1..$(( $COL1 + 1 ))}`
echo -n " "
printf "%0.s-" `eval echo {1..$(( $COL2 - 1 ))}`
## Web link format?
if [[ ${WEBLINK} -eq '1' ]]; then
## Magic search Fu
awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, "https://www.exploit-db.com/exploits/"$1"/"}' "${csvpath}" \
| eval "${SEARCH}" \
elif [[ ${EDBID} -eq '1' ]]; then
## Magic search Fu
awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $1}' "${csvpath}" \
| eval "${SEARCH}" \
else
## Magic search Fu
awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $2}' "${csvpath}" \
| eval "${SEARCH}" \
| sed "s/| platforms/| ./"
fi
## Print footer
drawline
## Done
exit 0 exit 0