#!/bin/bash
# exploitdb CLI search tool
# Version 2
# Written by Unix-Ninja

csvpath=/usr/share/exploitdb/files.csv
progname=`basename $0`
TAGS=
SCASE='-i'
VERBOSE=0

# if files.csv is in the searchsploit path, use that
if [ -f "$( dirname $0 )/files.csv" ]; then
    csvpath="$( dirname $0 )/files.csv"
fi

# usage info
function usage()
{
    echo "Usage: $progname [options] term1 [term2] ... [termN]"
    echo "Example: $progname oracle windows local"
    echo 
    echo "======="
    echo "Options"
    echo "======="
    echo
    echo "   -c                Perform case-sensitive searches; by default, searches will"
    echo "                      try to be greedy"
    echo "   -h, --help    Show help screen" 
    echo "   -v                By setting verbose output, description lines are allowed to"
    echo "                      overflow their columns"
    echo
    echo "*NOTES*"
    echo "Use any number of search terms you would like (minimum of one)."
    echo "Search terms are not case sensitive, and order is irrelevant."
    exit 1
}

# dynamically set column widths
COL2=35
COL1=$(( `tput cols` - $COL2 - 1 ))

# check for empty args
if [ $# -eq 0 ]; then
    usage >&2
fi

# parse long arguments
ARGS="-"
for param in $@; do
    if [ "$param" == "--help" ]; then
        usage >&2
    else
        if [ "${param:0:1}" == "-" ]; then
            ARGS=$ARGS${param:1}
            shift
            continue
        fi
        TAGS="$TAGS $param"
    fi
done

# parse short arguments
while getopts "chv" arg $ARGS; do
    if [ "$arg" = "?" ]; then
        usage >&2;
    fi
    case $arg in
        c) SCASE='';;
        h) usage >&2;;
        v) VERBOSE=1;;
    esac
    shift $((OPTIND-1))
done

# print header
printf "%-${COL1}s %s" " Description"
echo "   Path"
printf "%0.s-" `eval echo {1..$(( $COL1 + 1 ))}`
echo -n " "
printf "%0.s-" `eval echo {1..$(( $COL2 - 1 ))}`
echo

# create search command
SEARCH=
for tag in $TAGS; do
    if [ "$SEARCH" ]; then
        SEARCH="$SEARCH |"
    fi
    SEARCH="$SEARCH fgrep $SCASE \"$tag\""
done

# set LANG variable to avoid illegal byte sequence errors in sed
LANG=C

# search, format, and print results
if [ "$VERBOSE" -eq 0 ]; then
    FORMAT=$COL1'.'$COL1
else
    FORMAT=$COL1
fi
    cat $csvpath \
    | eval $SEARCH \
    | awk -F "\"*,\"*" '{ printf "%-'$FORMAT's | %s\n", $3, $2}' \
    | sed "   s/| platforms/| /" \
    | eval $SEARCH
exit 0