156 lines
3.6 KiB
Bash
Executable file
156 lines
3.6 KiB
Bash
Executable file
#!/bin/bash
|
|
# exploitdb CLI search tool
|
|
# Version 3
|
|
# Written by Unix-Ninja
|
|
|
|
gitremote=https://github.com/offensive-security/exploit-database.git
|
|
gitpath=/usr/share/exploitdb
|
|
csvpath=${gitpath}/files.csv
|
|
progname=`basename $0`
|
|
TAGS=
|
|
SCASE='-i'
|
|
UPDATE=0
|
|
VERBOSE=0
|
|
|
|
# NOTE:
|
|
# Exit code 0 means finished normally
|
|
# Exit code 6 means updated from github
|
|
|
|
# if files.csv is in the searchsploit path, use that
|
|
if [ -f "$( dirname $0 )/files.csv" ]; then
|
|
csvpath="$( dirname $0 )/files.csv"
|
|
fi
|
|
|
|
# usage info
|
|
function usage()
|
|
{
|
|
echo "Usage: $progname [options] term1 [term2] ... [termN]"
|
|
echo "Example: $progname oracle windows local"
|
|
echo
|
|
echo "========="
|
|
echo " Options "
|
|
echo "========="
|
|
echo " -c Perform case-sensitive searches; by default, searches will"
|
|
echo " try to be greedy"
|
|
echo " -h, --help Show help screen"
|
|
echo " -u Update db from git"
|
|
echo " -v By setting verbose output, description lines are allowed to"
|
|
echo " overflow their columns"
|
|
echo
|
|
echo "======="
|
|
echo " NOTES "
|
|
echo "======="
|
|
echo " * Use any number of search terms you would like (minimum: 1)"
|
|
echo " * Search terms are not case sensitive, and order is irrelevant"
|
|
echo " * When updating from git, searches will be ignored"
|
|
exit 1
|
|
}
|
|
|
|
# dynamically set column widths
|
|
COL2=35
|
|
COL1=$(( `tput cols` - $COL2 - 1 ))
|
|
|
|
# check for empty args
|
|
if [ $# -eq 0 ]; then
|
|
usage >&2
|
|
fi
|
|
|
|
# parse long arguments
|
|
ARGS="-"
|
|
for param in $@; do
|
|
if [ "$param" == "--help" ]; then
|
|
usage >&2
|
|
else
|
|
if [ "${param:0:1}" == "-" ]; then
|
|
ARGS=$ARGS${param:1}
|
|
shift
|
|
continue
|
|
fi
|
|
TAGS="$TAGS $param"
|
|
fi
|
|
done
|
|
|
|
# parse short arguments
|
|
while getopts "chuv" arg $ARGS; do
|
|
if [ "$arg" = "?" ]; then
|
|
usage >&2;
|
|
fi
|
|
case $arg in
|
|
c) SCASE='';;
|
|
h) usage >&2;;
|
|
u) UPDATE=1;;
|
|
v) VERBOSE=1;;
|
|
esac
|
|
shift $((OPTIND-1))
|
|
done
|
|
|
|
# was an update requested?
|
|
if [ "$UPDATE" -eq 1 ]; then
|
|
cd $gitpath
|
|
# make sure a git repo is init before updating
|
|
if [ "$(git rev-parse --is-inside-work-tree)" != "true" ]; then
|
|
if [ "$(ls)" = "" ]; then
|
|
#if directory is empty, just clone
|
|
git clone $gitremote .
|
|
else
|
|
# if not empty, init and add remote
|
|
git init > /dev/null
|
|
git remote add origin $gitremote
|
|
fi
|
|
fi
|
|
# make sure to prep checkout first
|
|
git checkout -- .
|
|
# update from github
|
|
git pull origin master
|
|
# if conflicts, clean and try again
|
|
if [ "$?" -ne 0 ]; then
|
|
git clean -d -fx ""
|
|
git pull origin master
|
|
fi
|
|
|
|
echo "Update finished."
|
|
exit 6
|
|
fi
|
|
|
|
# print header
|
|
printf "%0.s-" `eval echo {1..$(( $COL1 + 1 ))}`
|
|
echo -n " "
|
|
printf "%0.s-" `eval echo {1..$(( $COL2 - 1 ))}`
|
|
|
|
printf "%-${COL1}s %s" " Description"
|
|
echo "| Path"
|
|
|
|
printf "%0.s-" `eval echo {1..$(( $COL1 + 1 ))}`
|
|
echo -n " "
|
|
printf "%0.s-" `eval echo {1..$(( $COL2 - 1 ))}`
|
|
echo
|
|
|
|
# create search command
|
|
SEARCH=
|
|
for tag in $TAGS; do
|
|
if [ "$SEARCH" ]; then
|
|
SEARCH="$SEARCH |"
|
|
fi
|
|
SEARCH="$SEARCH fgrep $SCASE \"$tag\""
|
|
done
|
|
|
|
# set LANG variable to avoid illegal byte sequence errors in sed
|
|
LANG=C
|
|
|
|
# search, format, and print results
|
|
if [ "$VERBOSE" -eq 0 ]; then
|
|
FORMAT=$COL1'.'$COL1
|
|
else
|
|
FORMAT=$COL1
|
|
fi
|
|
cat $csvpath \
|
|
| eval $SEARCH \
|
|
| awk -F "\"*,\"*" '{ printf "%-'$FORMAT's | %s\n", $3, $2}' \
|
|
| sed " s/| platforms/| /" \
|
|
| eval $SEARCH
|
|
|
|
printf "%0.s-" `eval echo {1..$(( $COL1 + 1 ))}`
|
|
echo -n " "
|
|
printf "%0.s-" `eval echo {1..$(( $COL2 - 1 ))}`
|
|
|
|
exit 0
|