exploitdbee.py 1.0

[Fi8sVrs]

Easily search for exploits in BackTrack's exploitdb (files.csv).

Highlights:

• Search the exploitdb archive
  
• Case sensitive & insensitive
  
• Change output mode
  
• Automaticlly copy your exploits
  
• Requirements:
  
• python (tested with python 2.7.1 and 2.5.2)
  
• local exploitdb (pre-installed on BackTrack Linux)
  

Usage:

exploitdbee.py [-c] [-d path]

exploitdbee.py "windows 7" remote

exploitdbee.py -c Microsoft IIS -d /tmp

Options:

--version show program's version number and exit

-h, --help show this help message and exit

-c, --casesensitive switch to casesensitive

-v, --verbose detailed output

-d PATH, --destination=PATH path to copy exploits

#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# exploitdbee.py
# 
# Version: 1.0
# 
# Copyright (C) 2011  novacane novacane[at]dandies[dot]org
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

import sys
import os
import re
import shutil
from getpass import getpass
from optparse import OptionParser

def main(casesensitive, verbose, exploitpath, *args):

    exploitdbcsv = "/pentest/exploits/exploitdb/files.csv"

    if not os.path.isfile(exploitdbcsv):
        print "ERROR: EXPLOITDB DOESN'T EXIST"
        sys.exit(1)

    # Open the exploitdb.
    try:
        f = open(exploitdbcsv)
    except:
        print "ERROR: CAN'T OPEN EXPLOITDB - FILES.CSV"
        sys.exit(1)

    exploitlist = []

    # First: Search the exploitdb and save the results to a list.
    for line in f:
        if casesensitive:
            if re.search(re.escape(args[0][0]), line):
                exploitlist.append(line)
        elif not casesensitive:
            if re.search(re.escape(args[0][0]), line, re.I):
                exploitlist.append(line)

    # The number of loops is the number of arguments.
    i = 1
    arglen = len(args[0])

    # Second: Cleanup the initial list.
    # Loop through the list and remove all items which don't match the remaining argument(s).
    if arglen > 1:
        while True:
            # Make a copy of the list to iterate over it.
            for l in exploitlist[:]:
                if casesensitive:
                    if not re.search(re.escape(args[0][i]), l):
                        exploitlist.remove(l)
                elif not casesensitive:
                    if not re.search(re.escape(args[0][i]), l, re.I):
                        exploitlist.remove(l)
            i += 1
            if i == arglen: break

    # Output found exploits.
    for i in exploitlist:
        if verbose:
            print i.strip("\n")
        else:
            print i.split(",")[2] + "  =>  " + i.split(",")[1]
    print "\n"

    print str(len(exploitlist)) + " EXPLOITS FOUND."

    f.close()

    if not exploitpath:
        sys.exit()

    # Copy the exploits.
    while True:
        try:
            copyinput = raw_input("Copy exploits to destination? [y/n]: ")
            if copyinput == "y":
                if os.path.isdir(exploitpath):
                    try:
                        for i in exploitlist:
                            shutil.copy("/pentest/exploits/exploitdb/" + i.split(",")[1], exploitpath)
                    except:
                        print "ERROR: CAN'T COPY FILES TO DESTINATION"
                        sys.exit(1)
                else:
                    print "ERROR: DESTINATION DOESN'T EXIST"
                break
            elif copyinput == "n":
                print "BYE"
                sys.exit()
            else:
                print "ERROR: WRONG INPUT"
        except KeyboardInterrupt:
                print "\n"
                sys.exit(1)

if __name__ == '__main__':

    help_message = "\n\t[*] exploitdbee 1.0 [*]\n\t[*] by dandies.org  [*]\n\n\tTry: exploitdbee.py  --help\n"
    usage = "\n  %prog [-c] [-d path] <term1> <term2> <term3> <term...>\n  %prog \"windows 7\" remote \
            \n  %prog -c Microsoft IIS -d /tmp"
    parser = OptionParser(usage=usage, version="%prog 1.0")
    parser.add_option("-c", "--casesensitive", action="store_true",
                    dest="casesensitive", help="switch to casesensitive")
    parser.add_option("-v", "--verbose", action="store_true",
                    dest="verbose", help="detailed output")
    parser.add_option("-d", "--destination", metavar="PATH",
                    dest="exploitpath", help="path to copy exploits")

    (options, args) = parser.parse_args()

    if len(args) == 0:
        print help_message
        sys.exit(2)

    # Default values.
    if options.exploitpath:
        exploitpath = options.exploitpath
    else:
        exploitpath = ""
    if options.casesensitive:
        casesensitive = 1
    else:
        casesensitive = 0
    if options.verbose:
        verbose = 1
    else:
        verbose = 0

    main(casesensitive, verbose, exploitpath, args)

Download source

[co4ie]

Nu inteleg la ce foloseste... in backtrack ai si exploitdb search, mitre-cve, osvdb si securityfocus ... iar in msf ai aproximativ acelasi motor de cautare la exploituri !

Merci pt script oricum ...