美文网首页Ethical Hackers
kali:getsploit在线抓取exploit等内容

kali:getsploit在线抓取exploit等内容

作者: 一点也不想吃辣 | 来源:发表于2017-06-19 19:24 被阅读0次

    资源:https://github.com/vulnersCom/getsploit

    Vulners数据库的命令行搜索和下载工具。 它允许您在线搜索所有最受欢迎的集合的漏洞利用:Exploit-DB,Metasploit,Packetstorm等。 最强大的功能是在您的工作路径中立即开发源代码下载。

    支持的python版本: python2.6, python2.7, python3.6.

    使用案例:
    搜索:

    # git clone https://github.com/vulnersCom/getsploit
    # cd getsploit
    # ./getsploit.py wordpress 4.7.0
    Total found exploits: 8
    Web-search URL: https://vulners.com/search?query=bulletinFamily%3Aexploit%20AND%20wordpress%204.7.0
    +----------------------+--------------------------------+----------------------------------------------------+
    |          ID          |         Exploit Title          |                        URL                         |
    +======================+================================+====================================================+
    |  PACKETSTORM:141039  | WordPress 4.7.0 / 4.7.1 Insert | https://vulners.com/packetstorm/PACKETSTORM:141039 |
    |                      | PHP Code Injection             |                                                    |
    +----------------------+--------------------------------+----------------------------------------------------+
    |     EDB-ID:41308     | WordPress 4.7.0/4.7.1 Plugin   |     https://vulners.com/exploitdb/EDB-ID:41308     |
    |                      | Insert PHP - PHP Code          |                                                    |
    |                      | Injection                      |                                                    |
    +----------------------+--------------------------------+----------------------------------------------------+
    |     EDB-ID:41223     | WordPress 4.7.0/4.7.1 -        |     https://vulners.com/exploitdb/EDB-ID:41223     |
    |                      | Unauthenticated Content        |                                                    |
    |                      | Injection (PoC)                |                                                    |
    +----------------------+--------------------------------+----------------------------------------------------+
    |  PACKETSTORM:140893  | WordPress 4.7.0 / 4.7.1 REST   | https://vulners.com/packetstorm/PACKETSTORM:140893 |
    |                      | API Privilege Escalation       |                                                    |
    +----------------------+--------------------------------+----------------------------------------------------+
    |  PACKETSTORM:140902  | WordPress 4.7.0 / 4.7.1        | https://vulners.com/packetstorm/PACKETSTORM:140902 |
    |                      | Content Injection / Code       |                                                    |
    |                      | Execution                      |                                                    |
    +----------------------+--------------------------------+----------------------------------------------------+
    |  PACKETSTORM:140901  | WordPress 4.7.0 / 4.7.1        | https://vulners.com/packetstorm/PACKETSTORM:140901 |
    |                      | Content Injection Proof Of     |                                                    |
    |                      | Concept                        |                                                    |
    +----------------------+--------------------------------+----------------------------------------------------+
    |     EDB-ID:41224     | WordPress 4.7.0/4.7.1 -        |     https://vulners.com/exploitdb/EDB-ID:41224     |
    |                      | Unauthenticated Content        |                                                    |
    |                      | Injection Arbitrary Code       |                                                    |
    |                      | Execution                      |                                                    |
    +----------------------+--------------------------------+----------------------------------------------------+
    |      SSV-92637       | WordPress REST API content     |        https://vulners.com/seebug/SSV-92637        |
    |                      | injection                      |                                                    |
    +----------------------+--------------------------------+----------------------------------------------------+
    

    保存exploit文件:

    
    # ./getsploit.py -m wordpress 4.7.0
    Total found exploits: 8
    Web-search URL: https://vulners.com/search?query=bulletinFamily%3Aexploit%20AND%20wordpress%204.7.0
    +----------------------+--------------------------------+----------------------------------------------------+
    |          ID          |         Exploit Title          |                        URL                         |
    +======================+================================+====================================================+
    |  PACKETSTORM:141039  | WordPress 4.7.0 / 4.7.1 Insert | https://vulners.com/packetstorm/PACKETSTORM:141039 |
    |                      | PHP Code Injection             |                                                    |
    +----------------------+--------------------------------+----------------------------------------------------+
    |     EDB-ID:41308     | WordPress 4.7.0/4.7.1 Plugin   |     https://vulners.com/exploitdb/EDB-ID:41308     |
    |                      | Insert PHP - PHP Code          |                                                    |
    |                      | Injection                      |                                                    |
    +----------------------+--------------------------------+----------------------------------------------------+
    |     EDB-ID:41223     | WordPress 4.7.0/4.7.1 -        |     https://vulners.com/exploitdb/EDB-ID:41223     |
    |                      | Unauthenticated Content        |                                                    |
    |                      | Injection (PoC)                |                                                    |
    +----------------------+--------------------------------+----------------------------------------------------+
    |  PACKETSTORM:140893  | WordPress 4.7.0 / 4.7.1 REST   | https://vulners.com/packetstorm/PACKETSTORM:140893 |
    |                      | API Privilege Escalation       |                                                    |
    +----------------------+--------------------------------+----------------------------------------------------+
    |  PACKETSTORM:140902  | WordPress 4.7.0 / 4.7.1        | https://vulners.com/packetstorm/PACKETSTORM:140902 |
    |                      | Content Injection / Code       |                                                    |
    |                      | Execution                      |                                                    |
    +----------------------+--------------------------------+----------------------------------------------------+
    |  PACKETSTORM:140901  | WordPress 4.7.0 / 4.7.1        | https://vulners.com/packetstorm/PACKETSTORM:140901 |
    |                      | Content Injection Proof Of     |                                                    |
    |                      | Concept                        |                                                    |
    +----------------------+--------------------------------+----------------------------------------------------+
    |     EDB-ID:41224     | WordPress 4.7.0/4.7.1 -        |     https://vulners.com/exploitdb/EDB-ID:41224     |
    |                      | Unauthenticated Content        |                                                    |
    |                      | Injection Arbitrary Code       |                                                    |
    |                      | Execution                      |                                                    |
    +----------------------+--------------------------------+----------------------------------------------------+
    |      SSV-92637       | WordPress REST API content     |        https://vulners.com/seebug/SSV-92637        |
    |                      | injection                      |                                                    |
    +----------------------+--------------------------------+----------------------------------------------------+
    
    # ls
    LICENSE         README.md       getsploit.py    wordpress-470
    # cd wordpress-470
    # ls
    edb-id41223.txt         edb-id41224.txt         edb-id41308.txt         packetstorm140893.txt   packetstorm140901.txt   packetstorm140902.txt   packetstorm141039.txt   ssv-92637.txt
    

    本地数据库:
    如果您的Python支持sqlite3 lib(builtin),则可以使用--update和--local命令将整个漏洞利用数据库下载到PC。 更新后,您可以执行本地离线搜索。

    # ./getsploit.py --update
    Downloading getsploit database archive. Please wait, it may take time. Usually around 5-10 minutes.
    219642496/219642496 [100.00%]
    Unpacking database.
    Database download complete. Now you may search exploits using --local key './getsploit.py -l wordpress 4.7'
    

    相关文章

      网友评论

        本文标题:kali:getsploit在线抓取exploit等内容

        本文链接:https://www.haomeiwen.com/subject/xcrnqxtx.html