- searchsploit
http://www.exploit-db.com 을 콘솔 환경에서 검색 할 수 있는 툴이다.
|
files.csv platforms searchsploit |
|
|
exploitdb: /usr/share/exploitdb |
|
> exploitdb임을 확인 할 수 있다.
|
Usage: searchsploit [options] term1 [term2] ... [termN] ========== Examples ========== searchsploit afd windows local searchsploit -t oracle windows searchsploit -p 39446 searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/" For more examples, see the manual: https://www.exploit-db.com/searchsploit/ ========= Options ========= -c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe). -e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"]. -h, --help Show this help screen. -j, --json [Term] Show result in JSON format. -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory. -o, --overflow [Term] Exploit titles are allowed to overflow their columns. -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible). -t, --title [Term] Search JUST the exploit title (Default is title AND the file's path). -u, --update Check for and install any exploitdb package updates (deb or git). -w, --www [Term] Show URLs to Exploit-DB.com rather than the local path. -x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER. --colour Disable colour highlighting in search results. --id Display the EDB-ID value rather than local path. --nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml). Use "-v" (verbose) to try even more combinations --exclude="term" Remove values from results. By using "|" to separated you can chain multiple values. e.g. --exclude="term1|term2|term3". ======= Notes ======= * You can use any number of search terms. * Search terms are not case-sensitive (by default), and ordering is irrelevant. * Use '-c' if you wish to reduce results by case-sensitive searching. * And/Or '-e' if you wish to filter results by using an exact match. * Use '-t' to exclude the file's path to filter the search results. * Remove false positives (especially when searching using numbers - i.e. versions). * When updating or displaying help, search terms will be ignored. |
|
- 사용하기
# searchsploit oracle
|
--------------------------------------------- ---------------------------------- Exploit Title | Path | (/usr/share/exploitdb/platforms/) --------------------------------------------- ---------------------------------- Apache mod_session_crypto - Padding Oracle | multiple/webapps/40961.py Microsoft ASP.NET - Padding Oracle (MS10-070 | asp/remote/15213.pl Microsoft ASP.NET - Padding Oracle File Down | asp/remote/15265.rb ORACLE Business Process Management (Process | jsp/webapps/14369.txt OpenSSL - Padding Oracle in AES-NI CBC MAC C | multiple/dos/39768.txt Oracle (oidldapd connect) - Local Command Li | linux/local/183.c .... 중략 ..... |
|
# searchsploit oracle windows
|
--------------------------------------------- ---------------------------------- Exploit Title | Path | (/usr/share/exploitdb/platforms/) --------------------------------------------- ---------------------------------- Oracle - 'HtmlConverter.exe' Buffer Overflow | windows/local/39284.txt Oracle - Document Capture BlackIce DEVMODE E | windows/remote/9805.html Oracle - Document Capture Insecure READ Meth | windows/remote/16056.txt Oracle - Outside-In '.DOCX' File Parsing Mem | windows/dos/36788.txt Oracle - xdb.xdb_pitrig_pkg.PITRIG_DROPMETAD | windows/remote/18093.txt Oracle 10/11g - 'exp.exe?file' Local Buffer | windows/local/16169.py Oracle 10g (Windows x86) - 'PROCESS_DUP_HAND | win_x86/local/3451.c .... 중략 ..... |
|
# searchsploit oracle windows local
|
--------------------------------------------- ---------------------------------- Exploit Title | Path | (/usr/share/exploitdb/platforms/) --------------------------------------------- ---------------------------------- Oracle - 'HtmlConverter.exe' Buffer Overflow | windows/local/39284.txt Oracle 10/11g - 'exp.exe?file' Local Buffer | windows/local/16169.py Oracle 10g (Windows x86) - 'PROCESS_DUP_HAND | win_x86/local/3451.c Oracle 8/9i - DBSNMP Oracle Home Environment | windows/local/21044.c Oracle Database PL/SQL Statement - Multiple | windows/local/933.sql Oracle Database Server 10.1.0.2 - Buffer Ove | windows/local/932.sql Oracle Database Server 9i/10g - 'XML' Buffer | windows/local/1455.txt Oracle VM VirtualBox 5.0.32 r112930 (x64) - | win_x86-64/local/41908.txt Oracle VM VirtualBox Guest Additions 4.3.10r | windows/local/34333.rb --------------------------------------------- ---------------------------------- |
|
# cd /usr/share/exploitdb/platforms
# ls
|
aix bsdi_x86 irix macos palm_os solaris_sparc android cfm java minix perl solaris_x86 arm cgi json multiple php system_z ashx freebsd jsp netbsd_x86 plan9 tru64 asp freebsd_x86 lin_x86 netware python ultrix aspx freebsd_x86-64 lin_x86-64 nodejs qnx unix atheos generator linux novell ruby unixware beos hardware linux_crisv32 openbsd sco win_x86 bsd hp-ux linux_mips openbsd_x86 sco_x86 win_x86-64 bsd_ppc immunix linux_ppc osx sh4 windows bsd_x86 ios linux_sparc osx_ppc solaris xml |
|
# cd windows/local
# ls
|
10009.txt 15047.rb 18892.txt 30374.txt 39843.c 6030.py 10010.txt 15069.py 18905.rb 30392.rb 39845.txt 6031.asm 10039.txt 15081.rb 18914.py 30468.pl 39888.txt 6039.c 10084.txt 15094.py 18923.rb 30477.txt 39902.txt 6106.pl .... 중략 ..... |
|
> # searchsploit oracle windows local 에 표시한 부분과 같은 파일들이 모여있는 것을 확인할 수 있다.
- 코드 작성하기
# searchsploit windows
|
.... 중략 ..... Audio Lib Player - '.m3u' Buffer Overflow (S | windows/local/9610.py Audio Workstation - '.pls' Local Buffer Over | windows/local/10353.pl Audio Workstation 6.4.2.4.0 - '.pls' Univers | windows/local/10359.py Audio Workstation 6.4.2.4.3 - '.pls' Buffer | windows/local/10363.rb AudioCoder (.lst) - Buffer Overflow (Metaspl | windows/local/26523.rb AudioCoder - '.m3u' Buffer Overflow (Metaspl | windows/local/25296.rb AudioCoder 0.8.18 - Buffer Overflow (SEH) | windows/local/25141.rb AudioCoder 0.8.22 - '.lst' Direct Retn Buffe | windows/local/26448.py AudioCoder 0.8.22 - '.m3u' Buffer Overflow ( | windows/local/29309.pl .... 중략 ..... |
|
# cd /usr/share/exploitdb
# cat files.csv | head
|
id,file,description,date,author,platform,type,port 9,platforms/windows/dos/9.c,"Apache 2.x - Memory Leak Exploit",2003-04-09,"Matthew Murphy",windows,dos,0 37060,platforms/windows/dos/37060.html,"Microsoft Internet Explorer 11 - Crash (PoC) (1)",2015-05-19,Garage4Hackers,windows,dos,0 11,platforms/linux/dos/11.c,"Apache 2.0.44 (Linux) - Remote Denial of Service",2003-04-11,"Daniel Nystram",linux,dos,0 13,platforms/windows/dos/13.c,"Chindi Server 1.0 - Denial of Service",2003-04-18,"Luca Ercoli",windows,dos,0 17,platforms/windows/dos/17.pl,"Xeneo Web Server 2.2.9.0 - Denial of Service",2003-04-22,"Tom Ferris",windows,dos,0 22,platforms/windows/dos/22.c,"Pi3Web 2.0.1 - Denial of Service (PoC)",2003-04-29,aT4r,windows,dos,0 35,platforms/windows/dos/35.c,"Microsoft IIS 5.0 < 5.1 - Remote Denial of Service",2003-05-31,Shachank,windows,dos,0 59,platforms/hardware/dos/59.c,"Cisco IOS - IPv4 Packets Denial of Service",2003-07-18,l0cK,hardware,dos,0 60,platforms/hardware/dos/60.c,"Cisco IOS - 'cisco-bug-44020.c' IPv4 Packet Denial of Service",2003-07-21,"Martin Kluge",hardware,dos,0 |
|
> 위의 searchsploit 으로 실행할 결과와 같은 내용이 들어있다.
> searchsploit 는 이 곳에서 찾아서 출력하는 명령어 이다.
[참고]
./searchsploit oracle windows local
> cat files.csv | grep -i oracle | grep -i windows | grep -i local ......
인자의 개수가 정해져 있지 않으므로 인자의 개수만큼 반복하여 변수에 붙혀주고
eval을 사용하여 실행한다.
> 출력값을 적절히 자르고 삭제하여 보기 좋게 출력한다.
# cp /usr/share/exploitdb/files.csv /root/bin/
> files.csv를 복사해서 같은 동작을 하는 스크립트를 작성해본다.
# vi searchsploit.sh
|
#!/bin/bash if [ $# -eq 0 ] ; then echo "Usage : $0 <name> <name> .... " exit 1 fi SEARCH="cat files.csv" NUM=1 while [ $NUM -le $# ] do SEARCH="$SEARCH | grep -i --color=always $`echo $NUM`" NUM=`expr $NUM + 1` done eval $SEARCH | awk -F, '{print substr($3,2,70)" | " $2}' | sed 's\platforms/\\g' |
|
> 기존의 툴처럼 보기 좋게 출력되진 않지만 같은 기능을 하는 스크립트를 작성했다.
'Security > 정보 수집' 카테고리의 다른 글
| Metasploitable V2 Linux 취약점 ( NFS 전체 공유 ) (0) | 2017.11.14 |
|---|---|
| Metasploitable V2 Linux 서버의 취약점 ( rCMD ) (0) | 2017.11.14 |
| [참고] 취약한 암호와 강력한 암호 (0) | 2017.11.14 |
| Password Attack ( xhydra ) (0) | 2017.11.14 |
| Password Crack ( John The Ripper) (0) | 2017.11.13 |
