go-exploitdb tool for searching Exploits from some Exploit Databases

superior_hosting_service

Exploits

This is a tool for searching Exploits from some Exploit Databases. Exploits are inserted at sqlite database(go-exploitdb) can be searched by command line interface. In server mode, a simple Web API can be used.

As the following vulnerabilities database

  1. ExploitDB(OffensiveSecurity) by CVE number or Exploit Database ID.
  2. GitHub Repositories
  3. Awesome Cve Poc

Docker Deployment

There’s a Docker image available docker pull princechrismc/go-exploitdb. When using the container, it takes the same arguments as the normal command line.

Installation for local deployment

Requirements

go-exploitdb requires the following packages.

Install go-exploitdb
$ mkdir -p $GOPATH/src/github.com/vulsio
$ cd $GOPATH/src/github.com/vulsio
$ git clone https://github.com/vulsio/go-exploitdb.git
$ cd go-exploitdb
$ make install

Usage: Fetch and Insert Exploit

$ go-exploitdb fetch --help
Fetch the data of exploit

Usage:
  go-exploitdb fetch [command]

Available Commands:
  awesomepoc  Fetch the data of Awesome Poc
  exploitdb   Fetch the data of offensive security exploit db
  githubrepos Fetch the data of github repos

Flags:
      --batch-size int   The number of batch size to insert. NOTE: This Option does not work for dbtype: redis. (default 500)
      --expire uint      timeout to set for Redis keys in seconds. If set to 0, the key is persistent.
  -h, --help             help for fetch

Global Flags:
      --config string       config file (default is $HOME/.go-exploitdb.yaml)
      --dbpath string       /path/to/sqlite3 or SQL connection string
      --dbtype string       Database type to store data in (sqlite3, mysql, postgres or redis supported)
      --debug               debug mode (default: false)
      --debug-sql           SQL debug mode
      --http-proxy string   http://proxy-url:port (default: empty)
      --log-dir string      /path/to/log
      --log-json            output log as JSON
      --log-to-file         output log to file

Use "go-exploitdb fetch [command] --help" for more information about a command.
Fetch and Insert Offensive Security ExploitDB
$ go-exploitdb fetch exploitdb

Usage: Search Exploits

$ go-exploitdb search -h

Search the data of exploit

Usage:
  go-exploitdb search [flags]

Flags:
  -h, --help            help for search
      --param string   All Exploits: None  |  by CVE: [CVE-xxxx]  | by ID: [xxxx]  (default: None)
      --type string    All Exploits by CVE: CVE  |  by ID: ID (default: CVE)

Global Flags:
      --config string       config file (default is $HOME/.go-exploitdb.yaml)
      --dbpath string       /path/to/sqlite3 or SQL connection string
      --dbtype string       Database type to store data in (sqlite3, mysql, postgres or redis supported)
      --debug               debug mode (default: false)
      --debug-sql           SQL debug mode
      --http-proxy string   http://proxy-url:port (default: empty)
      --log-dir string      /path/to/log
      --log-json            output log as JSON
      --log-to-file         output log to file
Search Exploits by CVE(ex. CVE-2009-4091)
$ go-exploitdb search --type CVE --param CVE-2009-4091

Results:
---------------------------------------

[*]CVE-ExploitID Reference:
  CVE: CVE-2009-4091
  Exploit Type: OffensiveSecurity
  Exploit Unique ID: 10180
  URL: https://www.exploit-db.com/exploits/10180
  Description: Simplog 0.9.3.2 - Multiple Vulnerabilities

[*]Exploit Detail Info:
  [*]OffensiveSecurity:
  - Document:
    Path: https://github.com/offensive-security/exploitdb/exploits/php/webapps/10180.txt
    File Type: webapps
---------------------------------------
Search Exploits by ExploitDB-ID(ex. ExploitDB-ID: 10180)
$ go-exploitdb search --type ID --param 10180

Results:
---------------------------------------

[*]CVE-ExploitID Reference:
  CVE: CVE-2009-4091
  Exploit Type: OffensiveSecurity
  Exploit Unique ID: 10180
  URL: https://www.exploit-db.com/exploits/10180
  Description: Simplog 0.9.3.2 - Multiple Vulnerabilities

[*]Exploit Detail Info:
  [*]OffensiveSecurity:
  - Document:
    Path: https://github.com/offensive-security/exploitdb/exploits/php/webapps/10180.txt
    File Type: webapps
---------------------------------------

[*]CVE-ExploitID Reference:
  CVE: CVE-2009-4092
  Exploit Type: OffensiveSecurity
  Exploit Unique ID: 10180
  URL: https://www.exploit-db.com/exploits/10180
  Description: Simplog 0.9.3.2 - Multiple Vulnerabilities

[*]Exploit Detail Info:
  [*]OffensiveSecurity:
  - Document:
    Path: https://github.com/offensive-security/exploitdb/exploits/php/webapps/10180.txt
    File Type: webapps
---------------------------------------

[*]CVE-ExploitID Reference:
  CVE: CVE-2009-4093
  Exploit Type: OffensiveSecurity
  Exploit Unique ID: 10180
  URL: https://www.exploit-db.com/exploits/10180
  Description: Simplog 0.9.3.2 - Multiple Vulnerabilities

[*]Exploit Detail Info:
  [*]OffensiveSecurity:
  - Document:
    Path: https://github.com/offensive-security/exploitdb/exploits/php/webapps/10180.txt
    File Type: webapps
---------------------------------------

Usage: Start go-exploitdb as server mode

$ go-exploitdb server -h

Start go-exploitdb HTTP server

Usage:
  go-exploitdb server [flags]

Flags:
      --bind string   HTTP server bind to IP address (default: loop back interface
  -h, --help          help for server
      --port string   HTTP server port number (default: 1326

Global Flags:
      --config string       config file (default is $HOME/.go-exploitdb.yaml)
      --dbpath string       /path/to/sqlite3 or SQL connection string
      --dbtype string       Database type to store data in (sqlite3, mysql, postgres or redis supported)
      --debug               debug mode (default: false)
      --debug-sql           SQL debug mode
      --http-proxy string   http://proxy-url:port (default: empty)
      --log-dir string      /path/to/log
      --log-json            output log as JSON
      --log-to-file         output log to file
Starting Server
$ go-exploitdb server
INFO[09-30|15:05:57] Starting HTTP Server...
INFO[09-30|15:05:57] Listening...                             URL=127.0.0.1:1326
Search Exploits Get by cURL for CVE(ex. CVE-2006-2896)
$ curl http://127.0.0.1:1326/cves/CVE-2006-2896 | jq

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:100   666  100   666    0     0  39340      0 --:--:-- --:--:-- --:--:-- 41625
[
  {
    "ID": 325173,
    "exploit_type": "OffensiveSecurity",
    "exploit_unique_id": "1875",
    "url": "https://www.exploit-db.com/exploits/1875",
    "description": "FunkBoard CF0.71 - 'profile.php' Remote User Pass Change",
    "cve_id": "CVE-2006-2896",
    "offensive_security": {
      "ID": 325173,
      "ExploitID": 325173,
      "exploit_unique_id": "1875",
      "document": {
        "OffensiveSecurityID": 325173,
        "exploit_unique_id": "1875",
        "document_url": "https://github.com/offensive-security/exploitdb/exploits/php/webapps/1875.html",
        "description": "FunkBoard CF0.71 - 'profile.php' Remote User Pass Change",
        "date": "0001-01-01T00:00:00Z",
        "author": "ajann",
        "type": "webapps",
        "platform": "php",
        "port": ""
      },
      "shell_code": null,
    }
  }
]
Search Exploits by Unique ID(ex. Exploit Unique ID: 10180)
$ curl http://127.0.0.1:1326/id/10180 | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:100  1936  100  1936    0     0  52643      0 --:--:-- --:--:-- --:--:-- 53777
[
  {
    "ID": 334917,
    "exploit_type": "OffensiveSecurity",
    "exploit_unique_id": "10180",
    "url": "https://www.exploit-db.com/exploits/10180",
    "description": "Simplog 0.9.3.2 - Multiple Vulnerabilities",
    "cve_id": "CVE-2009-4091",
    "offensive_security": {
      "ID": 334917,
      "ExploitID": 334917,
      "exploit_unique_id": "10180",
      "document": {
        "OffensiveSecurityID": 334917,
        "exploit_unique_id": "10180",
        "document_url": "https://github.com/offensive-security/exploitdb/exploits/php/webapps/10180.txt",
        "description": "Simplog 0.9.3.2 - Multiple Vulnerabilities",
        "date": "0001-01-01T00:00:00Z",
        "author": "Amol Naik",
        "type": "webapps",
        "platform": "php",
        "port": ""
      },
      "shell_code": null,
    }
  },
  {
    "ID": 334918,
    "exploit_type": "OffensiveSecurity",
    "exploit_unique_id": "10180",
    "url": "https://www.exploit-db.com/exploits/10180",
    "description": "Simplog 0.9.3.2 - Multiple Vulnerabilities",
    "cve_id": "CVE-2009-4092",
    "offensive_security": {
      "ID": 334917,
      "ExploitID": 334917,
      "exploit_unique_id": "10180",
      "document": {
        "OffensiveSecurityID": 334917,
        "exploit_unique_id": "10180",
        "document_url": "https://github.com/offensive-security/exploitdb/exploits/php/webapps/10180.txt",
        "description": "Simplog 0.9.3.2 - Multiple Vulnerabilities",
        "date": "0001-01-01T00:00:00Z",
        "author": "Amol Naik",
        "type": "webapps",
        "platform": "php",
        "port": ""
      },
      "shell_code": null,
    }
  },
  {
    "ID": 334919,
    "exploit_type": "OffensiveSecurity",
    "exploit_unique_id": "10180",
    "url": "https://www.exploit-db.com/exploits/10180",
    "description": "Simplog 0.9.3.2 - Multiple Vulnerabilities",
    "cve_id": "CVE-2009-4093",
    "offensive_security": {
      "ID": 334917,
      "ExploitID": 334917,
      "exploit_unique_id": "10180",
      "document": {
        "OffensiveSecurityID": 334917,
        "exploit_unique_id": "10180",
        "document_url": "https://github.com/offensive-security/exploitdb/exploits/php/webapps/10180.txt",
        "description": "Simplog 0.9.3.2 - Multiple Vulnerabilities",
        "date": "0001-01-01T00:00:00Z",
        "author": "Amol Naik",
        "type": "webapps",
        "platform": "php",
        "port": ""
      },
      "shell_code": null,
    }
  }
]