Un simple script en Perl para buscar,leer y descargar exploits en ExploitDB.
Tienen opciones para :
- Buscar y listar exploits
- Leer exploit con determinado ID
- Descargar exploit con determinado ID
- Descargar todos los exploits de determinado nombre
Un video con ejemplos de uso :
El codigo :
#!usr/bin/perl
#Exploit DB Manager 0.6
#(C) Doddy Hackman 2015
use LWP::UserAgent;
use Getopt::Long;
use Color::Output;
Color::Output::Init;
my @agents = (
'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0',
'Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14',
'Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1667.0 Safari/537.36',
'Mozilla/5.0 (compatible; MSIE 10.6; Windows NT 6.1; Trident/5.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727) 3gpp-gba UNTRUSTED/1.0',
'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.8pre) Gecko/20070928 Firefox/2.0.0.7 Navigator/9.0RC1',
'Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US))',
'Mozilla/5.0 (Windows NT 6.0; rv:2.0) Gecko/20100101 Firefox/4.0 Opera 12.14',
'Mozilla/5.0 (Windows; U; Windows NT 6.1; tr-TR) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27'
);
my $nave = LWP::UserAgent->new();
$nave->agent( $agents[ rand @agents ] );
$nave->timeout(5);
GetOptions(
"search=s" => \$search,
"page=i" => \$page,
"read_exploit=s" => \$read_exploit,
"download=s" => \$download,
"file=s" => \$file,
"download_all=s" => \$download_all
);
my $directorio_down = "downloads";
unless ( -d $directorio_down ) {
mkdir( $directorio_down, "0777" );
chmod 0777, $directorio_down;
}
chdir($directorio_down);
head();
if ( $search ne "" ) {
if ( $page eq "" ) {
by_search( $search, "1" );
}
else {
by_search( $search, $page );
}
}
elsif ( $read_exploit ne "" ) {
by_read_exploit($read_exploit);
}
elsif ($download) {
if ($file) {
by_download( $download, $file );
}
else {
by_download( $download, "" );
}
}
elsif ($download_all) {
if ( $page ne "" ) {
by_download_all( $download_all, $page );
}
else {
by_download_all( $download_all, "1" );
}
}
else {
sintax();
}
copyright();
sub by_download_all {
my $query = $_[0];
my $page = $_[1];
printear_titulo("\n[+] Searching ...\n\n");
my $directorio = $query;
$directorio =~ s/\.//;
$directorio =~ s/\=//;
unless ( -d $directorio ) {
mkdir( $directorio, "0777" );
chmod 0777, $directorio;
}
chdir($directorio);
my $code =
toma( "http://www.exploit-db.com/search/?action=search&filter_page="
. $page
. "&filter_description="
. $query
. "&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve="
);
sleep(6);
my %links_to_download;
my @ids = "";
my @nombres = "";
my @links = "";
my @links_down = "";
while ( $code =~
/<a href="http:\/\/www.exploit-db.com\/exploits\/(.*?)">(.*?)<\/a>/migs
)
{
my $id = $1;
my $name = $2;
$name =~ s/<//;
$name =~ s/\<//;
$name =~ s/(\s)+$//;
my $link = "http://www.exploit-db.com/exploits/" . $id;
my $link_down = "http://www.exploit-db.com/download/" . $id;
push( @nombres, $name );
push( @ids, $id );
push( @links, $link );
push( @links_down, $link_down );
}
printear("[+] Exploits Found : ");
print int(@links) - 1 . "\n\n";
for my $num ( 1 .. int(@links) - 1 ) {
printear("[+] Title : ");
print $nombres[$num] . "\n";
printear("[+] Link : ");
print $links[$num] . "\n";
my $titulo = $nombres[$num];
$titulo =~ s/=//ig;
$titulo =~ s/\///ig;
$titulo = $titulo . ".txt";
printear("[+] Downloading ID : ");
print $ids[$num];
print "\n";
sleep(6);
if ( $nave->mirror( $links_down[$num], $titulo ) ) {
printear("[+] Status : ");
print "OK\n\n";
chmod 0777, $titulo;
}
else {
printear("[+] Status : ");
print "FAIL\n\n";
}
}
printear_titulo("[+] Finished\n");
}
sub by_download {
my $id = $_[0];
my $file = $_[1];
printear_titulo("\n[+] Downloading exploit ID : ");
print $id. "\n";
if ( $file ne "" ) {
if (
$nave->mirror(
"http://www.exploit-db.com/download/" . $id . "/", $file
)
)
{
printear( "\n[+] File '" . $file . "' Downloaded !\n" );
chmod 0777, $file;
}
else {
printear("\n[-] WTF !\n");
}
}
else {
my $code = toma( "http://www.exploit-db.com/exploits/" . $id . "/" );
if ( $code =~ /<h1 style="(.*?)">(.*?)<\/h1>/ ) {
my $titulo = $2;
my $exploit_name = $titulo;
$titulo =~ s/\.//;
$titulo =~ s/\=//;
$titulo = $titulo . ".txt";
sleep(6);
if (
$nave->mirror(
"http://www.exploit-db.com/download/" . $id . "/", $titulo
)
)
{
printear( "\n[+] File '" . $exploit_name . "' Downloaded !\n" );
chmod 0777, $titulo;
}
else {
printear("\n[-] WTF !\n");
}
}
}
}
sub by_read_exploit {
printear_titulo("\n[+] Searching ...\n\n");
my $id = $_[0];
my $code = toma( "http://www.exploit-db.com/exploits/" . $id . "/" );
my $source = toma( "http://www.exploit-db.com/download/" . $id . "/" );
if ( $code =~ /<h1 style="(.*?)">(.*?)<\/h1>/ ) {
my $titulo = $2;
printear("[+] Title : ");
print $titulo. "\n";
}
else {
printear("[-] WTF !\n");
}
if ( $code =~ /Author: (.*?)</ ) {
my $autor = $1;
printear("[+] Author : ");
print $autor. "\n";
}
if ( $code =~ /Published: (.*?)</ ) {
my $fecha = $1;
printear("[+] Published : ");
print $fecha. "\n";
}
if ( $code =~ /Vulnerable App: <a href="(.*?)">/ ) {
my $app = $1;
printear("[+] Vulnerable App : ");
print $app. "\n";
}
print "\n-------------------------------------\n";
printear($source);
print "-------------------------------------\n";
}
sub by_search {
my $query = $_[0];
my $page = $_[1];
printear_titulo("\n[+] Searching ...\n\n");
my $code =
toma( "http://www.exploit-db.com/search/?action=search&filter_page="
. $page
. "&filter_description="
. $query
. "&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve="
);
my @dates = "";
my @nombres = "";
my @tipos = "";
my @autores = "";
my @links = "";
while ( $code =~ /<td class="list_explot_date">(.*?)<\/td>/migs ) {
my $date = $1;
push( @dates, $date );
}
while ( $code =~
/<a href="http:\/\/www.exploit-db.com\/exploits\/(.*?)">(.*?)<\/a>/migs
)
{
my $id = $1;
my $name = $2;
$name =~ s/<//;
my $link = "http://www.exploit-db.com/exploits/" . $id;
push( @nombres, $name );
push( @links, $link );
}
while ( $code =~
/<a href="http:\/\/www.exploit-db.com\/platform\/(.*?)">(.*?)<\/a>/migs
)
{
my $type = $2;
push( @tipos, $type );
}
while ( $code =~
/<a href="http:\/\/www.exploit-db.com\/author\/(.*?)" title="(.*?)">/migs
)
{
my $autor = $2;
push( @autores, $autor );
}
printear("[+] Exploits Found : ");
print int(@links) - 1 . "\n";
for my $num ( 1 .. int(@links) - 1 ) {
printear("\n[+] Title : ");
print $nombres[$num] . "\n";
printear("[+] Date : ");
print $dates[$num] . "\n";
printear("[+] Type : ");
print $tipos[$num] . "\n";
printear("[+] Author : ");
print $autores[$num] . "\n";
printear("[+] Link : ");
print $links[$num] . "\n";
}
}
sub printear {
cprint( "\x036" . $_[0] . "\x030" );
}
sub printear_logo {
cprint( "\x037" . $_[0] . "\x030" );
}
sub printear_titulo {
cprint( "\x0310" . $_[0] . "\x030" );
}
sub sintax {
printear("\n[+] Sintax : ");
print "perl $0 <option> <value>\n";
printear("\n[+] Options : \n\n");
print "-search <query> -page <count> : Search exploits in page\n";
print "-read_exploit <id exploit> : Read exploit\n";
print "-download <id exploit> : Download an exploit\n";
print "-download_all <query> -page <count> : Download all exploits\n";
printear("\n[+] Example : ");
print "perl exploitdb.pl -search smf -page 1\n";
copyright();
}
sub head {
printear_logo("\n-- == Exploit DB Manager 0.6 == --\n\n");
}
sub copyright {
printear_logo("\n\n-- == (C) Doddy Hackman 2015 == --\n\n");
exit(1);
}
sub toma {
return $nave->get( $_[0] )->content;
}
#The End ?
Si quieren bajar el programa lo pueden hacer de aca :
SourceForge (https://sourceforge.net/projects/exploitdbmanager/).
Github (https://github.com/DoddyHackman/Exploit_DB_Manager).