Merge branch 'g0tmi1k-searchsploit'

Offensive Security · Offensive Security · commit 2af7b4dfb6ec · 2016-03-18T15:51:05.000Z
diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 The Exploit-Database Git Repository
 ===================================
 
-This is the official repository of [The Exploit Database](http://www.exploit-db.com/), a project sponsored by [Offensive Security](https://www.offensive-security.com/).
+This is the official repository of [The Exploit Database](https://www.exploit-db.com/), a project sponsored by [Offensive Security](https://www.offensive-security.com/).
 
 The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
 
@@ -11,42 +11,46 @@ Included with this repository is the **searchsploit** utility, which will allow
 
 ```
 root@kali:~# searchsploit -h
-  Usage: searchsploit [OPTIONS] term1 [term2] ... [termN]
+  Usage: searchsploit [options] term1 [term2] ... [termN]
 Example:
   searchsploit afd windows local
   searchsploit -t oracle windows
 
 =========
  Options
 =========
-   -c, --case     Perform a case-sensitive search (Default is insensitive).
-   -h, --help     Show this help screen.
-   -t, --title    Search just the exploit title (Default is title AND the file's path).
-   -u, --update   Update exploit database from git.
-   -v, --verbose  Verbose output. Title lines are allowed to overflow their columns.
-   -w, --www      Show URLs to Exploit-DB.com rather than local path.
-       --colour   Disable colour highlighting.
-       --id       Display EDB-ID value rather than local path.
+   -c, --case      Perform a case-sensitive search (Default is inSEnsITiVe).
+   -e, --exact     Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
+   -h, --help      Show this help screen.
+   -o, --overflow  Exploit title's are allowed to overflow their columns.
+   -t, --title     Search just the exploit title (Default is title AND the file's path).
+   -u, --update    Update exploit database from git.
+   -w, --www       Show URLs to Exploit-DB.com rather than local path.
+       --id        Display EDB-ID value rather than local path.
+       --colour    Disable colour highlighting.
 
 =======
  Notes
 =======
- * Use any number of search terms, in any order.
+ * Use any number of search terms.
  * Search terms are not case sensitive, and order is irrelevant.
    * Use '-c' if you wish to reduce results by case-sensitive searching.
-* Use '-t' to exclude the file's path to filter the search results.
-   * Could possibly remove false positives (especially when searching numbers).
+   * And/Or '-e' if you wish to filter results by using an exact match.
+ * Use '-t' to exclude the file's path to filter the search results.
+   * Remove false positives (especially when searching numbers/versions).
  * When updating from git or displaying help, search terms will be ignored.
 
 root@kali:~# searchsploit afd windows local
------------------------------------------------------------- ----------------------------------
- Exploit Title                                              |  Path
-                                                            | (/usr/share/exploitdb/platforms)
------------------------------------------------------------- ----------------------------------
-MS Windows XP/2003 - AFD.sys Privilege Escalation Exploit (K| /windows/local/6757.txt
-Microsoft Windows XP - AFD.sys Local Kernel DoS Exploit     | /windows/dos/17133.c
-Windows XP/2003 Afd.sys - Local Privilege Escalation Exploit| /windows/local/18176.py
-Windows - AfdJoinLeaf Privilege Escalation (MS11-080)       | /windows/local/21844.rb
------------------------------------------------------------- ----------------------------------
+--------------------------------------------------------------------------------- ----------------------------------
+ Exploit Title                                                                   |  Path
+                                                                                 | (/usr/share/exploitdb/platforms)
+--------------------------------------------------------------------------------- ----------------------------------
+Microsoft Windows 2003/XP - AFD.sys Privilege Escalation Exploit (K-plugin)      | ./windows/local/6757.txt
+Microsoft Windows XP - AFD.sys Local Kernel DoS Exploit                          | ./windows/dos/17133.c
+Microsoft Windows XP/2003 Afd.sys - Local Privilege Escalation Exploit (MS11-080)| ./windows/local/18176.py
+Microsoft Windows - AfdJoinLeaf Privilege Escalation (MS11-080)                  | ./windows/local/21844.rb
+Microsoft Windows - AFD.SYS Dangling Pointer Privilege Escalation (MS14-040)     | ./win32/local/39446.py
+Microsoft Windows 7 x64 - AFD.SYS Privilege Escalation (MS14-040)                | ./win64/local/39525.py
+--------------------------------------------------------------------------------- ----------------------------------
 root@kali:~#
 ```
diff --git a/searchsploit b/searchsploit
@@ -1,9 +1,9 @@
 #!/bin/bash
-#       Name: searchsploit - Exploit-DB's CLI search tool
-#    Version: 3.1  (Release date: 2015-07-08)
+#       Name: SearchSploit - Exploit-DB's CLI search tool
+#    Version: 3.2  (Release date: 2016-03-18)
 # Written by: Offensive Security, Unix-Ninja & g0tmi1k
 #   Homepage: https://github.com/offensive-security/exploit-database
-
+#
 ## NOTE:
 #   Exit code '0' means finished normally
 #   Exit code '1' means finished help screen
@@ -14,18 +14,29 @@
 gitpath="/usr/share/exploitdb"
 csvpath="${gitpath}/files.csv"
 
+
 ## Program settings
 gitremote="https://github.com/offensive-security/exploit-database.git"
 progname="$( basename "$0" )"
 
+
 ## Default options
-TAGS=""
-SCASE="tolower"
-VERBOSE=0
-WEBLINK=0
+COLOUR=1
 EDBID=0
-COLOUR='true'
+EXACT=0
 FILEPATH=1
+OVERFLOW=0
+WEBLINK=0
+SCASE=0
+TAGS=""
+CASE_TAG_GREP="-i"
+CASE_TAG_FGREP="tolower"
+COLOUR_TAG=""
+SEARCH=""
+
+
+## Set LANG variable to avoid illegal byte sequence errors
+LANG=C
 
 
 ## If files.csv is in the searchsploit path, use that instead
@@ -45,23 +56,25 @@ function usage()
   echo "========="
   echo " Options "
   echo "========="
-  echo "   -c, --case     Perform a case-sensitive search (Default is insensitive)."
-  echo "   -h, --help     Show this help screen."
-  echo "   -t, --title    Search just the exploit title (Default is title AND the file's path)."
-  echo "   -u, --update   Update exploit database from git."
-  echo "   -v, --verbose  Verbose output. Title lines are allowed to overflow their columns."
-  echo "   -w, --www      Show URLs to Exploit-DB.com rather than local path."
-  echo "       --colour   Disable colour highlighting."
-  echo "       --id       Display EDB-ID value rather than local path."
+  echo "   -c, --case      Perform a case-sensitive search (Default is inSEnsITiVe)."
+  echo "   -e, --exact     Perform an EXACT match on exploit title (Default is AND) [Implies \"-t\"]."
+  echo "   -h, --help      Show this help screen."
+  echo "   -o, --overflow  Exploit title's are allowed to overflow their columns."
+  echo "   -t, --title     Search just the exploit title (Default is title AND the file's path)."
+  echo "   -u, --update    Update exploit database from git."
+  echo "   -w, --www       Show URLs to Exploit-DB.com rather than local path."
+  echo "       --id        Display EDB-ID value rather than local path."
+  echo "       --colour    Disable colour highlighting."
   echo
   echo "======="
   echo " Notes "
   echo "======="
-  echo " * Use any number of search terms, in any order."
+  echo " * Use any number of search terms."
   echo " * Search terms are not case sensitive, and order is irrelevant."
   echo "   * Use '-c' if you wish to reduce results by case-sensitive searching."
+  echo "   * And/Or '-e' if you wish to filter results by using an exact match."
   echo " * Use '-t' to exclude the file's path to filter the search results."
-  echo "   * Could possibly remove false positives (especially when searching numbers)."
+  echo "   * Remove false positives (especially when searching numbers/versions)."
   echo " * When updating from git or displaying help, search terms will be ignored."
   echo ""
   exit 1
@@ -70,10 +83,11 @@ function usage()
 ## Update database (via GIT)
 function update()
 {
+  ## Make sure we are in the correct folder
   mkdir -p "${gitpath}/"
   cd "${gitpath}/"
 
-  # Make sure a git repo is init before updating
+  ## Make sure a git repo is init before updating
   if [[ "$( git rev-parse --is-inside-work-tree )" != "true" ]]; then
     if [[ "$( ls )" = "" ]]; then
       # If directory is empty, just clone
@@ -122,19 +136,21 @@ fi
 ARGS="-"
 for param in "$@"; do
   if [[ "${param}" == "--case" ]]; then
-    SCASE=''
+    SCASE=1
+  elif [[ "${param}" == "--exact" ]]; then
+    EXACT=1
   elif [[ "${param}" == "--help" ]]; then
     usage >&2
+  elif [[ "${param}" == "--overflow" ]]; then
+    OVERFLOW=1
   elif [[ "${param}" == "--title" ]]; then
     FILEPATH=0
   elif [[ "${param}" == "--update" ]]; then
     update
   elif [[ "${param}" == "--www" ]]; then
     WEBLINK=1
-  elif [[ "${param}" == "--verbose" ]]; then
-    VERBOSE=1
   elif [[ "${param}" == "--colour" ]] || [[ "${param}" == "--color" ]]; then
-    COLOUR=''
+    COLOUR=""
   elif [[ "${param}" == "--id" ]]; then
     EDBID=1
   else
@@ -149,24 +165,39 @@ done
 
 
 ## Parse short arguments
-while getopts "chtuvw" arg "${ARGS}"; do
+while getopts "cehotuw" arg "${ARGS}"; do
   if [[ "${arg}" = "?" ]]; then
     usage >&2;
   fi
   case ${arg} in
-    c) SCASE='';;
+    c) SCASE=1;;
+    e) EXACT=1;;
     h) usage >&2;;
+    o) OVERFLOW=1;;
     t) FILEPATH=0;;
     u) update;;
-    v) VERBOSE=1;;
     w) WEBLINK=1;;
   esac
   shift $(( OPTIND - 1 ))
 done
 
 
-## Dynamically set column widths
-if [[ "${WEBLINK}" -eq '1' ]]; then
+## If we are doing an exact match, do not check folder path.
+if [[ "${EXACT}" -eq 1 ]]; then
+  FILEPATH=0
+fi
+
+
+## Case sensitive?
+if [[ "${SCASE}" -eq 1 ]]; then
+  ## Remove the default flags
+  CASE_TAG_GREP=""
+  CASE_TAG_FGREP=""
+fi
+
+
+## Dynamically set column widths to the current screen size
+if [[ "${WEBLINK}" -eq 1 ]]; then
   COL2=45
 else
   COL2=35
@@ -177,9 +208,9 @@ COL1=$(( $( tput cols ) - COL2 - 1 ))
 ## Print header
 drawline
 printf "%-${COL1}s %s" " Exploit Title"
-if [[ "${WEBLINK}" -eq '1' ]]; then
+if [[ "${WEBLINK}" -eq 1 ]]; then
   echo "|  URL"
-elif [[ "${EDBID}" -eq '1' ]]; then
+elif [[ "${EDBID}" -eq 1 ]]; then
   echo "|  EDB-ID"
 else
   echo "|  Path"
@@ -188,69 +219,90 @@ else
 fi
 drawline
 
-## Create (AND) search command
-SEARCH=
-for tag in ${TAGS}; do
 
-  if [[ "${COLOUR}" ]]; then
-    COLOUR="${COLOUR}\|${tag}"
+## EXACT search command?
+if [[ "${EXACT}" -eq 1 ]]; then
+  ## Case sensitive?
+  if [[ "${SCASE}" -eq 1 ]]; then
+    SEARCH="${TAGS}"
+  else
+    SEARCH="$( echo ${TAGS} | tr '[:upper:]' '[:lower:]' )"
   fi
 
-  if [[ "${FILEPATH}" -eq 1 ]]; then
-    if [[ "${SCASE}" ]]; then
-      SCASE='-i'
-    fi
+  ## Remove leading space
+  SEARCH="$(echo ${SEARCH} | sed -e 's/^[[:space:]]//')"
 
-    if [[ "${SEARCH}" ]]; then
-        SEARCH="${SEARCH} |"
+  ## If we are to use colour, add the values to search for
+  if [[ "${COLOUR}" -eq 1 ]]; then
+    COLOUR_TAG="${SEARCH}"
+  fi
+## or AND search command?
+else
+  ## For each term
+  for tag in ${TAGS}; do
+    ## If we are to use colour, add the values to search for between "or"
+    if [[ "${COLOUR}" -eq 1 ]]; then
+      COLOUR_TAG="${COLOUR_TAG}\|${tag}"
     fi
 
-    SEARCH="${SEARCH} fgrep ${SCASE} \"${tag}\""
-  else
-    if [[ "${SEARCH}" ]]; then
-      SEARCH="${SEARCH}/ && ${SCASE}(\$1) ~ /"
-    fi
+    ## Search both title and path?
+    if [[ "${FILEPATH}" -eq 1 ]]; then
+      ## Is there a value already?
+      if [[ "${SEARCH}" ]]; then
+        SEARCH="${SEARCH} |"
+      fi
 
-    if [[ "${SCASE}" ]]; then
-      tag="$( echo ${tag} | tr '[:upper:]' '[:lower:]' )"
+      ## Search command for each term
+      SEARCH="${SEARCH} fgrep ${CASE_TAG_GREP} \"${tag}\""
+    ## Search just the title, not the path
+    else
+      ## If there is already a value, prepend text to get ready
+      if [[ "${SEARCH}" ]]; then
+        SEARCH="${SEARCH}/ && ${CASE_TAG_FGREP}(\$1) ~ /"
+      fi
+
+      ## Case sensitive?
+      if [[ "${SCASE}" -eq 1 ]]; then
+        EARCH="${SEARCH}${tag}"
+      else
+        SEARCH="${SEARCH}$( echo ${tag} | tr '[:upper:]' '[:lower:]' )"
+      fi
     fi
-
-    SEARCH="${SEARCH}${tag}"
-  fi
-done
-
-if [[ "${FILEPATH}" -ne 1 ]]; then
-  SEARCH="awk -F '[|]' '${SCASE}(\$1) ~ /${SEARCH}/ {print}'"
+  done
 fi
 
-if [[ "${COLOUR}" ]]; then
-  SEARCH="${SEARCH} | grep --color=always -ie \"\${COLOUR}\""
+
+## If we are not to use the path name
+if [[ "${FILEPATH}" -eq 0 ]]; then
+  SEARCH="awk -F '[|]' '${CASE_TAG_FGREP}(\$1) ~ /${SEARCH}/ {print}'"
 fi
 
 
-## Set LANG variable to avoid illegal byte sequence errors
-LANG=C
+## If we are to use colour, add the value here
+if [[ "${COLOUR_TAG}" ]]; then
+  SEARCH="${SEARCH} | grep --color=always -ie \"\${COLOUR_TAG}\""
+fi
 
 
 ## Search, format, and print results
-if [[ "${VERBOSE}" -eq 0 ]]; then
-  FORMAT=${COL1}'.'${COL1}
-else
+if [[ "${OVERFLOW}" -eq 1 ]]; then
   FORMAT=${COL1}
+else
+  FORMAT=${COL1}'.'${COL1}
 fi
 
 
+## Magic search Fu
 ## Web link format?
-if [[ "${WEBLINK}" -eq '1' ]]; then
-  ## Magic search Fu
+if [[ "${WEBLINK}" -eq 1 ]]; then
   awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, "https://www.exploit-db.com/exploits/"$1"/"}' "${csvpath}" \
     | eval "${SEARCH}"
-elif [[ "${EDBID}" -eq '1' ]]; then
-  ## Magic search Fu
+## Just the EDB-ID?
+elif [[ "${EDBID}" -eq 1 ]]; then
   awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $1}' "${csvpath}" \
     | eval "${SEARCH}"
+## Default view
 else
-  ## Magic search Fu
   awk -F "\"*,\"*" '{ printf "%-'${FORMAT}'s | %s\n", $3, $2}' "${csvpath}" \
     | eval "${SEARCH}" \
     | sed "s/| platforms/| ./"
