bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #91 from g0tmi1k/searchsploit

Browse source 
Add "--exclude" to remove values from results
This commit is contained in:
g0tmi1k 2017-06-15 11:55:46 +01:00 committed by GitHub
commit f7178c7641
2 changed files with 43 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -20,6 +20,7 @@ root@kali:~# searchsploit -h
searchsploit afd windows local searchsploit afd windows local
searchsploit -t oracle windows searchsploit -t oracle windows
searchsploit -p 39446 searchsploit -p 39446
searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"
For more examples, see the manual: https://www.exploit-db.com/searchsploit/ For more examples, see the manual: https://www.exploit-db.com/searchsploit/
@ -41,6 +42,9 @@ root@kali:~# searchsploit -h
--id Display the EDB-ID value rather than local path. --id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml). --nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations Use "-v" (verbose) to try even more combinations
--exclude="term" Remove values from results. By using "|" to separated you can chain multiple values.
e.g. --exclude="term1|term2|term3".
======= =======
Notes Notes
======= =======
@ -50,7 +54,7 @@ root@kali:~# searchsploit -h
* And/Or '-e' if you wish to filter results by using an exact match. * And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results. * Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions). * Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored. * When updating or displaying help, search terms will be ignored.
root@kali:~# root@kali:~#
root@kali:~# searchsploit afd windows local root@kali:~# searchsploit afd windows local

59
searchsploit
View file

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# Name: SearchSploit - Exploit-DB's CLI search tool # Name: SearchSploit - Exploit-DB's CLI search tool
# Version: 3.7.6 (Release date: 2017-06-13) # Version: 3.8 (Release date: 2017-06-14)
# Written by: Offensive Security, Unix-Ninja, and g0tmi1k # Written by: Offensive Security, Unix-Ninja, and g0tmi1k
# Homepage: https://github.com/offensive-security/exploit-database # Homepage: https://github.com/offensive-security/exploit-database
# Manual: https://www.exploit-db.com/searchsploit/ # Manual: https://www.exploit-db.com/searchsploit/
@ -9,7 +9,7 @@
# Exit code '0' means finished normally # Exit code '0' means finished normally
# Exit code '1' means something went wrong # Exit code '1' means something went wrong
# Exit code '2' means help screen # Exit code '2' means help screen
# Exit code '6' means updated exploitdb package (deb or git) # Exit code '6' means updated exploitdb package (APT or Git)
## OS settings (get the path of where the script is stored + database file) ## OS settings (get the path of where the script is stored + database file)
@ -40,6 +40,7 @@ XML=0
COLOUR_TAG="" COLOUR_TAG=""
TAGS="" TAGS=""
SEARCH="" SEARCH=""
EXCLUDE=""
CASE_TAG_GREP="-i" CASE_TAG_GREP="-i"
CASE_TAG_FGREP="tolower" CASE_TAG_FGREP="tolower"
AWK_SEARCH="" AWK_SEARCH=""
@ -60,16 +61,17 @@ LANG=C
function usage() function usage()
{ {
echo " Usage: ${progname} [options] term1 [term2] ... [termN]" echo " Usage: ${progname} [options] term1 [term2] ... [termN]"
echo echo ""
echo "==========" echo "=========="
echo " Examples " echo " Examples "
echo "==========" echo "=========="
echo " ${progname} afd windows local" echo " ${progname} afd windows local"
echo " ${progname} -t oracle windows" echo " ${progname} -t oracle windows"
echo " ${progname} -p 39446" echo " ${progname} -p 39446"
echo echo " ${progname} linux kernel 3.2 --exclude=\"(PoC)|/dos/\""
echo ""
echo " For more examples, see the manual: https://www.exploit-db.com/searchsploit/" echo " For more examples, see the manual: https://www.exploit-db.com/searchsploit/"
echo echo ""
echo "=========" echo "========="
echo " Options " echo " Options "
echo "=========" echo "========="
@ -88,6 +90,9 @@ function usage()
echo " --id Display the EDB-ID value rather than local path." echo " --id Display the EDB-ID value rather than local path."
echo " --nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml)." echo " --nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml)."
echo " Use \"-v\" (verbose) to try even more combinations" echo " Use \"-v\" (verbose) to try even more combinations"
echo " --exclude=\"term\" Remove values from results. By using \"|\" to separated you can chain multiple values."
echo " e.g. --exclude=\"term1|term2|term3\"."
echo ""
echo "=======" echo "======="
echo " Notes " echo " Notes "
echo "=======" echo "======="
@ -97,7 +102,7 @@ function usage()
echo " * And/Or '-e' if you wish to filter results by using an exact match." echo " * And/Or '-e' if you wish to filter results by using an exact match."
echo " * Use '-t' to exclude the file's path to filter the search results." echo " * Use '-t' to exclude the file's path to filter the search results."
echo " * Remove false positives (especially when searching using numbers - i.e. versions)." echo " * Remove false positives (especially when searching using numbers - i.e. versions)."
echo " * When updating from git or displaying help, search terms will be ignored." echo " * When updating or displaying help, search terms will be ignored."
echo "" echo ""
exit 2 exit 2
} }
@ -120,7 +125,7 @@ function update()
updatedbrew updatedbrew
fi fi
# Update via git # Update via Git
updategit updategit
# Done # Done
@ -131,7 +136,7 @@ function update()
## Update database (via .deb/apt) ## Update database (via .deb/apt)
function updatedeb() function updatedeb()
{ {
echo -e '[i] Updating via APT package management. Expect weekly-ish updates.\n' echo -e '[i] Updating via APT package management (Expect weekly-ish updates).\n'
sudo apt update \ sudo apt update \
|| echo -e '\n[-] Issue with apt update (Please check network connectivity & APT SourcesList values).' 1>&2 || echo -e '\n[-] Issue with apt update (Please check network connectivity & APT SourcesList values).' 1>&2
@ -153,17 +158,17 @@ function updatedbrew()
echo -e "\n[*] Brew update finished." echo -e "\n[*] Brew update finished."
} }
## Update database (via GIT) ## Update database (via Git)
function updategit() function updategit()
{ {
echo -e '[i] Updating via git. Expect daily updates.\n' echo -e '[i] Updating via Git (Expect daily updates).\n'
## Make sure we are in the correct folder ## Make sure we are in the correct folder
mkdir -p "${gitpath}/" \ mkdir -p "${gitpath}/" \
|| sudo mkdir -p "${gitpath}/" || sudo mkdir -p "${gitpath}/"
cd "${gitpath}/" cd "${gitpath}/"
## Are we in a git repo? ## Are we in a Git repo?
if [[ "$( git rev-parse --is-inside-work-tree )" != "true" ]]; then if [[ "$( git rev-parse --is-inside-work-tree )" != "true" ]]; then
if [[ "$( ls )" = "" ]]; then if [[ "$( ls )" = "" ]]; then
# If directory is empty, just clone # If directory is empty, just clone
@ -172,9 +177,9 @@ function updategit()
fi fi
fi fi
# Is our git remote added? (aka homebrew) # Is our Git remote added? (aka homebrew)
if [[ "$( git remote -v )" != *"${gitremote}"* ]]; then if [[ "$( git remote -v )" != *"${gitremote}"* ]]; then
echo -e '\n[i] Missing git remote:' "${gitremote}" echo -e '\n[i] Missing Git remote:' "${gitremote}"
git init >/dev/null git init >/dev/null
git remote add origin "${gitremote}" 2>/dev/null git remote add origin "${gitremote}" 2>/dev/null
fi fi
@ -404,14 +409,14 @@ for param in "$@"; do
SCASE=1 SCASE=1
elif [[ "${param}" == "--exact" ]]; then elif [[ "${param}" == "--exact" ]]; then
EXACT=1 EXACT=1
elif [[ "${param}" == "--examine" ]]; then elif [[ "${param}" == "--examine" ]] || [[ "${param}" == "--open" ]] || [[ "${param}" == "--view" ]]; then
GETPATH=1 GETPATH=1
EXAMINE=1 EXAMINE=1
elif [[ "${param}" == "--help" ]]; then elif [[ "${param}" == "--help" ]]; then
usage >&2 usage >&2
elif [[ "${param}" == "--json" ]]; then elif [[ "${param}" == "--json" ]]; then
JSON=1 JSON=1
elif [[ "${param}" == "--mirror" ]]; then elif [[ "${param}" == "--mirror" ]] || [[ "${param}" == "--copy" ]] || [[ "${param}" == "--dup" ]] || [[ "${param}" == "--duplicate" ]]; then
GETPATH=1 GETPATH=1
MIRROR=1 MIRROR=1
elif [[ "${param}" == "--overflow" ]]; then elif [[ "${param}" == "--overflow" ]]; then
@ -431,6 +436,8 @@ for param in "$@"; do
EDBID=1 EDBID=1
elif [[ "${param}" == "--nmap" ]]; then elif [[ "${param}" == "--nmap" ]]; then
XML=1 XML=1
elif [[ "${param}" =~ "--exclude=" ]]; then
EXCLUDE="$( echo "${param}" | cut -d '=' -f 2- )"
elif [[ "${param}" == "--verbose" ]]; then elif [[ "${param}" == "--verbose" ]]; then
VERBOSE=1 VERBOSE=1
else else
@ -478,7 +485,7 @@ fi
## Read in XML ## Read in XML
if [[ "${XML}" -eq 1 ]]; then if [[ "${XML}" -eq 1 ]]; then
## Trim white spaces ## Trim white spaces
FILE=$(echo ${TAGS} | xargs) FILE=$( echo ${TAGS} | xargs )
## Is there a file? ## Is there a file?
if [[ ! -f "${FILE}" ]]; then if [[ ! -f "${FILE}" ]]; then
@ -488,7 +495,7 @@ if [[ "${XML}" -eq 1 ]]; then
if ! hash xmllint 2>/dev/null; then if ! hash xmllint 2>/dev/null; then
echo -e '\n[!] Please install xmllint' 1>&2 echo -e '\n[!] Please install xmllint' 1>&2
echo -e '[i] Kali Linux -> apt install -y libxml2-utils' 1>&2 echo -e '[i] Kali Linux -> apt -y install libxml2-utils' 1>&2
exit 1 exit 1
fi fi
@ -506,13 +513,13 @@ fi
## Print the full path. If pbcopy/xclip is available then copy to the clipboard ## Print the full path. If pbcopy/xclip is available then copy to the clipboard
if [[ "${GETPATH}" -eq 1 ]]; then if [[ "${GETPATH}" -eq 1 ]]; then
for exploit in $(echo ${TAGS}); do for exploit in $( echo ${TAGS} ); do
## Get EDB-ID from input ## Get EDB-ID from input
edbdb="$( echo ${exploit} | rev | cut -d '/' -f1 | rev | cut -d'.' -f1 | tr -dc '0-9' )" edbdb="$( echo ${exploit} | rev | cut -d '/' -f1 | rev | cut -d'.' -f1 | tr -dc '0-9' )"
## Check files.csv ## Check files.csv
location=$( cut -d, -f2 "${csvpath}" | grep -m 1 -E "/${edbdb}(\..*)?$" ) location=$( cut -d ',' -f 2 "${csvpath}" | grep -m 1 -E "/${edbdb}(\..*)?$" )
title=$( grep -m 1 "${location}" "${csvpath}" | cut -d, -f3 | sed 's/"//g' ) title=$( grep -m 1 "${location}" "${csvpath}" | cut -d ',' -f 3 | sed 's/"//g' )
## Join paths ## Join paths
location="${gitpath}/${location}" location="${gitpath}/${location}"
@ -557,8 +564,8 @@ if [[ "${GETPATH}" -eq 1 ]]; then
fi fi
if [[ "${MIRROR}" -eq 1 ]]; then if [[ "${MIRROR}" -eq 1 ]]; then
cp -i "${location}" "$(pwd)/" cp -i "${location}" "$( pwd )/"
echo "Copied to '$(pwd)/'" echo "Copied to '$( pwd )/'"
echo -e "\n" echo -e "\n"
fi fi
else else
@ -596,7 +603,7 @@ fi
COL1=$(( $( tput cols ) - COL2 - 1 )) COL1=$(( $( tput cols ) - COL2 - 1 ))
## Remove leading space ## Remove leading space
TAGS="$(echo ${TAGS} | sed -e 's/^[[:space:]]//')" TAGS="$( echo ${TAGS} | sed -e 's/^[[:space:]]//' )"
## Print header if NOT in JSON ("--json") ## Print header if NOT in JSON ("--json")
if [[ "${JSON}" -eq 0 ]]; then if [[ "${JSON}" -eq 0 ]]; then
@ -666,6 +673,12 @@ fi
SEARCH="${SEARCH} | sed 's/\"//g'" SEARCH="${SEARCH} | sed 's/\"//g'"
## Remove any terms not wanted from the search
if [[ "${EXCLUDE}" ]]; then
SEARCH="${SEARCH} | grep -vEi '${EXCLUDE}'"
fi
## Magic search Fu ## Magic search Fu
## Web link format ("--www")? ## Web link format ("--www")?
if [[ "${WEBLINK}" -eq 1 ]]; then if [[ "${WEBLINK}" -eq 1 ]]; then