-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathexploitSearchDB.py
116 lines (100 loc) · 4.24 KB
/
exploitSearchDB.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
#!/usr/bin/python
#-*-coding:utf-8-*-
#- exploit-finder Class
#- Copyright (C) 2015 GoldraK & Roger Serentill
# This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty
# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
# You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>
"""Exploit finder"""
__author__ = "GoldraK & Roger Serentill & Carlos A. Molina"
__credits__ = "GoldraK & Roger Serentill & Carlos A. Molina"
__version__ = "0.1.1"
__maintainer__ = "GoldraK & Roger Serentill & Carlos A. Molina"
__status__ = "Development"
from teco import color, style
from workWithBlackListWords import WorkWithBlackListWords
import csv,urllib
class ExploitSearchExploitDB():
def __init__(self):
self.fw = WorkWithBlackListWords()
self.exploits = {}
def update_database(self):
print color('cyan' , 'Downloading Database')
url = 'https://raw.githubusercontent.com/offensive-security/exploit-database/master/files.csv'
urllib.urlretrieve(url, "modules/exploit-finder/files.csv")
def ask4exploit(self, portInfo=None):
if portInfo == None:
newSearch = ""
while newSearch == "":
newSearch = raw_input('Find exploit: ')
else:
newSearch = portInfo
return newSearch
def searchExploit(self, newSearch):
dic_search = newSearch.split(" ")
exist_exploit = False
with open('modules/exploit-finder/files.csv') as csvfile:
reader = csv.DictReader(csvfile)
print color('cyan', 'Searching in exploit-db')
for row in reader:
flag = True
for x in dic_search:
if x.lower() not in row['description'].lower():
flag = False
break
if flag:
self.exploits.update({row['id']: row['file']})
print row['description'] + " --> " + color('azul', 'https://www.exploit-db.com/exploits/' + str(
row['id']) + '/') + " - " + color('rojo', 'ID: ' + str(row['id']))
exist_exploit = True
if exist_exploit == False:
self.exploits = {}
print color('rojo', "No searches for '" + newSearch + "' in exploit-db database \n")
return self.exploits.keys()
def askDownloadExploit(self):
download_exploit = ""
while download_exploit == "":
download_exploit = raw_input('Download exploit y/n?: ')
if download_exploit!='y' and download_exploit!='n':
download_exploit = ""
return download_exploit
def askExploitID(self):
download_exploit_id = ""
while download_exploit_id == "":
download_exploit_id = raw_input("Type exploit's ID: ")
if download_exploit_id not in self.exploits.keys():
print color('rojo', '\nInvalid Exploit ID\n')
download_exploit_id = ""
return download_exploit_id
def searchAgain(self, newSearch):
option = ''
while self.exploits.keys() == [] and option != '0':
option = self.fw.askMenu()
if option == '1':
newSearch = self.ask4exploit()
elif option == '2':
newSearch = self.fw.deleteWords2Search(newSearch)
if option != '0':
print "Searching '" + newSearch + "'"
self.searchExploit(newSearch)
def downloadStart(self, download_exploit_id):
file_name = self.exploits[download_exploit_id].split("/")[-1]
print color('cyan', 'Downloading exploit')
url = 'https://raw.githubusercontent.com/offensive-security/exploit-database/master/' + self.exploits[download_exploit_id]
urllib.urlretrieve(url, "modules/exploit-finder/exploits/" + file_name)
print color('cyan', 'Exploit downloaded')
def download_exploit(self):
if self.exploits.keys() != []:
download_exploit = self.askDownloadExploit()
if download_exploit == 'y':
download_exploit_id = self.askExploitID()
self.downloadStart(download_exploit_id)
def askSearchDownload(self, portInfo=None):
newSearch = self.ask4exploit(portInfo)
print "Searching '" + newSearch + "'"
self.searchExploit(newSearch)
self.searchAgain(newSearch)
self.download_exploit()