getsploit – Command line utility for searching and downloading exploits

Command line search and download tool for Vulners Database inspired by searchsploit. It allows you to search online for the exploits across all the most popular collections: Exploit-DB, Metasploit, Packetstorm and others. The most powerful feature is immediate exploit source download right in your working path.


Python version
Utility was tested on a python2.6, python2.7, python3.6. If you found any bugs, don’t hesitate to open issue

How to use

Search

# git clone http://ift.tt/2sDZvhS
# cd getsploit
# ./getsploit.py wordpress 4.7.0
Total found exploits: 8
Web-search URL: http://ift.tt/2qXFeTh
+----------------------+--------------------------------+----------------------------------------------------+
| ID | Exploit Title | URL |
+======================+================================+====================================================+
| PACKETSTORM:141039 | WordPress 4.7.0 / 4.7.1 Insert | http://ift.tt/2rsXdnO |
| | PHP Code Injection | |
+----------------------+--------------------------------+----------------------------------------------------+
| EDB-ID:41308 | WordPress 4.7.0/4.7.1 Plugin | http://ift.tt/2qXFfGP |
| | Insert PHP - PHP Code | |
| | Injection | |
+----------------------+--------------------------------+----------------------------------------------------+
| EDB-ID:41223 | WordPress 4.7.0/4.7.1 - | http://ift.tt/2rsWR0z |
| | Unauthenticated Content | |
| | Injection (PoC) | |
+----------------------+--------------------------------+----------------------------------------------------+
| PACKETSTORM:140893 | WordPress 4.7.0 / 4.7.1 REST | http://ift.tt/2qXxaSm |
| | API Privilege Escalation | |
+----------------------+--------------------------------+----------------------------------------------------+
| PACKETSTORM:140902 | WordPress 4.7.0 / 4.7.1 | http://ift.tt/2qVPxHj |
| | Content Injection / Code | |
| | Execution | |
+----------------------+--------------------------------+----------------------------------------------------+
| PACKETSTORM:140901 | WordPress 4.7.0 / 4.7.1 | http://ift.tt/2rsXdEt |
| | Content Injection Proof Of | |
| | Concept | |
+----------------------+--------------------------------+----------------------------------------------------+
| EDB-ID:41224 | WordPress 4.7.0/4.7.1 - | http://ift.tt/2qXK3Ma |
| | Unauthenticated Content | |
| | Injection Arbitrary Code | |
| | Execution | |
+----------------------+--------------------------------+----------------------------------------------------+
| SSV-92637 | WordPress REST API content | http://ift.tt/2rsK9ii |
| | injection | |
+----------------------+--------------------------------+----------------------------------------------------+

Save exploit files

# ./getsploit.py -m wordpress 4.7.0
Total found exploits: 8
Web-search URL: http://ift.tt/2qXFeTh
+----------------------+--------------------------------+----------------------------------------------------+
| ID | Exploit Title | URL |
+======================+================================+====================================================+
| PACKETSTORM:141039 | WordPress 4.7.0 / 4.7.1 Insert | http://ift.tt/2rsXdnO |
| | PHP Code Injection | |
+----------------------+--------------------------------+----------------------------------------------------+
| EDB-ID:41308 | WordPress 4.7.0/4.7.1 Plugin | http://ift.tt/2qXFfGP |
| | Insert PHP - PHP Code | |
| | Injection | |
+----------------------+--------------------------------+----------------------------------------------------+
| EDB-ID:41223 | WordPress 4.7.0/4.7.1 - | http://ift.tt/2rsWR0z |
| | Unauthenticated Content | |
| | Injection (PoC) | |
+----------------------+--------------------------------+----------------------------------------------------+
| PACKETSTORM:140893 | WordPress 4.7.0 / 4.7.1 REST | http://ift.tt/2qXxaSm |
| | API Privilege Escalation | |
+----------------------+--------------------------------+----------------------------------------------------+
| PACKETSTORM:140902 | WordPress 4.7.0 / 4.7.1 | http://ift.tt/2qVPxHj |
| | Content Injection / Code | |
| | Execution | |
+----------------------+--------------------------------+----------------------------------------------------+
| PACKETSTORM:140901 | WordPress 4.7.0 / 4.7.1 | http://ift.tt/2rsXdEt |
| | Content Injection Proof Of | |
| | Concept | |
+----------------------+--------------------------------+----------------------------------------------------+
| EDB-ID:41224 | WordPress 4.7.0/4.7.1 - | http://ift.tt/2qXK3Ma |
| | Unauthenticated Content | |
| | Injection Arbitrary Code | |
| | Execution | |
+----------------------+--------------------------------+----------------------------------------------------+
| SSV-92637 | WordPress REST API content | http://ift.tt/2rsK9ii |
| | injection | |
+----------------------+--------------------------------+----------------------------------------------------+

# ls
LICENSE README.md getsploit.py wordpress-470
# cd wordpress-470
# ls
edb-id41223.txt edb-id41224.txt edb-id41308.txt packetstorm140893.txt packetstorm140901.txt packetstorm140902.txt packetstorm141039.txt ssv-92637.txt

Local database
If your Python supports sqlite3 lib(builtin) you can use –update and –local commands to download whole exploit database to your PC. After update you can perform local offline searches.

# ./getsploit.py --update
Downloading getsploit database archive. Please wait, it may take time. Usually around 5-10 minutes.
219642496/219642496 [100.00%]
Unpacking database.
Database download complete. Now you may search exploits using --local key './getsploit.py -l wordpress 4.7'

from KitPloit – PenTest Tools! http://ift.tt/2u97TXk

Anuncios

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s