Add '--nmap' flag. Able to load from Nmap's XML output

2016-10-26 12:07:52 +01:00 · 2016-10-26 12:07:52 +01:00 · f0efa2c25a
commit f0efa2c25a
parent 9a1da54ee2
2 changed files with 210 additions and 33 deletions
--- a/README.md
+++ b/README.md
@ -13,9 +13,9 @@ Included with this repository is the **searchsploit** utility, which will allow
 root@kali:~# searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]
-=========
+==========
 Examples
-=========
+==========
  searchsploit afd windows local
  searchsploit -t oracle windows
  searchsploit -p 39446
@ -23,20 +23,21 @@ root@kali:~# searchsploit -h
 =========
 Options
 =========
-   -c, --case     [Term]    Perform a case-sensitive search (Default is inSEnsITiVe).
+   -c, --case     [Term]      Perform a case-sensitive search (Default is inSEnsITiVe).
-   -e, --exact    [Term]    Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
+   -e, --exact    [Term]      Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-   -h, --help               Show this help screen.
+   -h, --help                 Show this help screen.
-   -j, --json     [Term]    Show result in JSON format.
+   -j, --json     [Term]      Show result in JSON format.
-   -m, --mirror   [EDB-ID]  Mirror (aka copies) an exploit to the current working directory.
+   -m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory.
-   -o, --overflow [Term]    Exploit titles are allowed to overflow their columns.
+   -o, --overflow [Term]      Exploit titles are allowed to overflow their columns.
-   -p, --path     [EDB-ID]  Show the full path to an exploit (and also copies the path to the clipboard if possible).
+   -p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible).
-   -t, --title    [Term]    Search JUST the exploit title (Default is title AND the file's path).
+   -t, --title    [Term]      Search JUST the exploit title (Default is title AND the file's path).
-   -u, --update             Check for and install any exploitdb package updates (deb or git)
+   -u, --update               Check for and install any exploitdb package updates (deb or git).
-   -w, --www      [Term]    Show URLs to Exploit-DB.com rather than the local path.
+   -w, --www      [Term]      Show URLs to Exploit-DB.com rather than the local path.
-   -x, --examine  [EDB-ID]  Examine (aka opens) the exploit using .
+   -x, --examine  [EDB-ID]    Examine (aka opens) the exploit using $PAGER.
-       --colour             Disable colour highlighting in search results.
+       --colour               Disable colour highlighting in search results.
-       --id                 Display the EDB-ID value rather than local path.
+       --id                   Display the EDB-ID value rather than local path.
-
+       --nmap     [file.xml]  Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
                              Use "-v" (verbose) to try even more combinations
 =======
 Notes
 =======
--- a/210
+++ b/210
@ -1,6 +1,6 @@
 #!/bin/bash
 #       Name: SearchSploit - Exploit-DB's CLI search tool
-#    Version: 3.6.1 (Release date: 2016-09-20)
+#    Version: 3.7   (Release date: 2016-10-26)
 # Written by: Offensive Security, Unix-Ninja & g0tmi1k
 #   Homepage: https://github.com/offensive-security/exploit-database
 #
@ -33,7 +33,9 @@ JSON=0
 MIRROR=0
 OVERFLOW=0
 SCASE=0
 VERBOSE=0
 WEBLINK=0
 XML=0
 COLOUR_TAG=""
 TAGS=""
 SEARCH=""
@ -60,21 +62,21 @@ function usage()
  echo "========="
  echo " Options "
  echo "========="
-  echo "   -c, --case     [Term]    Perform a case-sensitive search (Default is inSEnsITiVe)."
+  echo "   -c, --case     [Term]      Perform a case-sensitive search (Default is inSEnsITiVe)."
-  echo "   -e, --exact    [Term]    Perform an EXACT match on exploit title (Default is AND) [Implies \"-t\"]."
+  echo "   -e, --exact    [Term]      Perform an EXACT match on exploit title (Default is AND) [Implies \"-t\"]."
-  echo "   -h, --help               Show this help screen."
+  echo "   -h, --help                 Show this help screen."
-  echo "   -j, --json     [Term]    Show result in JSON format."
+  echo "   -j, --json     [Term]      Show result in JSON format."
-  echo "   -m, --mirror   [EDB-ID]  Mirror (aka copies) an exploit to the current working directory."
+  echo "   -m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory."
-  echo "   -o, --overflow [Term]    Exploit titles are allowed to overflow their columns."
+  echo "   -o, --overflow [Term]      Exploit titles are allowed to overflow their columns."
-  echo "   -p, --path     [EDB-ID]  Show the full path to an exploit (and also copies the path to the clipboard if possible)."
+  echo "   -p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible)."
-  echo "   -t, --title    [Term]    Search JUST the exploit title (Default is title AND the file's path)."
+  echo "   -t, --title    [Term]      Search JUST the exploit title (Default is title AND the file's path)."
-  echo "   -u, --update             Check for and install any exploitdb package updates (deb or git)"
+  echo "   -u, --update               Check for and install any exploitdb package updates (deb or git)."
-  echo "   -w, --www      [Term]    Show URLs to Exploit-DB.com rather than the local path."
+  echo "   -w, --www      [Term]      Show URLs to Exploit-DB.com rather than the local path."
-  echo "   -x, --examine  [EDB-ID]  Examine (aka opens) the exploit using $PAGER."
+  echo "   -x, --examine  [EDB-ID]    Examine (aka opens) the exploit using \$PAGER."
-  echo "       --colour             Disable colour highlighting in search results."
+  echo "       --colour               Disable colour highlighting in search results."
-  echo "       --id                 Display the EDB-ID value rather than local path."
+  echo "       --id                   Display the EDB-ID value rather than local path."
-
+  echo "       --nmap     [file.xml]  Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml)."
-  echo
+  echo "                              Use \"-v\" (verbose) to try even more combinations"
  echo "======="
  echo " Notes "
  echo "======="
@ -171,6 +173,145 @@ function drawline()
 }
 ## Used in searchsploitout/nmap's XML
 function validterm()
 {
  ## Check to see if its any phrases which would give a TON of incorrect results
  if [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "microsoft" ] \
    || [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "microsoft windows" ] \
    || [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "windows" ] \
    || [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "apache" ] \
    || [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "ftp" ] \
    || [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "http" ] \
    || [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "linux" ] \
    || [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "net" ] \
    || [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "network" ] \
    || [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "oracle" ] \
    || [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "ssh" ] \
    || [ "$( echo ${1} | tr '[:upper:]' '[:lower:]' )" == "unknown" ]; then
    echo -e "[-] Skipping term: ${1}   (Term is too general. Please re-search manually: $0 ${arg} ${1})\n" 1>&2
    return 1
  fi
  return 0
 }
 ## Used in searchsploitout/nmap's XML
 function searchsploitout()
 {
  ## Make sure there is a value
  if [ "${software}" = "" ]; then
    return
  fi
  #echo "" 1>&2
  arg="-t"   ## Title search by default!
  [[ "${JSON}" == "1" ]] && arg="${arg} --json"
  [[ "${OVERFLOW}" == "1" ]] && arg="${arg} --overflow"
  [[ "${WEBLINK}" == "1" ]] && arg="${arg} --www"
  [[ "${COLOUR}" != "1" ]] && arg="${arg} --colour"
  [[ "${EDBID}" == "1" ]] && arg="${arg} --id"
  ## Try and remove terms that could confuse searches
  #software=$( echo "${software}" | sed 's_/_ _g' )
  software=$( echo "${software}" | sed -e 's/[^a-zA-Z0-9]/ /g' )
  if [[ "${VERBOSE}" -eq 1 ]]; then
    ## Loop each word?
    tmp=""
    for word in $( echo ${software} ); do
      ## Add current search term on
      tmp="${tmp}${word} "
      ## Check to see if its any phrases which would give a TON of incorrect results
      validterm "${tmp}" \
        || continue
      ## Feedback
      echo "[i] $0 ${arg} ${tmp}" 1>&2
      out=$( bash "$0" ${arg} ${tmp} )
      ## Are there too many result?
      lines=$( echo -e "${out}" | wc -l )
      if [[ "${lines}" -gt 100 ]]; then
        echo -e "[-] Skipping output: ${tmp}   (Too many results. Please re-search manually: $0 ${arg} ${tmp})\n" 1>&2
      ## Are there any result?
      elif [[ "${lines}" -gt 6 ]]; then
        echo -e "${out}\n\n"
      ## If there's no results
      else
        break
      fi
    done
    ## Padding between loops
    echo -e "\n\n" 1>&2
  else
    ## Check to see if its any phrases which would give a TON of incorrect results
    validterm "${software}" \
      || return
    ## Feedback
    echo "[i] $0 ${arg} ${software}" 1>&2
    out=$( bash "$0" ${arg} ${software} )
    ## Are there too many result?
    lines=$( echo -e "${out}" | wc -l )
    if [[ "${lines}" -gt 100 ]]; then
      echo -e "[-] Skipping output: ${software}   (Too many results. Please re-search manually: $0 ${arg} ${software})\n" 1>&2
    ## Are there any result?
    elif [[ "${lines}" -gt 6 ]]; then
      echo -e "${out}\n\n"
    fi
  fi
 }
 ## Read XML file
 function nmapxml()
 {
  ## Remove any old traces
  rm -f /tmp/searchsploitout
  ## Feedback to the end user
  echo -e "[i] Reading: '${FILE}'\n"
  ## Read in XMP (IP, name, service and version)
  xmllint --xpath '//address/@addr|//service/@name|//service/@product|//service/@version' "${FILE}" \
    | sed -e $'s/addr=/\\\n[IP] /g; s/name=/\\\n[NAME] /g; s/product=/\\\n[PRODUCT] /g;s/" version="/\\\n[VERSION] /g; s/"//g' \
    | grep -v '\[IP\].*\:' \
    | while read line; do
      type=$( echo "${line}" | cut -d" " -f 1 )
      input=$( echo "${line}" | cut -d" " -f 2- )
    case "${type}" in
      "[IP]")
        #[[ "${VERBOSE}" -eq 1 ]] && echo -e "\n\n\e[32m[*] IP: ${input}\e[39m" 1>&2
        ;;
      "[NAME]")
        #searchsploitout
        echo "${software}" >> /tmp/searchsploitout
        software="${input}"
        ;;
      "[PRODUCT]")
        software="${input}"
        ;;
      "[VERSION]")
        software="${software} ${input}"
        ;;
      esac
  done
  #searchsploitout
  echo "${software}" >> /tmp/searchsploitout
  ## Read in from file (so there isn't any duplicates but unable to print out IPs)
  cat /tmp/searchsploitout | tr '[:upper:]' '[:lower:]'  | awk '!x[$0]++' | while read software; do
    searchsploitout
  done
 }
 ## Check for empty args
 if [[ $# -eq 0 ]]; then
  usage >&2
@ -209,6 +350,10 @@ for param in "$@"; do
    COLOUR=""
  elif [[ "${param}" == "--id" ]]; then
    EDBID=1
  elif [[ "${param}" == "--nmap" ]]; then
    XML=1
  elif [[ "${param}" == "--verbose" ]]; then
    VERBOSE=1
  else
    if [[ "${param:0:1}" == "-" ]]; then
      ARGS=${ARGS}${param:1}
@ -221,7 +366,7 @@ done
 ## Parse short arguments
-while getopts "cehjmoptuwx" arg "${ARGS}"; do
+while getopts "cehjmnoptuvwx" arg "${ARGS}"; do
  if [[ "${arg}" = "?" ]]; then
    usage >&2;
  fi
@ -231,10 +376,12 @@ while getopts "cehjmoptuwx" arg "${ARGS}"; do
    h) usage >&2;;
    j) JSON=1;;
    m) GETPATH=1; MIRROR=1;;
    n) XML=1;;
    o) OVERFLOW=1;;
    p) GETPATH=1; CLIPBOARD=1;;
    t) FILEPATH=0;;
    u) update;;
    v) VERBOSE=1;;
    w) WEBLINK=1;;
    x) GETPATH=1; EXAMINE=1;;
  esac
@ -249,6 +396,35 @@ if [[ ! -f "${csvpath}" ]]; then
 fi
 ## Read in XML
 if [[ "${XML}" -eq 1 ]]; then
  ## Trim white spaces
  FILE=$(echo ${TAGS} | xargs)
  ## Is there a file?
  if [[ ! -f "${FILE}" ]]; then
    echo -e '\n[!] Could not find file:' ${FILE} 1>&2
    exit 1
  fi
  if ! hash xmllint 2>/dev/null; then
    echo -e '\n[!] Please install xmllint' 1>&2
    echo -e '[i] Kali Linux -> apt install -y libxml2-utils' 1>&2
    exit 1
  fi
  if [[ "${VERBOSE}" -ne 1 ]]; then
    echo "[i] SearchSploit's XML mode (without verbose enabled)"
  fi
  ## Do the magic
  nmapxml
  ## Done
  exit 0
 fi
 ## Print the full path. If pbcopy/xclip is available then copy to the clipboard
 if [[ "${GETPATH}" -eq 1 ]]; then
  for exploit in $(echo ${TAGS}); do