[Perl] Exploit DB Manager 0.6

BigBear · 13 Febrero 2015, 17:43 PM

Un simple script en Perl para buscar,leer y descargar exploits en ExploitDB.

Tienen opciones para :

Buscar y listar exploits
Leer exploit con determinado ID
Descargar exploit con determinado ID
Descargar todos los exploits de determinado nombre

Un video con ejemplos de uso :

[youtube=640,360]https://www.youtube.com/watch?v=CxDxQNEL3gM[/youtube]

El codigo :

Código (perl) [Seleccionar] Expandir
#!usr/bin/perl #Exploit DB Manager 0.6 #(C) Doddy Hackman 2015 use LWP::UserAgent; use Getopt::Long; use Color::Output; Color::Output::Init; my @agents = ( 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0', 'Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14', 'Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1667.0 Safari/537.36', 'Mozilla/5.0 (compatible; MSIE 10.6; Windows NT 6.1; Trident/5.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727) 3gpp-gba UNTRUSTED/1.0', 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.8pre) Gecko/20070928 Firefox/2.0.0.7 Navigator/9.0RC1', 'Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US))', 'Mozilla/5.0 (Windows NT 6.0; rv:2.0) Gecko/20100101 Firefox/4.0 Opera 12.14', 'Mozilla/5.0 (Windows; U; Windows NT 6.1; tr-TR) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27' ); my $nave = LWP::UserAgent->new(); $nave->agent( $agents[ rand @agents ] ); $nave->timeout(5); GetOptions( "search=s" => \$search, "page=i" => \$page, "read_exploit=s" => \$read_exploit, "download=s" => \$download, "file=s" => \$file, "download_all=s" => \$download_all ); my $directorio_down = "downloads"; unless ( -d $directorio_down ) { mkdir( $directorio_down, "0777" ); chmod 0777, $directorio_down; } chdir($directorio_down); head(); if ( $search ne "" ) { if ( $page eq "" ) { by_search( $search, "1" ); } else { by_search( $search, $page ); } } elsif ( $read_exploit ne "" ) { by_read_exploit($read_exploit); } elsif ($download) { if ($file) { by_download( $download, $file ); } else { by_download( $download, "" ); } } elsif ($download_all) { if ( $page ne "" ) { by_download_all( $download_all, $page ); } else { by_download_all( $download_all, "1" ); } } else { sintax(); } copyright(); sub by_download_all { my $query = $_[0]; my $page = $_[1]; printear_titulo("\n[+] Searching ...\n\n"); my $directorio = $query; $directorio =~ s/\.//; $directorio =~ s/\=//; unless ( -d $directorio ) { mkdir( $directorio, "0777" ); chmod 0777, $directorio; } chdir($directorio); my $code = toma( "http://www.exploit-db.com/search/?action=search&filter_page=" . $page . "&filter_description=" . $query . "&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=" ); sleep(6); my %links_to_download; my @ids = ""; my @nombres = ""; my @links = ""; my @links_down = ""; while ( $code =~ /<a href="http:\/\/www.exploit-db.com\/exploits\/(.*?)">(.*?)<\/a>/migs ) { my $id = $1; my $name = $2; $name =~ s/<//; $name =~ s/\<//; $name =~ s/(\s)+$//; my $link = "http://www.exploit-db.com/exploits/" . $id; my $link_down = "http://www.exploit-db.com/download/" . $id; push( @nombres, $name ); push( @ids, $id ); push( @links, $link ); push( @links_down, $link_down ); } printear("[+] Exploits Found : "); print int(@links) - 1 . "\n\n"; for my $num ( 1 .. int(@links) - 1 ) { printear("[+] Title : "); print $nombres[$num] . "\n"; printear("[+] Link : "); print $links[$num] . "\n"; my $titulo = $nombres[$num]; $titulo =~ s/=//ig; $titulo =~ s/\///ig; $titulo = $titulo . ".txt"; printear("[+] Downloading ID : "); print $ids[$num]; print "\n"; sleep(6); if ( $nave->mirror( $links_down[$num], $titulo ) ) { printear("[+] Status : "); print "OK\n\n"; chmod 0777, $titulo; } else { printear("[+] Status : "); print "FAIL\n\n"; } } printear_titulo("[+] Finished\n"); } sub by_download { my $id = $_[0]; my $file = $_[1]; printear_titulo("\n[+] Downloading exploit ID : "); print $id. "\n"; if ( $file ne "" ) { if ( $nave->mirror( "http://www.exploit-db.com/download/" . $id . "/", $file ) ) { printear( "\n[+] File '" . $file . "' Downloaded !\n" ); chmod 0777, $file; } else { printear("\n[-] WTF !\n"); } } else { my $code = toma( "http://www.exploit-db.com/exploits/" . $id . "/" ); if ( $code =~ /<h1 style="(.*?)">(.*?)<\/h1>/ ) { my $titulo = $2; my $exploit_name = $titulo; $titulo =~ s/\.//; $titulo =~ s/\=//; $titulo = $titulo . ".txt"; sleep(6); if ( $nave->mirror( "http://www.exploit-db.com/download/" . $id . "/", $titulo ) ) { printear( "\n[+] File '" . $exploit_name . "' Downloaded !\n" ); chmod 0777, $titulo; } else { printear("\n[-] WTF !\n"); } } } } sub by_read_exploit { printear_titulo("\n[+] Searching ...\n\n"); my $id = $_[0]; my $code = toma( "http://www.exploit-db.com/exploits/" . $id . "/" ); my $source = toma( "http://www.exploit-db.com/download/" . $id . "/" ); if ( $code =~ /<h1 style="(.*?)">(.*?)<\/h1>/ ) { my $titulo = $2; printear("[+] Title : "); print $titulo. "\n"; } else { printear("[-] WTF !\n"); } if ( $code =~ /Author: (.*?)</ ) { my $autor = $1; printear("[+] Author : "); print $autor. "\n"; } if ( $code =~ /Published: (.*?)</ ) { my $fecha = $1; printear("[+] Published : "); print $fecha. "\n"; } if ( $code =~ /Vulnerable App:    <a href="(.*?)">/ ) { my $app = $1; printear("[+] Vulnerable App : "); print $app. "\n"; } print "\n-------------------------------------\n"; printear($source); print "-------------------------------------\n"; } sub by_search { my $query = $_[0]; my $page = $_[1]; printear_titulo("\n[+] Searching ...\n\n"); my $code = toma( "http://www.exploit-db.com/search/?action=search&filter_page=" . $page . "&filter_description=" . $query . "&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=" ); my @dates = ""; my @nombres = ""; my @tipos = ""; my @autores = ""; my @links = ""; while ( $code =~ /<td class="list_explot_date">(.*?)<\/td>/migs ) { my $date = $1; push( @dates, $date ); } while ( $code =~ /<a href="http:\/\/www.exploit-db.com\/exploits\/(.*?)">(.*?)<\/a>/migs ) { my $id = $1; my $name = $2; $name =~ s/<//; my $link = "http://www.exploit-db.com/exploits/" . $id; push( @nombres, $name ); push( @links, $link ); } while ( $code =~ /<a href="http:\/\/www.exploit-db.com\/platform\/(.*?)">(.*?)<\/a>/migs ) { my $type = $2; push( @tipos, $type ); } while ( $code =~ /<a href="http:\/\/www.exploit-db.com\/author\/(.*?)" title="(.*?)">/migs ) { my $autor = $2; push( @autores, $autor ); } printear("[+] Exploits Found : "); print int(@links) - 1 . "\n"; for my $num ( 1 .. int(@links) - 1 ) { printear("\n[+] Title : "); print $nombres[$num] . "\n"; printear("[+] Date : "); print $dates[$num] . "\n"; printear("[+] Type : "); print $tipos[$num] . "\n"; printear("[+] Author : "); print $autores[$num] . "\n"; printear("[+] Link : "); print $links[$num] . "\n"; } } sub printear { cprint( "\x036" . $_[0] . "\x030" ); } sub printear_logo { cprint( "\x037" . $_[0] . "\x030" ); } sub printear_titulo { cprint( "\x0310" . $_[0] . "\x030" ); } sub sintax { printear("\n[+] Sintax : "); print "perl $0 <option> <value>\n"; printear("\n[+] Options : \n\n"); print "-search <query> -page <count> : Search exploits in page\n"; print "-read_exploit <id exploit> : Read exploit\n"; print "-download <id exploit> : Download an exploit\n"; print "-download_all <query> -page <count> : Download all exploits\n"; printear("\n[+] Example : "); print "perl exploitdb.pl -search smf -page 1\n"; copyright(); } sub head { printear_logo("\n-- == Exploit DB Manager 0.6 == --\n\n"); } sub copyright { printear_logo("\n\n-- == (C) Doddy Hackman 2015 == --\n\n"); exit(1); } sub toma { return $nave->get( $_[0] )->content; } #The End ?

Si quieren bajar el programa lo pueden hacer de aca :

SourceForge.
Github.

Test Foro de elhacker.net SMF 2.1

[Perl] Exploit DB Manager 0.6

BigBear