bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add '--nmap' flag. Able to load from Nmap's XML output

Browse source
This commit is contained in:
g0tmi1k 2016-10-26 12:07:52 +01:00
parent 9a1da54ee2
commit f0efa2c25a
2 changed files with 210 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
README.md
View file

@ -13,9 +13,9 @@ Included with this repository is the **searchsploit** utility, which will allow
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
=========
==========
Examples
=========
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
@ -23,20 +23,21 @@ root@kali:~# searchsploit -h
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git)
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using .
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======

210
searchsploit
View file

@ -1,6 +1,6 @@
#!/bin/bash
# Name: SearchSploit - Exploit-DB's CLI search tool
# Version: 3.6.1 (Release date: 2016-09-20)
# Version: 3.7 (Release date: 2016-10-26)
# Written by: Offensive Security, Unix-Ninja & g0tmi1k
# Homepage: https://github.com/offensive-security/exploit-database
#
@ -33,7 +33,9 @@ JSON=0
MIRROR=0
OVERFLOW=0
SCASE=0
VERBOSE=0
WEBLINK=0
XML=0
COLOUR_TAG=""
TAGS=""
SEARCH=""
@ -60,21 +62,21 @@ function usage()
echo "========="
echo " Options "
echo "========="
echo " -c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe)."
echo " -e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies \"-t\"]."
echo " -h, --help Show this help screen."
echo " -j, --json [Term] Show result in JSON format."
echo " -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory."
echo " -o, --overflow [Term] Exploit titles are allowed to overflow their columns."
echo " -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible)."
echo " -t, --title [Term] Search JUST the exploit title (Default is title AND the file's path)."
echo " -u, --update Check for and install any exploitdb package updates (deb or git)"
echo " -w, --www [Term] Show URLs to Exploit-DB.com rather than the local path."
echo " -x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER."
echo " --colour Disable colour highlighting in search results."
echo " --id Display the EDB-ID value rather than local path."
echo
echo " -c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe)."
echo " -e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies \"-t\"]."
echo " -h, --help Show this help screen."
echo " -j, --json [Term] Show result in JSON format."
echo " -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory."
echo " -o, --overflow [Term] Exploit titles are allowed to overflow their columns."
echo " -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible)."
echo " -t, --title [Term] Search JUST the exploit title (Default is title AND the file's path)."
echo " -u, --update Check for and install any exploitdb package updates (deb or git)."
echo " -w, --www [Term] Show URLs to Exploit-DB.com rather than the local path."
echo " -x, --examine [EDB-ID] Examine (aka opens) the exploit using \$PAGER."
echo " --colour Disable colour highlighting in search results."
echo " --id Display the EDB-ID value rather than local path."
echo " --nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml)."
echo " Use \"-v\" (verbose) to try even more combinations"
echo "======="
echo " Notes "
echo "======="
@ -171,6 +173,145 @@ function drawline()
}
## Used in searchsploitout/nmap's XML
function validterm()
{
## Check to see if its any phrases which would give a TON of incorrect results
if [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "microsoft" ] \
|| [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "microsoft windows" ] \
|| [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "windows" ] \
|| [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "apache" ] \
|| [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "ftp" ] \
|| [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "http" ] \
|| [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "linux" ] \
|| [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "net" ] \
|| [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "network" ] \
|| [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "oracle" ] \
|| [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "ssh" ] \
|| [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "unknown" ]; then
echo -e "[-] Skipping term: ${1} (Term is too general. Please re-search manually: $0 ${arg} ${1})\n" 1>&2
return 1
fi
return 0
}
## Used in searchsploitout/nmap's XML
function searchsploitout()
{
## Make sure there is a value
if [ "${software}" = "" ]; then
return
fi
#echo "" 1>&2
arg="-t" ## Title search by default!
[[ "${JSON}" == "1" ]] && arg="${arg} --json"
[[ "${OVERFLOW}" == "1" ]] && arg="${arg} --overflow"
[[ "${WEBLINK}" == "1" ]] && arg="${arg} --www"
[[ "${COLOUR}" != "1" ]] && arg="${arg} --colour"
[[ "${EDBID}" == "1" ]] && arg="${arg} --id"
## Try and remove terms that could confuse searches
#software=$( echo "${software}" | sed 's_/_ _g' )
software=$( echo "${software}" | sed -e 's/[^a-zA-Z0-9]/ /g' )
if [[ "${VERBOSE}" -eq 1 ]]; then
## Loop each word?
tmp=""
for word in $( echo ${software} ); do
## Add current search term on
tmp="${tmp}${word} "
## Check to see if its any phrases which would give a TON of incorrect results
validterm "${tmp}" \
|| continue
## Feedback
echo "[i] $0 ${arg} ${tmp}" 1>&2
out=$( bash "$0" ${arg} ${tmp} )
## Are there too many result?
lines=$( echo -e "${out}" | wc -l )
if [[ "${lines}" -gt 100 ]]; then
echo -e "[-] Skipping output: ${tmp} (Too many results. Please re-search manually: $0 ${arg} ${tmp})\n" 1>&2
## Are there any result?
elif [[ "${lines}" -gt 6 ]]; then
echo -e "${out}\n\n"
## If there's no results
else
break
fi
done
## Padding between loops
echo -e "\n\n" 1>&2
else
## Check to see if its any phrases which would give a TON of incorrect results
validterm "${software}" \
|| return
## Feedback
echo "[i] $0 ${arg} ${software}" 1>&2
out=$( bash "$0" ${arg} ${software} )
## Are there too many result?
lines=$( echo -e "${out}" | wc -l )
if [[ "${lines}" -gt 100 ]]; then
echo -e "[-] Skipping output: ${software} (Too many results. Please re-search manually: $0 ${arg} ${software})\n" 1>&2
## Are there any result?
elif [[ "${lines}" -gt 6 ]]; then
echo -e "${out}\n\n"
fi
fi
}
## Read XML file
function nmapxml()
{
## Remove any old traces
rm -f /tmp/searchsploitout
## Feedback to the end user
echo -e "[i] Reading: '${FILE}'\n"
## Read in XMP (IP, name, service and version)
xmllint --xpath '//address/@addr|//service/@name|//service/@product|//service/@version' "${FILE}" \
| sed -e $'s/addr=/\\\n[IP] /g; s/name=/\\\n[NAME] /g; s/product=/\\\n[PRODUCT] /g;s/" version="/\\\n[VERSION] /g; s/"//g' \
| grep -v '\[IP\].*\:' \
| while read line; do
type=$( echo "${line}" | cut -d" " -f 1 )
input=$( echo "${line}" | cut -d" " -f 2- )
case "${type}" in
"[IP]")
#[[ "${VERBOSE}" -eq 1 ]] && echo -e "\n\n\e[32m[*] IP: ${input}\e[39m" 1>&2
;;
"[NAME]")
#searchsploitout
echo "${software}" >> /tmp/searchsploitout
software="${input}"
;;
"[PRODUCT]")
software="${input}"
;;
"[VERSION]")
software="${software} ${input}"
;;
esac
done
#searchsploitout
echo "${software}" >> /tmp/searchsploitout
## Read in from file (so there isn't any duplicates but unable to print out IPs)
cat /tmp/searchsploitout | tr '[:upper:]' '[:lower:]' | awk '!x[$0]++' | while read software; do
searchsploitout
done
}
## Check for empty args
if [[ $# -eq 0 ]]; then
usage >&2
@ -209,6 +350,10 @@ for param in "$@"; do
COLOUR=""
elif [[ "${param}" == "--id" ]]; then
EDBID=1
elif [[ "${param}" == "--nmap" ]]; then
XML=1
elif [[ "${param}" == "--verbose" ]]; then
VERBOSE=1
else
if [[ "${param:0:1}" == "-" ]]; then
ARGS=${ARGS}${param:1}
@ -221,7 +366,7 @@ done
## Parse short arguments
while getopts "cehjmoptuwx" arg "${ARGS}"; do
while getopts "cehjmnoptuvwx" arg "${ARGS}"; do
if [[ "${arg}" = "?" ]]; then
usage >&2;
fi
@ -231,10 +376,12 @@ while getopts "cehjmoptuwx" arg "${ARGS}"; do
h) usage >&2;;
j) JSON=1;;
m) GETPATH=1; MIRROR=1;;
n) XML=1;;
o) OVERFLOW=1;;
p) GETPATH=1; CLIPBOARD=1;;
t) FILEPATH=0;;
u) update;;
v) VERBOSE=1;;
w) WEBLINK=1;;
x) GETPATH=1; EXAMINE=1;;
esac
@ -249,6 +396,35 @@ if [[ ! -f "${csvpath}" ]]; then
fi
## Read in XML
if [[ "${XML}" -eq 1 ]]; then
## Trim white spaces
FILE=$(echo ${TAGS} | xargs)
## Is there a file?
if [[ ! -f "${FILE}" ]]; then
echo -e '\n[!] Could not find file:' ${FILE} 1>&2
exit 1
fi
if ! hash xmllint 2>/dev/null; then
echo -e '\n[!] Please install xmllint' 1>&2
echo -e '[i] Kali Linux -> apt install -y libxml2-utils' 1>&2
exit 1
fi
if [[ "${VERBOSE}" -ne 1 ]]; then
echo "[i] SearchSploit's XML mode (without verbose enabled)"
fi
## Do the magic
nmapxml
## Done
exit 0
fi
## Print the full path. If pbcopy/xclip is available then copy to the clipboard
if [[ "${GETPATH}" -eq 1 ]]; then
for exploit in $(echo ${TAGS}); do