exploitdbee.py 1.0

Easily search for exploits in BackTrack's exploitdb (files.csv).

Highlights:
Search the exploitdb archive
Case sensitive & insensitive
Change output mode
Automaticlly copy your exploits
Requirements:
python (tested with python 2.7.1 and 2.5.2)
local exploitdb (pre-installed on BackTrack Linux)

Usage:

exploitdbee.py [-c] [-d path] 
exploitdbee.py "windows 7" remote 
exploitdbee.py -c Microsoft IIS -d /tmp  

 

Options:
--version show program's version number and exit
-h, --help show this help message and exit
-c, --casesensitive switch to casesensitive
-v, --verbose detailed output
-d PATH, --destination=PATH path to copy exploits

Code:

#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# exploitdbee.py
# 
# Version: 1.0
# 
# Copyright (C) 2011  novacane novacane[at]dandies[dot]org
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

import sys
import os
import re
import shutil
from getpass import getpass
from optparse import OptionParser

def main(casesensitive, verbose, exploitpath, *args):
    
    exploitdbcsv = "/pentest/exploits/exploitdb/files.csv"

    if not os.path.isfile(exploitdbcsv):
        print "ERROR: EXPLOITDB DOESN'T EXIST"
        sys.exit(1)
    
    # Open the exploitdb.
    try:
        f = open(exploitdbcsv)
    except:
        print "ERROR: CAN'T OPEN EXPLOITDB - FILES.CSV"
        sys.exit(1)

    exploitlist = []
    
    # First: Search the exploitdb and save the results to a list.
    for line in f:
        if casesensitive:
            if re.search(re.escape(args[0][0]), line):
                exploitlist.append(line)
        elif not casesensitive:
            if re.search(re.escape(args[0][0]), line, re.I):
                exploitlist.append(line)

    # The number of loops is the number of arguments.
    i = 1
    arglen = len(args[0])
    
    # Second: Cleanup the initial list.
    # Loop through the list and remove all items which don't match the remaining argument(s).
    if arglen > 1:
        while True:
            # Make a copy of the list to iterate over it.
            for l in exploitlist[:]:
                if casesensitive:
                    if not re.search(re.escape(args[0][i]), l):
                        exploitlist.remove(l)
                elif not casesensitive:
                    if not re.search(re.escape(args[0][i]), l, re.I):
                        exploitlist.remove(l)
            i += 1
            if i == arglen: break
    
    # Output found exploits.
    for i in exploitlist:
        if verbose:
            print i.strip("\n")
        else:
            print i.split(",")[2] + "  =>  " + i.split(",")[1]
    print "\n"
    
    print str(len(exploitlist)) + " EXPLOITS FOUND."
    
    f.close()
    
    if not exploitpath:
        sys.exit()
    
    # Copy the exploits.
    while True:
        try:
            copyinput = raw_input("Copy exploits to destination? [y/n]: ")
            if copyinput == "y":
                if os.path.isdir(exploitpath):
                    try:
                        for i in exploitlist:
                            shutil.copy("/pentest/exploits/exploitdb/" + i.split(",")[1], exploitpath)
                    except:
                        print "ERROR: CAN'T COPY FILES TO DESTINATION"
                        sys.exit(1)
                else:
                    print "ERROR: DESTINATION DOESN'T EXIST"
                break
            elif copyinput == "n":
                print "BYE"
                sys.exit()
            else:
                print "ERROR: WRONG INPUT"
        except KeyboardInterrupt:
                print "\n"
                sys.exit(1)

if __name__ == '__main__':
    
    help_message = "\n\t[*] exploitdbee 1.0[*]\n\t[*] by dandies.org[*]\n\n\tTry: exploitdbee.py  --help\n"
    usage = "\n  %prog [-c] [-d path] <term1> <term2> <term3> <term...>\n  %prog \"windows 7\" remote \
            \n  %prog -c Microsoft IIS -d /tmp"
    parser = OptionParser(usage=usage, version="%prog 1.0")
    parser.add_option("-c", "--casesensitive", action="store_true",
                    dest="casesensitive", help="switch to casesensitive")
    parser.add_option("-v", "--verbose", action="store_true",
                    dest="verbose", help="detailed output")
    parser.add_option("-d", "--destination", metavar="PATH",
                    dest="exploitpath", help="path to copy exploits")
    
    (options, args) = parser.parse_args()
    
    if len(args) == 0:
        print help_message
        sys.exit(2)

    # Default values.
    if options.exploitpath:
        exploitpath = options.exploitpath
    else:
        exploitpath = ""
    if options.casesensitive:
        casesensitive = 1
    else:
        casesensitive = 0
    if options.verbose:
        verbose = 1
    else:
        verbose = 0
    
    main(casesensitive, verbose, exploitpath, args)[Doar userii inregistrati pot vedea linkurile. ]