View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000069 | Kali Linux | New Tool Requests | public | 2013-03-13 23:39 | 2018-01-26 09:51 |
Reporter | sd | Assigned To | WiK | ||
Priority | normal | Severity | feature | Reproducibility | have not tried |
Status | closed | Resolution | no change required | ||
Summary | 0000069: Better script to search exploitdb | ||||
Description | Exploitdb.rb is a Ruby script that allows a user to search local exploitdb.csv files with fine tuned accuracy, see: https://github.com/jakl/hacks/blob/master/exploitdb.rb | ||||
Attached Files | exploitdb.rb (2,854 bytes)
#!/usr/bin/ruby require 'optparse' require 'csv' def main input = parseInput queries = input[:queries] csv = input[:csv] dump = input[:dump] begin matches = findMatches csv, queries rescue bad_csv = File.read csv, encoding: 'windows-1251:utf-8' File.open(csv, 'w') do |f| f.write bad_csv.gsub('\\"', '""') end matches = findMatches csv, queries end if dump and not matches.empty? puts `svn cat svn://svn.exploit-db.com/exploitdb/#{matches.last['file']}` else matches.each do |m| puts m.to_s end end end def parseInput queries = {} csv = false dump = false OptionParser.new do |opts| opts.banner = 'Usage: exploitdb.rb [options]' opts.separator '' opts.separator 'Required, one or more queries:' opts.on '--file FILE', 'platforms/windows/remote/' do |x| queries[:file] = x end opts.on '--description DESCRIPTION', 'wordpress, samba, apache..' do |x| queries[:description] = x end opts.on '--date DATE', 'YYYY-MM-DD' do |x| queries[:date] = x end opts.on '--author AUTHOR', 'kralor, romansoft..' do |x| queries[:author] = x end opts.on '--platform PLATFORM', 'windows, linux, solaris..' do |x| queries[:platform] = x end opts.on '--type TYPE', 'remote, local, dos..' do |x| queries[:type] = x end opts.on '--port PORT', '0, 80, 139..' do |x| queries[:port] = x end opts.on '--id ID', '1, 2.. Useful with --dump' do |x| queries[:id] = x end opts.separator 'Optional args:' opts.on '--dump', 'Dump code of last match. TIP: >> exploit_code' do |x| dump = x end opts.on '--csv CSV', 'Provide csv. WARNING: Will be auto-fixed' do |x| csv = x end end.parse! if queries.empty? #Must give a query to filter search results puts 'Use --help to view help' Process.exit end #Check if valid file is given and default to downloading new one csv ||= '/tmp/exploitdb.csv' csv = '/tmp/exploitdb.csv' unless File.exists? csv unless File.exists? csv !`which svn`.empty? or raise 'apt-get install subversion #We need to pull in a fresh csv' `svn export svn://svn.exploit-db.com/exploitdb/files.csv /tmp/exploitdb.csv` end {queries: queries, csv: csv, dump: dump} end def findMatches(csv, queries) matches = [] CSV.foreach csv, headers: true do |row| if queries[:id] #if id is specified ignore other queries if row['id'] == queries[:id] return [row] else next end end is_match = true queries.each do |option, value| next unless row[option.to_s] #skip empty properties, assume match is_match = false unless row[option.to_s].match /#{value}/i end matches.push row if is_match end matches end main | ||||
I wrote this command to query exploitdb via SVN. Often its faster and more precise than the web search. Let me know if this would be useful in kali, I'm jakl on github and twitter |
|
Working with jakl on a version without svn lookups to meet kali standards. Should be available soon. |
|
Doesn't work any more (uses SVN and not Git) |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2013-03-13 23:39 | sd | New Issue | |
2013-03-13 23:42 | jakl | Note Added: 0000082 | |
2013-03-15 19:31 | jakl | File Added: exploitdb.rb | |
2013-03-28 00:10 | WiK | Assigned To | => WiK |
2013-03-28 00:10 | WiK | Status | new => assigned |
2013-04-01 03:14 | WiK | Note Added: 0000294 | |
2018-01-26 09:51 | g0tmi1k | Status | assigned => closed |
2018-01-26 09:51 | g0tmi1k | Resolution | open => no change required |
2018-01-26 09:51 | g0tmi1k | Note Added: 0007880 |