Skip to content
1337skills 1337skills

Pompem

Overview

Section titled “Overview”

Pompem is a Python-based tool that automates the search for known exploits and vulnerabilities across multiple databases including ExploitDB, PacketStorm, and WPScan. It provides security researchers and penetration testers with an efficient way to identify publicly available exploits, vulnerability information, and proof-of-concepts for discovered software and applications without manually querying multiple sources.

Installation

Section titled “Installation”

Linux (Debian/Ubuntu)

Section titled “Linux (Debian/Ubuntu)”
sudo apt-get install python3 python3-pip
pip3 install pompem

Fedora/RHEL

Section titled “Fedora/RHEL”
sudo dnf install python3 python3-pip
pip3 install pompem

macOS

Section titled “macOS”
brew install python3
pip3 install pompem

Windows

Section titled “Windows”
pip install pompem

From Source

Section titled “From Source”
git clone https://github.com/jmendozauc/pompem.git
cd pompem
pip3 install -r requirements.txt
python3 pompem.py

Verify Installation

Section titled “Verify Installation”
pompem --version
pompem --help

Core Concepts

Section titled “Core Concepts”

Vulnerability Databases

Section titled “Vulnerability Databases”

Pompem integrates with:

  • ExploitDB: Largest exploit database with 50,000+ exploits
  • PacketStorm: Vulnerability and security resource repository
  • WPScan: WordPress vulnerability database
  • SecurityFocus: Bugtraq vulnerability information
  • Metasploit Database: Exploitation framework modules

Search Methods

Section titled “Search Methods”
  • Application name search
  • CVE identifier lookup
  • Version-specific vulnerability matching
  • Software component identification

Data Aggregation

Section titled “Data Aggregation”

Pompem combines results from multiple sources to provide comprehensive vulnerability information.

Basic Commands

Section titled “Basic Commands”

Search by Application Name

Section titled “Search by Application Name”
pompem -s "Apache"
pompem -s "nginx"
pompem -s "WordPress"

Search by CVE

Section titled “Search by CVE”
pompem -s "CVE-2024-1234"
pompem -c CVE-2024-00000

Search with Version Information

Section titled “Search with Version Information”
pompem -s "Apache 2.4.41"
pompem -s "WordPress 6.0.1"

Search All Databases

Section titled “Search All Databases”
pompem -s "application_name" -a

Common Usage Patterns

Section titled “Common Usage Patterns”
CommandDescription
pompem -s "app_name"Search for application vulnerabilities
pompem -c "CVE-XXXX"Search by CVE identifier
pompem -s "app" -eSearch ExploitDB only
pompem -s "app" -wSearch WPScan only
pompem -s "app" -pSearch PacketStorm only
pompem -s "app" -aSearch all databases
pompem -s "app" -f jsonOutput in JSON format

Database-Specific Searches

Section titled “Database-Specific Searches”
Section titled “ExploitDB Search”
pompem -s "Apache Struts" -e
pompem -s "PHP 7.4" -e

WPScan Search (WordPress)

Section titled “WPScan Search (WordPress)”
pompem -s "WordPress" -w
pompem -s "Akismet" -w
pompem -s "WooCommerce" -w
Section titled “PacketStorm Search”
pompem -s "Cisco IOS" -p
pompem -s "Windows RDP" -p
Section titled “Combined Database Search”
pompem -s "Apache 2.4" -a
pompem -c "CVE-2021-41773" -a

Advanced Search Techniques

Section titled “Advanced Search Techniques”

Search with Multiple Terms

Section titled “Search with Multiple Terms”
pompem -s "Apache Struts 2 RCE"
pompem -s "PHP SQL injection"
Section titled “Version Range Search”
pompem -s "WordPress 5.0"
pompem -s "Drupal 8"

Specific Vulnerability Type

Section titled “Specific Vulnerability Type”
pompem -s "Apache" | grep -i "rce\|injection\|bypass"

Filter Results

Section titled “Filter Results”
pompem -s "application" | grep "2024"
pompem -s "application" | grep -i "critical\|high"

Output Formats

Section titled “Output Formats”

Default Text Output

Section titled “Default Text Output”
pompem -s "Apache"

JSON Output

Section titled “JSON Output”
pompem -s "Apache" -f json
pompem -s "WordPress" -f json > wordpress_vulns.json

CSV Export

Section titled “CSV Export”
pompem -s "application" -f csv > vulns.csv

Save to File

Section titled “Save to File”
pompem -s "Apache" > apache_vulnerabilities.txt
pompem -c "CVE-2024-1234" > cve_search.txt

Vulnerability Assessment Workflow

Section titled “Vulnerability Assessment Workflow”

Step 1: Identify Target Software

Section titled “Step 1: Identify Target Software”
# Determine application versions running on target
# Example: Apache 2.4.41, PHP 7.4.10, WordPress 5.9

Step 2: Search Each Component

Section titled “Step 2: Search Each Component”
pompem -s "Apache 2.4.41" -a
pompem -s "PHP 7.4.10" -a
pompem -s "WordPress 5.9" -a

Step 3: Collect Results

Section titled “Step 3: Collect Results”
pompem -s "Apache 2.4.41" -a > apache_vulns.txt
pompem -s "PHP 7.4.10" -a > php_vulns.txt
pompem -s "WordPress 5.9" -a > wordpress_vulns.txt

Step 4: Analyze and Prioritize

Section titled “Step 4: Analyze and Prioritize”
cat *_vulns.txt | sort | uniq > all_vulnerabilities.txt
grep -i "remote\|critical" all_vulnerabilities.txt > critical_vulns.txt

Step 5: Document Findings

Section titled “Step 5: Document Findings”
# Create assessment report with findings

Reconnaissance Integration

Section titled “Reconnaissance Integration”

Web Application Fingerprinting

Section titled “Web Application Fingerprinting”
# After identifying web technologies
pompem -s "Nginx 1.18" -a
pompem -s "PHP 8.0" -a
pompem -s "WordPress 5.8" -a

Service Discovery Follow-up

Section titled “Service Discovery Follow-up”
# Search identified services
pompem -s "OpenSSH 7.4" -a
pompem -s "Postfix 2.11" -a
pompem -s "Bind 9.11" -a

Plugin/Module Enumeration

Section titled “Plugin/Module Enumeration”
# Search discovered plugins
pompem -s "WordPress WooCommerce" -w
pompem -s "Drupal Views" -e

Batch Processing

Section titled “Batch Processing”

Search Multiple Applications

Section titled “Search Multiple Applications”
#!/bin/bash
APPS=("Apache 2.4" "PHP 7.4" "WordPress 5.9" "MySQL 8.0")

for app in "${APPS[@]}"; do
    echo "=== Searching for $app ===" >> vulnerabilities.txt
    pompem -s "$app" -a >> vulnerabilities.txt
    echo "" >> vulnerabilities.txt
done

Process CVE List

Section titled “Process CVE List”
#!/bin/bash
while IFS= read -r cve; do
    pompem -c "$cve" -a >> cve_details.txt
done < cve_list.txt

Search from Nmap Output

Section titled “Search from Nmap Output”
# After nmap service detection
pompem -s "Apache httpd 2.4.41"
pompem -s "OpenSSH 7.6p1"

Exploit Identification

Section titled “Exploit Identification”

Find Available Exploits

Section titled “Find Available Exploits”
pompem -s "application" -e | grep -i "exploit\|poc"

Identify POCs

Section titled “Identify POCs”
pompem -s "Apache Struts 2" -e
# Will show available Proof-of-Concepts

Get Exploit Details

Section titled “Get Exploit Details”
pompem -s "vulnerability" -a
# Returns full details including exploit source URLs

CVE Tracking

Section titled “CVE Tracking”

Search by CVE ID

Section titled “Search by CVE ID”
pompem -c "CVE-2021-41773"
pompem -c "CVE-2021-44228"

Track CVE Across Databases

Section titled “Track CVE Across Databases”
pompem -c "CVE-2024-12345" -a
# Shows all available resources for the CVE

Recent Vulnerability Research

Section titled “Recent Vulnerability Research”
pompem -s "2024" | head -20

WordPress-Specific Searches

Section titled “WordPress-Specific Searches”

Theme Vulnerabilities

Section titled “Theme Vulnerabilities”
pompem -s "WordPress Twenty Twenty Two" -w
Section titled “Plugin Search”
pompem -s "WordPress Plugin" -w
pompem -s "WooCommerce" -w
Section titled “Core Vulnerability Search”
pompem -s "WordPress 6.0" -w

Content Management System Searches

Section titled “Content Management System Searches”

Drupal Vulnerabilities

Section titled “Drupal Vulnerabilities”
pompem -s "Drupal 9" -a
pompem -s "Drupal Module" -e

Joomla Vulnerabilities

Section titled “Joomla Vulnerabilities”
pompem -s "Joomla 3.10" -a
pompem -s "Joomla Extension" -e

Magento Vulnerabilities

Section titled “Magento Vulnerabilities”
pompem -s "Magento 2.4" -a

Integration with Testing Tools

Section titled “Integration with Testing Tools”

Feed to Exploit Frameworks

Section titled “Feed to Exploit Frameworks”
# Extract exploit URLs for Metasploit
pompem -s "Windows Server 2019" -e | grep "http" > exploit_urls.txt

Create Vulnerability Dashboard

Section titled “Create Vulnerability Dashboard”
# Generate JSON report for dashboard
pompem -s "application" -f json > vuln_dashboard.json

Cross-Reference with Nessus

Section titled “Cross-Reference with Nessus”
# Compare Pompem results with Nessus scan
pompem -s "service_name" -a > pompem_results.txt
# Compare with Nessus export

Reporting

Section titled “Reporting”

Generate Summary Report

Section titled “Generate Summary Report”
echo "=== Vulnerability Assessment Report ===" > report.txt
echo "Date: $(date)" >> report.txt
echo "Target: target.com" >> report.txt
echo "" >> report.txt
echo "=== Identified Vulnerabilities ===" >> report.txt
pompem -s "identified_service" -a >> report.txt

Create Detailed Vulnerability Documentation

Section titled “Create Detailed Vulnerability Documentation”
#!/bin/bash
SERVICES=("Apache 2.4.41" "PHP 7.4.10" "WordPress 5.9")

{
    echo "# Vulnerability Assessment Report"
    echo "Date: $(date)"
    echo ""
    
    for service in "${SERVICES[@]}"; do
        echo "## $service"
        pompem -s "$service" -a
        echo ""
    done
} > assessment_report.txt

Export for Management Review

Section titled “Export for Management Review”
pompem -s "application" -f json | jq '.[] | {name, severity, cve}' > executive_summary.json

Performance Optimization

Section titled “Performance Optimization”

Parallel Searches (GNU Parallel)

Section titled “Parallel Searches (GNU Parallel)”
echo "Apache 2.4" | parallel pompem -s {}
cat app_list.txt | parallel pompem -s {}

Batch Caching Results

Section titled “Batch Caching Results”
# Cache results for repeated searches
pompem -s "Apache" -a > apache_cache.txt
# Use cached results for reporting
cat apache_cache.txt

Troubleshooting

Section titled “Troubleshooting”

Database Connection Issues

Section titled “Database Connection Issues”
# Check internet connectivity
ping www.google.com

# Verify API endpoints are accessible
curl -I "https://www.exploit-db.com"

Timeout Errors

Section titled “Timeout Errors”
# Increase timeout for large result sets
timeout 60 pompem -s "popular_application"

Filter Large Result Sets

Section titled “Filter Large Result Sets”
# Narrow searches to reduce results
pompem -s "Apache 2.4.41" -e  # Specific version
pompem -c "CVE-2024-12345"     # Specific CVE

Update Database

Section titled “Update Database”
# Ensure latest vulnerability data
pip3 install --upgrade pompem

Best Practices

Section titled “Best Practices”
  • Verify Findings: Cross-reference results with official sources
  • Document Sources: Note which database provided each finding
  • Prioritize Severity: Focus on critical and high-severity vulnerabilities
  • Check Patch Status: Verify if patches are available
  • Timeline Tracking: Note vulnerability disclosure dates
  • Responsible Disclosure: Follow coordinated disclosure practices
  • Regular Searches: Maintain up-to-date vulnerability inventory
  • Assessment Reports: Document all findings systematically
Section titled “Related Tools”
  • Nuclei: Template-based scanning with integration
  • Searchsploit: Local ExploitDB search tool
  • Shodan: Internet search engine for services
  • CVEDetails: CVE information aggregator
  • SecurityTrails: DNS and domain intelligence
  • OpenCVE: CVE monitoring platform