Getsploit: search and download exploits across an aggregated database
When I was thinking about the further development vector of Vulners , I turned my attention to our older brothers - the Exploit-DB database . One of the main utilities in their arsenal is searchsploit . This is a console utility that allows you to search for exploits by user search queries and immediately get their source codes. It is the base part of Kali Linux.and operates on exploit data from the Exploit-DB database. What is the most “tasty”, that the utility can work with a local database and you can always take it with you. So what are we worse? We have collected in Vulners not only a collection of exploits from Exploit-DB, but also Packet Storm, 0day.today, Seebug, Zero Science Lab and many others. Well, let's invent a new bike with preference and poetesses.
We look more closely at searchsploit
And we see inside the bash script with a length of 711 lines. It downloads a copy of the data from the exploit-database public repository and searches for it already. But where is the Google-style syntax and other delights of modern search? Alas, in their approach there were pros and cons. The pros turned out to be able to find exploits by applicability criteria. Cons - rather poor functionality for inaccurate search. On this, the idea of integrating with him was rejected and the decision to write his fork became dominant.
What should getsploit do?
To begin with, we will determine the functionality.
- Search for exploits across the entire Vulners collection using Full Text Search and Lucene
- Saving exploit source codes to disk
- Offline search with local database
- Cross-platform and minimum dependencies
- Be open source
Let there be code
As a result, the utility was implemented in Python with compatibility from Python 2.6 to Python 3.6. I tried to keep the main keys identical to searchsploit so that I would not have to get used to it again.
isox$ git clone https://github.com/vulnersCom/getsploit
isox$ cd getsploit
isox$ ./getsploit.py -h
usage: Exploit search and download utility [-h] [-t] [-j] [-m] [-c COUNT] [-l]
[-u]
[query [query ...]]
positional arguments:
query Exploit search query. See https://vulners.com/help for
the detailed manual.
optional arguments:
-h, --help show this help message and exit
-t, --title Search JUST the exploit title (Default is description
and source code).
-j, --json Show result in JSON format.
-m, --mirror Mirror (aka copies) search result exploit files to the
subdirectory with your search query name.
-c COUNT, --count COUNT
Search limit. Default 10.
-l, --local Perform search in the local database instead of
searching online.
-u, --update Update getsploit.db database. Will be downloaded in
the script path.
The basic search mechanics are based on the Vulners API. Thus, you will always get the latest data at the moment "here and now." Well, let's look for exploits for Wordpress?
Pretty good, huh? Now let's try to limit us to the Packet Storm collection. The syntax of expressions completely matches the search line of the site and you can look at it on the help page.
So, the exploits we need are found. Now they need to be saved for later use. To do this, use the "-m" switch. After that, the utility will create a folder with your search and load the exploits there.
But what if we do not have an online internet connection? Remember this while it is still available and do "--update"!
isox$ ./getsploit.py --update
Downloading getsploit database archive. Please wait, it may take time. Usually around 5-10 minutes.
219686398/219686398 [100.00%]
Unpacking database.
Database download complete. Now you may search exploits using --local key './getsploit.py -l wordpress 4.7'
With this request, getsploit downloads the SQLite database with the entire collection of exploits. This is about 594 megabytes of data at the time of writing.
Please note that if you compiled Python without sqlite3 support (which is rare in principle), then the local database, alas, will not work.
Here I had to sacrifice compatibility for the sake of speed and the possibility of full-text search with the FTS4 SQLite module.
But everything is not so bad, the bulk of Python assemblies by default comes with the sqlite3 module. Let's try to find exploits locally?
Excellent! Now you can take along the entire collection of exploits with Vulners and use it offline without registration and SMS.
And of course, the source code is on our GitHub .
Pull requests are highly appreciated.