Getsploit: search and download exploits across an aggregated database

    When I was thinking about the further development vector of Vulners , I turned my attention to our older brothers - the Exploit-DB database . One of the main utilities in their arsenal is searchsploit . This is a console utility that allows you to search for exploits by user search queries and immediately get their source codes. It is the base part of Kali Linux.and operates on exploit data from the Exploit-DB database. What is the most “tasty”, that the utility can work with a local database and you can always take it with you. So what are we worse? We have collected in Vulners not only a collection of exploits from Exploit-DB, but also Packet Storm, 0day.today, Seebug, Zero Science Lab and many others. Well, let's invent a new bike with preference and poetesses.


    We look more closely at searchsploit


    And we see inside the bash script with a length of 711 lines. It downloads a copy of the data from the exploit-database public repository and searches for it already. But where is the Google-style syntax and other delights of modern search? Alas, in their approach there were pros and cons. The pros turned out to be able to find exploits by applicability criteria. Cons - rather poor functionality for inaccurate search. On this, the idea of ​​integrating with him was rejected and the decision to write his fork became dominant.


    What should getsploit do?


    To begin with, we will determine the functionality.


    • Search for exploits across the entire Vulners collection using Full Text Search and Lucene
    • Saving exploit source codes to disk
    • Offline search with local database
    • Cross-platform and minimum dependencies
    • Be open source

    Let there be code


    As a result, the utility was implemented in Python with compatibility from Python 2.6 to Python 3.6. I tried to keep the main keys identical to searchsploit so that I would not have to get used to it again.


    isox$ git clone https://github.com/vulnersCom/getsploit
    isox$ cd getsploit
    isox$ ./getsploit.py -h
    usage: Exploit search and download utility [-h] [-t] [-j] [-m] [-c COUNT] [-l]
                                               [-u]
                                               [query [query ...]]
    positional arguments:
      query                 Exploit search query. See https://vulners.com/help for
                            the detailed manual.
    optional arguments:
      -h, --help            show this help message and exit
      -t, --title           Search JUST the exploit title (Default is description
                            and source code).
      -j, --json            Show result in JSON format.
      -m, --mirror          Mirror (aka copies) search result exploit files to the
                            subdirectory with your search query name.
      -c COUNT, --count COUNT
                            Search limit. Default 10.
      -l, --local           Perform search in the local database instead of
                            searching online.
      -u, --update          Update getsploit.db database. Will be downloaded in
                            the script path.

    The basic search mechanics are based on the Vulners API. Thus, you will always get the latest data at the moment "here and now." Well, let's look for exploits for Wordpress?



    Pretty good, huh? Now let's try to limit us to the Packet Storm collection. The syntax of expressions completely matches the search line of the site and you can look at it on the help page.



    So, the exploits we need are found. Now they need to be saved for later use. To do this, use the "-m" switch. After that, the utility will create a folder with your search and load the exploits there.



    But what if we do not have an online internet connection? Remember this while it is still available and do "--update"!


    isox$ ./getsploit.py --update
    Downloading getsploit database archive. Please wait, it may take time. Usually around 5-10 minutes.
    219686398/219686398 [100.00%]
    Unpacking database.
    Database download complete. Now you may search exploits using --local key './getsploit.py -l wordpress 4.7'

    With this request, getsploit downloads the SQLite database with the entire collection of exploits. This is about 594 megabytes of data at the time of writing.


    Please note that if you compiled Python without sqlite3 support (which is rare in principle), then the local database, alas, will not work.


    Here I had to sacrifice compatibility for the sake of speed and the possibility of full-text search with the FTS4 SQLite module.


    But everything is not so bad, the bulk of Python assemblies by default comes with the sqlite3 module. Let's try to find exploits locally?



    Excellent! Now you can take along the entire collection of exploits with Vulners and use it offline without registration and SMS.


    And of course, the source code is on our GitHub .
    Pull requests are highly appreciated.


    Also popular now: