Ausgewählt Cheat Sheet¶
Überblick¶
ExploitDB ist ein umfassendes Archiv öffentlicher Exploits und entsprechender gefährdeter Software, entwickelt für den Einsatz durch Penetrationsprüfer und Schwachstellenforscher. Es dient als endgültiges Repository für Exploits und Nachweise von Konzepten anstatt Advisorien, so dass es eine unschätzbare Ressource für Sicherheitsexperten. Die Datenbank wird von Offensive Security gepflegt und enthält Tausende verifizierte Exploits, Shellcodes und Sicherheitspapiere, die für Bildungszwecke und autorisierte Penetrationstests verwendet werden können.
ZEIT Warning: ExploitDB enthält echte Ausbeutungen, die zu Schäden an Systemen führen können. Verwenden Sie diese Exploits nur gegen Systeme, die Sie besitzen oder eine ausdrückliche schriftliche Erlaubnis zum Testen haben. Unberechtigte Nutzung von Exploits kann lokale Gesetze und Vorschriften verletzen.
Installation und Inbetriebnahme¶
Online-Zugang¶
```bash
Access ExploitDB online¶
Website: https://www.exploit-db.com/¶
No installation required for web interface¶
Direct exploit download¶
wget https://www.exploit-db.com/download/[EXPLOIT_ID]
Example: Download exploit 50383¶
wget https://www.exploit-db.com/download/50383
Download with custom filename¶
wget -O local_exploit.py https://www.exploit-db.com/download/50383 ```_
Lokale Datenbankinstallation¶
```bash
Clone ExploitDB repository¶
git clone https://github.com/offensive-security/exploitdb.git /opt/exploitdb
Update PATH to include searchsploit¶
echo 'export PATH="$PATH:/opt/exploitdb"' >> ~/.bashrc source ~/.bashrc
Update the database¶
cd /opt/exploitdb && git pull
Verify installation¶
searchsploit --help ```_
Kali Linux Setup¶
```bash
ExploitDB is pre-installed on Kali Linux¶
searchsploit --version
Update the database¶
searchsploit -u
Check database location¶
searchsploit --path
Manual update if needed¶
cd /usr/share/exploitdb && sudo git pull ```_
Docker Installation¶
```bash
Pull ExploitDB Docker image¶
docker pull offensive-security/exploitdb
Run ExploitDB in Docker¶
docker run -it --rm offensive-security/exploitdb
Mount local directory for exploit downloads¶
docker run -it --rm \ -v $(pwd):/exploits \ offensive-security/exploitdb ```_
Web Interface Nutzung¶
Grundlagen der Suche¶
```bash
Search by software name¶
Navigate to: https://www.exploit-db.com/¶
Enter software name in search box¶
Advanced search filters:¶
- Platform (Windows, Linux, macOS, etc.)¶
- Type (Local, Remote, WebApp, DoS, etc.)¶
- Date range¶
- Author¶
- Verified status¶
Example searches:¶
"Apache 2.4" - Find Apache web server exploits¶
"WordPress" - Find WordPress CMS exploits¶
"Windows 10" - Find Windows 10 specific exploits¶
"privilege escalation" - Find privilege escalation exploits¶
```_
Ausgewählte Kategorien¶
```bash
Remote Exploits¶
- Network-based attacks¶
- Service exploitation¶
- Protocol vulnerabilities¶
Local Exploits¶
- Privilege escalation¶
- Local file inclusion¶
- Buffer overflows¶
Web Application Exploits¶
- SQL injection¶
- Cross-site scripting (XSS)¶
- Remote file inclusion¶
Denial of Service (DoS)¶
- Service disruption¶
- Resource exhaustion¶
- Crash exploits¶
Shellcode¶
- Payload code¶
- Assembly instructions¶
- Platform-specific code¶
```_
Download von Exploits¶
```bash
Download individual exploit¶
curl -O https://www.exploit-db.com/download/[EXPLOIT_ID]
Download with metadata¶
curl -H "Accept: application/json" \ https://www.exploit-db.com/exploits/[EXPLOIT_ID]
Bulk download by search¶
Use web interface to export search results¶
Download CSV file with exploit metadata¶
Download papers and advisories¶
wget https://www.exploit-db.com/papers/[PAPER_ID] ```_
SearchSploit Command Line Tool¶
Basisnutzung¶
```bash
Search for exploits¶
searchsploit apache
Case-insensitive search¶
searchsploit -i apache
Search for exact match¶
searchsploit -e "Apache 2.4.7"
Search in title only¶
searchsploit -t apache
Search excluding specific terms¶
searchsploit apache --exclude="2.2"
Search with multiple terms¶
searchsploit "apache 2.4" privilege ```_
Erweiterte Suchoptionen¶
```bash
Search by platform¶
searchsploit --platform windows apache searchsploit --platform linux kernel
Search by exploit type¶
searchsploit --type remote apache searchsploit --type local windows
Search by author¶
searchsploit --author "Metasploit"
Search by CVE¶
searchsploit --cve 2021-44228 searchsploit --cve CVE-2021-34527
Search by date range¶
searchsploit --after 2020 apache searchsploit --before 2019 windows ```_
Ausgabeformatierung¶
```bash
Verbose output with full paths¶
searchsploit -v apache
JSON output¶
searchsploit -j apache
XML output¶
searchsploit -x apache
Color output (default)¶
searchsploit --colour apache
No color output¶
searchsploit --no-colour apache
Limit number of results¶
searchsploit apache|head -20 ```_
Exploit Management¶
```bash
Copy exploit to current directory¶
searchsploit -m 50383
Copy multiple exploits¶
searchsploit -m 50383,50384,50385
Copy exploit with original filename¶
searchsploit -m exploits/linux/local/50383.c
Mirror (copy) exploit to specific directory¶
searchsploit -m 50383 -o /tmp/exploits/
View exploit content¶
searchsploit -x 50383
Open exploit in default editor¶
searchsploit -e 50383 ```_
Datenbanken¶
```bash
Update ExploitDB database¶
searchsploit -u
Check database statistics¶
searchsploit --stats
Show database path¶
searchsploit --path
Rebuild database index¶
searchsploit --rebuild
Check for database integrity¶
searchsploit --check ```_
Automatisierungsskripte¶
Automatisierte Schwachstelle Forschung¶
```bash
!/bin/bash¶
Automated vulnerability research using ExploitDB¶
TARGET_SOFTWARE="\(1" OUTPUT_DIR="vulnerability_research_\)(date +%Y%m%d_%H%M%S)" REPORT_FILE="$OUTPUT_DIR/vulnerability_report.html"
if [ -z "$TARGET_SOFTWARE" ]; then
echo "Usage: $0
mkdir -p "$OUTPUT_DIR"
Function to search and analyze exploits¶
search_exploits() \\{ local software="\(1" local search_dir="\)OUTPUT_DIR/exploits"
echo "[+] Searching for exploits related to: $software"
mkdir -p "$search_dir"
# Perform comprehensive search
searchsploit -j "$software" > "$OUTPUT_DIR/search_results.json"
if [ ! -s "$OUTPUT_DIR/search_results.json" ]; then
echo "[-] No exploits found for: $software"
return 1
fi
# Parse results and categorize
python3 << EOF
import json import os from collections import defaultdict
Read search results¶
with open('$OUTPUT_DIR/search_results.json', 'r') as f: data = json.load(f)
exploits = data.get('RESULTS_EXPLOIT', []) shellcodes = data.get('RESULTS_SHELLCODE', [])
print(f"[+] Found \\{len(exploits)\\} exploits and \\{len(shellcodes)\\} shellcodes")
Categorize exploits¶
categories = defaultdict(list) platforms = defaultdict(int) types = defaultdict(int) years = defaultdict(int)
for exploit in exploits: # Extract information title = exploit.get('Title', '') platform = exploit.get('Platform', 'Unknown') exploit_type = exploit.get('Type', 'Unknown') date = exploit.get('Date', '') edb_id = exploit.get('EDB-ID', '')
# Categorize
categories[platform].append(exploit)
platforms[platform] += 1
types[exploit_type] += 1
if date:
year = date.split('-')[0]
years[year] += 1
Save categorized data¶
categorized_data = \\{ 'total_exploits': len(exploits), 'total_shellcodes': len(shellcodes), 'platforms': dict(platforms), 'types': dict(types), 'years': dict(years), 'categories': \\{k: v for k, v in categories.items()\\} \\}
with open('$OUTPUT_DIR/categorized_exploits.json', 'w') as f: json.dump(categorized_data, f, indent=2)
print("[+] Exploit categorization completed") EOF
return 0
\\}
Function to download relevant exploits¶
download_exploits() \\{ echo "[+] Downloading relevant exploits"
local download_dir="$OUTPUT_DIR/downloaded_exploits"
mkdir -p "$download_dir"
# Extract high-priority exploit IDs
python3 << EOF
import json
with open('$OUTPUT_DIR/search_results.json', 'r') as f: data = json.load(f)
exploits = data.get('RESULTS_EXPLOIT', [])
Priority criteria¶
high_priority = [] for exploit in exploits: title = exploit.get('Title', '').lower() exploit_type = exploit.get('Type', '').lower() platform = exploit.get('Platform', '').lower()
# High priority: remote exploits, privilege escalation, recent
if any(keyword in title for keyword in ['remote', 'rce', 'privilege', 'escalation']):
high_priority.append(exploit.get('EDB-ID', ''))
elif 'remote' in exploit_type:
high_priority.append(exploit.get('EDB-ID', ''))
Limit to top 20 for download¶
high_priority = high_priority[:20]
with open('$OUTPUT_DIR/priority_exploits.txt', 'w') as f: for edb_id in high_priority: f.write(f"\\{edb_id\\}\n")
print(f"[+] Identified \\{len(high_priority)\\} high-priority exploits") EOF
# Download priority exploits
if [ -f "$OUTPUT_DIR/priority_exploits.txt" ]; then
while read -r edb_id; do
if [ -n "$edb_id" ]; then
echo " [+] Downloading exploit: $edb_id"
searchsploit -m "$edb_id" -o "$download_dir/" 2>/dev/null||true
fi
done < "$OUTPUT_DIR/priority_exploits.txt"
fi
\\}
Function to analyze exploit code¶
analyze_exploits() \\{ echo "[+] Analyzing downloaded exploits"
local analysis_file="$OUTPUT_DIR/exploit_analysis.txt"
cat > "$analysis_file" << EOF
Exploit Code Analysis Report¶
Target Software: $TARGET_SOFTWARE Analysis Date: $(date)
EOF
# Analyze each downloaded exploit
find "$OUTPUT_DIR/downloaded_exploits" -type f -name "*.c" -o -name "*.py" -o -name "*.rb" -o -name "*.pl"|while read -r exploit_file; do
echo "Analyzing: $(basename "$exploit_file")" >> "$analysis_file"
echo "----------------------------------------" >> "$analysis_file"
# Extract key information
if [ -f "$exploit_file" ]; then
# Look for CVE references
cve_refs=$(grep -i "CVE-[0-9]\\\\\{4\\\\\}-[0-9]\\\\\{4,\\\\\}" "$exploit_file"|head -5)
if [ -n "$cve_refs" ]; then
echo "CVE References:" >> "$analysis_file"
echo "$cve_refs" >> "$analysis_file"
echo "" >> "$analysis_file"
fi
# Look for usage instructions
usage=$(grep -i -A 5 -B 5 "usage\|compile\|run" "$exploit_file"|head -10)
if [ -n "$usage" ]; then
echo "Usage Instructions:" >> "$analysis_file"
echo "$usage" >> "$analysis_file"
echo "" >> "$analysis_file"
fi
# Look for requirements
requirements=$(grep -i -A 3 -B 3 "require\|import\|include" "$exploit_file"|head -10)
if [ -n "$requirements" ]; then
echo "Requirements/Dependencies:" >> "$analysis_file"
echo "$requirements" >> "$analysis_file"
echo "" >> "$analysis_file"
fi
fi
echo "========================================" >> "$analysis_file"
echo "" >> "$analysis_file"
done
\\}
Function to generate HTML report¶
generate_report() \\{ echo "[+] Generating vulnerability research report"
python3 << EOF
import json import os from datetime import datetime
Read categorized data¶
try: with open('$OUTPUT_DIR/categorized_exploits.json', 'r') as f: data = json.load(f) except: data = \\{'total_exploits': 0, 'total_shellcodes': 0, 'platforms': \\{\\}, 'types': \\{\\}, 'years': \\{\\}\\}
Generate HTML report¶
html_content = f"""
Vulnerability Research Report
Target: $TARGET_SOFTWARE
Generated: \\\\{datetime.now().strftime('%Y-%m-%d %H:%M:%S')\\\\}
Executive Summary
Total Exploits Found: \\\\{data.get('total_exploits', 0)\\\\}
Total Shellcodes Found: \\\\{data.get('total_shellcodes', 0)\\\\}
Risk Assessment: \\\\{'High' if data.get('total_exploits', 0) > 10 else 'Medium' if data.get('total_exploits', 0) > 5 else 'Low'\\\\}
Platform Distribution
| Platform | Exploit Count |
|---|---|
| \\\\{platform\\\\} | \\\\{count\\\\} |
Exploit Types
| Type | Count |
|---|---|
| \\\\{exploit_type\\\\} | \\\\{count\\\\} |
Timeline Analysis
Recommendations
- Immediate Actions: Review and patch all identified vulnerabilities
- Security Controls: Implement additional security measures for high-risk components
- Monitoring: Set up monitoring for exploitation attempts
- Testing: Conduct penetration testing to validate security posture
"""
with open('$REPORT_FILE', 'w') as f: f.write(html_content)
print(f"[+] HTML report generated: $REPORT_FILE") EOF \\}
Function to check for recent exploits¶
check_recent_exploits() \\{ echo "[+] Checking for recent exploits (last 30 days)"
local recent_file="$OUTPUT_DIR/recent_exploits.txt"
local cutoff_date=$(date -d "30 days ago" +%Y-%m-%d)
searchsploit --after "$cutoff_date" "$TARGET_SOFTWARE" > "$recent_file"
if [ -s "$recent_file" ]; then
local recent_count=$(wc -l ``< "$recent_file")
echo " [!] Found $recent_count recent exploits"
# Send alert if recent exploits found
if [ "$recent_count" -gt 0 ]; then
echo "ALERT: Recent exploits found for $TARGET_SOFTWARE"|\
mail -s "Security Alert: Recent Exploits" security@company.com 2>``/dev/null||\
echo "Alert: Recent exploits detected (email failed)"
fi
else
echo " [+] No recent exploits found"
fi
\\}
Main execution¶
echo "[+] Starting vulnerability research for: $TARGET_SOFTWARE"
Check dependencies¶
if ! command -v searchsploit &> /dev/null; then echo "[-] searchsploit not found. Please install ExploitDB first." exit 1 fi
Perform research¶
if search_exploits "$TARGET_SOFTWARE"; then download_exploits analyze_exploits generate_report check_recent_exploits
echo "[+] Vulnerability research completed"
echo "[+] Results saved in: $OUTPUT_DIR"
echo "[+] Open $REPORT_FILE for detailed report"
else echo "[-] No exploits found for: $TARGET_SOFTWARE" exit 1 fi ```_
CVE to Exploit Mapping¶
```bash
!/bin/bash¶
Map CVE numbers to available exploits¶
CVE_LIST_FILE="\(1" OUTPUT_DIR="cve_exploit_mapping_\)(date +%Y%m%d_%H%M%S)"
if [ -z "\(CVE_LIST_FILE" ]||[ ! -f "\)CVE_LIST_FILE" ]; then
echo "Usage: $0
mkdir -p "$OUTPUT_DIR"
Function to search exploits for CVE¶
search_cve_exploits() \\{ local cve="\(1" local cve_dir="\)OUTPUT_DIR/$cve"
echo "[+] Searching exploits for: $cve"
mkdir -p "$cve_dir"
# Search for exploits
searchsploit --cve "$cve" -j > "$cve_dir/search_results.json"
if [ -s "$cve_dir/search_results.json" ]; then
# Parse and analyze results
python3 << EOF
import json
with open('$cve_dir/search_results.json', 'r') as f: data = json.load(f)
exploits = data.get('RESULTS_EXPLOIT', []) shellcodes = data.get('RESULTS_SHELLCODE', [])
print(f" [+] Found \\{len(exploits)\\} exploits and \\{len(shellcodes)\\} shellcodes for $cve")
Save summary¶
summary = \\{ 'cve': '$cve', 'exploit_count': len(exploits), 'shellcode_count': len(shellcodes), 'exploits': exploits, 'shellcodes': shellcodes \\}
with open('$cve_dir/summary.json', 'w') as f: json.dump(summary, f, indent=2)
Download top 5 exploits¶
if exploits: top_exploits = exploits[:5] with open('$cve_dir/top_exploits.txt', 'w') as f: for exploit in top_exploits: f.write(f"\\{exploit.get('EDB-ID', '')\\}\n") EOF
# Download top exploits
if [ -f "$cve_dir/top_exploits.txt" ]; then
while read -r edb_id; do
if [ -n "$edb_id" ]; then
searchsploit -m "$edb_id" -o "$cve_dir/" 2>/dev/null||true
fi
done < "$cve_dir/top_exploits.txt"
fi
return 0
else
echo " [-] No exploits found for: $cve"
return 1
fi
\\}
Function to generate mapping report¶
generate_mapping_report() \\{ echo "[+] Generating CVE to exploit mapping report"
local report_file="$OUTPUT_DIR/cve_exploit_mapping.html"
python3 << EOF
import json import os from datetime import datetime import glob
Collect all CVE summaries¶
cve_data = [] for summary_file in glob.glob('$OUTPUT_DIR/*/summary.json'): try: with open(summary_file, 'r') as f: data = json.load(f) cve_data.append(data) except: continue
Sort by exploit count¶
cve_data.sort(key=lambda x: x.get('exploit_count', 0), reverse=True)
Generate HTML report¶
html_content = f"""
CVE to Exploit Mapping Report
Generated: \\\\{datetime.now().strftime('%Y-%m-%d %H:%M:%S')\\\\}
Total CVEs Analyzed: \\\\{len(cve_data)\\\\}
Summary Statistics
| Metric | Value |
|---|---|
| CVEs with Exploits | \\\\{sum(1 for cve in cve_data if cve.get('exploit_count', 0) > 0)\\\\} |
| CVEs without Exploits | \\\\{sum(1 for cve in cve_data if cve.get('exploit_count', 0) == 0)\\\\} |
| Total Exploits Found | \\\\{sum(cve.get('exploit_count', 0) for cve in cve_data)\\\\} |
| Total Shellcodes Found | \\\\{sum(cve.get('shellcode_count', 0) for cve in cve_data)\\\\} |
\\\\{cve.get('cve', 'Unknown')\\\\}
Exploits Available: \\\\{exploit_count\\\\}
Shellcodes Available: \\\\{cve.get('shellcode_count', 0)\\\\}
Risk Level: \\\\{'High' if exploit_count > 5 else 'Medium' if exploit_count > 0 else 'Low'\\\\}
""" if exploit_count > 0: html_content += """Available Exploits:
| EDB-ID | Title | Platform | Type |
|---|---|---|---|
| \\\\{exploit.get('EDB-ID', '')\\\\} | \\\\{exploit.get('Title', '')\\\\} | \\\\{exploit.get('Platform', '')\\\\} | \\\\{exploit.get('Type', '')\\\\} |
"""
with open('$report_file', 'w') as f: f.write(html_content)
print(f"[+] Mapping report generated: $report_file") EOF \\}
Main execution¶
echo "[+] Starting CVE to exploit mapping"
Process each CVE¶
total_cves=0 cves_with_exploits=0
while read -r cve; do # Skip empty lines and comments [[ -z "\(cve"||"\)cve" =~ ^#.*$ ]] && continue
total_cves=$((total_cves + 1))
if search_cve_exploits "$cve"; then
cves_with_exploits=$((cves_with_exploits + 1))
fi
# Small delay to avoid overwhelming the system
sleep 1
done < "$CVE_LIST_FILE"
echo "[+] CVE mapping completed" echo " Total CVEs processed: $total_cves" echo " CVEs with exploits: $cves_with_exploits"
Generate final report¶
generate_mapping_report
echo "[+] Results saved in: $OUTPUT_DIR" ```_
Exploit Testing Framework¶
```bash
!/bin/bash¶
Automated exploit testing framework¶
EXPLOIT_ID="\(1" TARGET_HOST="\)2" TARGET_PORT="\(3" OUTPUT_DIR="exploit_test_\)(date +%Y%m%d_%H%M%S)"
if [ -z "\(EXPLOIT_ID" ]||[ -z "\)TARGET_HOST" ]; then
echo "Usage: $0
mkdir -p "$OUTPUT_DIR"
Function to download and analyze exploit¶
prepare_exploit() \\{ local edb_id="\(1" local exploit_dir="\)OUTPUT_DIR/exploit_$edb_id"
echo "[+] Preparing exploit: $edb_id"
mkdir -p "$exploit_dir"
# Download exploit
searchsploit -m "$edb_id" -o "$exploit_dir/"
if [ $? -ne 0 ]; then
echo "[-] Failed to download exploit: $edb_id"
return 1
fi
# Find the downloaded file
local exploit_file=$(find "$exploit_dir" -type f -name "*$edb_id*"|head -1)
if [ ! -f "$exploit_file" ]; then
echo "[-] Exploit file not found"
return 1
fi
echo "[+] Exploit downloaded: $exploit_file"
# Analyze exploit
analyze_exploit_code "$exploit_file"
return 0
\\}
Function to analyze exploit code¶
analyze_exploit_code() \\{ local exploit_file="\(1" local analysis_file="\)OUTPUT_DIR/exploit_analysis.txt"
echo "[+] Analyzing exploit code"
cat > "$analysis_file" << EOF
Exploit Analysis Report¶
Exploit ID: $EXPLOIT_ID File: \((basename "\)exploit_file") Analysis Date: $(date)
EOF
# Determine file type
local file_type=$(file "$exploit_file"|cut -d: -f2)
echo "File Type: $file_type" >> "$analysis_file"
echo "" >> "$analysis_file"
# Extract metadata
echo "Metadata Analysis:" >> "$analysis_file"
echo "-----------------" >> "$analysis_file"
# Look for CVE references
local cve_refs=$(grep -i "CVE-[0-9]\\\\\{4\\\\\}-[0-9]\\\\\{4,\\\\\}" "$exploit_file")
if [ -n "$cve_refs" ]; then
echo "CVE References:" >> "$analysis_file"
echo "$cve_refs" >> "$analysis_file"
echo "" >> "$analysis_file"
fi
# Look for target information
local targets=$(grep -i -E "target|vulnerable|affected" "$exploit_file"|head -10)
if [ -n "$targets" ]; then
echo "Target Information:" >> "$analysis_file"
echo "$targets" >> "$analysis_file"
echo "" >> "$analysis_file"
fi
# Look for usage instructions
local usage=$(grep -i -A 5 -B 5 -E "usage|compile|run|execute" "$exploit_file"|head -20)
if [ -n "$usage" ]; then
echo "Usage Instructions:" >> "$analysis_file"
echo "$usage" >> "$analysis_file"
echo "" >> "$analysis_file"
fi
# Look for dependencies
local deps=$(grep -i -E "import|include|require|from.*import" "$exploit_file"|head -10)
if [ -n "$deps" ]; then
echo "Dependencies:" >> "$analysis_file"
echo "$deps" >> "$analysis_file"
echo "" >> "$analysis_file"
fi
# Security analysis
echo "Security Analysis:" >> "$analysis_file"
echo "-----------------" >> "$analysis_file"
# Check for dangerous functions
local dangerous=$(grep -i -E "system|exec|eval|shell|cmd|popen" "$exploit_file"|head -10)
if [ -n "$dangerous" ]; then
echo "Potentially Dangerous Functions:" >> "$analysis_file"
echo "$dangerous" >> "$analysis_file"
echo "" >> "$analysis_file"
fi
# Check for network operations
local network=$(grep -i -E "socket|connect|bind|listen|send|recv" "$exploit_file"|head -10)
if [ -n "$network" ]; then
echo "Network Operations:" >> "$analysis_file"
echo "$network" >> "$analysis_file"
echo "" >> "$analysis_file"
fi
echo "[+] Exploit analysis completed: $analysis_file"
\\}
Function to perform pre-test reconnaissance¶
pre_test_recon() \\{ local target="\(1" local port="\)2" local recon_file="$OUTPUT_DIR/reconnaissance.txt"
echo "[+] Performing pre-test reconnaissance"
cat > "$recon_file" << EOF
Pre-Test Reconnaissance Report¶
Target: $target Port: $port Date: $(date)
EOF
# Basic connectivity test
echo "Connectivity Test:" >> "$recon_file"
if ping -c 3 "$target" &>/dev/null; then
echo " [+] Target is reachable" >> "$recon_file"
else
echo " [-] Target is not reachable" >> "$recon_file"
fi
echo "" >> "$recon_file"
# Port scan
if [ -n "$port" ]; then
echo "Port Scan:" >> "$recon_file"
if command -v nmap &> /dev/null; then
nmap -p "$port" "$target" >> "$recon_file" 2>&1
elif command -v nc &> /dev/null; then
if nc -z "$target" "$port" 2>/dev/null; then
echo " [+] Port $port is open" >> "$recon_file"
else
echo " [-] Port $port is closed or filtered" >> "$recon_file"
fi
fi
echo "" >> "$recon_file"
fi
# Service detection
if [ -n "$port" ] && command -v nmap &> /dev/null; then
echo "Service Detection:" >> "$recon_file"
nmap -sV -p "$port" "$target" >> "$recon_file" 2>&1
echo "" >> "$recon_file"
fi
echo "[+] Reconnaissance completed: $recon_file"
\\}
Function to create test environment¶
create_test_environment() \\{ echo "[+] Creating test environment"
local test_dir="$OUTPUT_DIR/test_environment"
mkdir -p "$test_dir"
# Copy exploit to test directory
cp "$OUTPUT_DIR"/exploit_*/[0-9]*.* "$test_dir/" 2>/dev/null||true
# Create test script template
cat > "$test_dir/test_exploit.sh" << 'EOF'
!/bin/bash¶
Exploit test script template¶
EXPLOIT_FILE="\(1" TARGET_HOST="\)2" TARGET_PORT="$3"
if [ -z "\(EXPLOIT_FILE" ]||[ -z "\)TARGET_HOST" ]; then
echo "Usage: $0
echo "[+] Testing exploit: $EXPLOIT_FILE" echo "[+] Target: \(TARGET_HOST:\)TARGET_PORT"
Determine exploit type and run accordingly¶
case "\(EXPLOIT_FILE" in *.py) echo "[+] Running Python exploit" python3 "\)EXPLOIT_FILE" "\(TARGET_HOST" "\)TARGET_PORT" ;; *.c) echo "[+] Compiling and running C exploit" gcc -o exploit "\(EXPLOIT_FILE" && ./exploit "\)TARGET_HOST" "\(TARGET_PORT" ;; *.rb) echo "[+] Running Ruby exploit" ruby "\)EXPLOIT_FILE" "\(TARGET_HOST" "\)TARGET_PORT" ;; *.pl) echo "[+] Running Perl exploit" perl "\(EXPLOIT_FILE" "\)TARGET_HOST" "$TARGET_PORT" ;; *) echo "[-] Unknown exploit type" exit 1 ;; esac EOF
chmod +x "$test_dir/test_exploit.sh"
echo "[+] Test environment created: $test_dir"
\\}
Function to generate test report¶
generate_test_report() \\{ echo "[+] Generating test report"
local report_file="$OUTPUT_DIR/exploit_test_report.html"
cat > "$report_file" << EOF
Exploit Test Report
Exploit ID: $EXPLOIT_ID
Target: $TARGET_HOST:$TARGET_PORT
Test Date: $(date)
⚠️ Important Notice
This report contains information about security exploits. Use this information responsibly and only against systems you own or have explicit permission to test.
Test Summary
| Parameter | Value |
|---|---|
| Exploit ID | $EXPLOIT_ID |
| Target Host | $TARGET_HOST |
| Target Port | $TARGET_PORT |
| Test Status | Prepared (Manual execution required) |
Files Generated
- Exploit Analysis: exploit_analysis.txt
- Reconnaissance: reconnaissance.txt
- Test Environment: test_environment/
- Test Script: test_environment/test_exploit.sh
Next Steps
- Review the exploit analysis and reconnaissance reports
- Ensure you have proper authorization to test the target
- Navigate to the test_environment directory
- Execute the test script with appropriate parameters
- Monitor the target system for any impact
- Document all findings and remediation steps
Legal and Ethical Considerations
- Only test systems you own or have explicit written permission to test
- Ensure testing is conducted in a controlled environment
- Have proper incident response procedures in place
- Document all testing activities for compliance purposes
- Follow responsible disclosure practices for any vulnerabilities found
EOF
echo "[+] Test report generated: $report_file"
\\}
Main execution¶
echo "[+] Starting exploit testing framework" echo "[+] Exploit ID: $EXPLOIT_ID" echo "[+] Target: \(TARGET_HOST:\)TARGET_PORT"
Check dependencies¶
if ! command -v searchsploit &> /dev/null; then echo "[-] searchsploit not found. Please install ExploitDB first." exit 1 fi
Prepare exploit¶
if prepare_exploit "\(EXPLOIT_ID"; then # Perform reconnaissance pre_test_recon "\)TARGET_HOST" "$TARGET_PORT"
# Create test environment
create_test_environment
# Generate report
generate_test_report
echo "[+] Exploit testing framework setup completed"
echo "[+] Results saved in: $OUTPUT_DIR"
echo "[+] Review the analysis before proceeding with testing"
echo "[+] REMEMBER: Only test systems you own or have permission to test"
else echo "[-] Failed to prepare exploit" exit 1 fi ```_
Integration mit anderen Tools¶
Metasploit Integration¶
```bash
Search for Metasploit modules related to ExploitDB entries¶
searchsploit -m 12345 grep -i "metasploit" 12345.rb
Convert ExploitDB exploit to Metasploit module¶
Manual process - requires Ruby/Metasploit knowledge¶
Use ExploitDB references in Metasploit¶
msfconsole -q -x "search edb:12345" ```_
Nmap Integration¶
```bash
Use Nmap scripts with ExploitDB references¶
nmap --script vuln target.com
Custom Nmap script using ExploitDB data¶
nmap --script-args=exploitdb-path=/opt/exploitdb target.com ```_
Integration von Burp Suite¶
```bash
Import ExploitDB payloads into Burp Suite¶
Manual process through Burp's payload options¶
Use ExploitDB exploits for manual testing¶
Copy exploit code and adapt for web application testing¶
```_
Fehlerbehebung¶
Gemeinsame Themen¶
Probleme der Datenbankaktualisierung¶
```bash
Manual database update¶
cd /opt/exploitdb && git pull
Fix permission issues¶
sudo chown -R \(USER:\)USER /opt/exploitdb
Rebuild database index¶
searchsploit --rebuild
Check database integrity¶
searchsploit --check ```_
Suchprobleme¶
```bash
Clear search cache¶
rm -rf ~/.searchsploit_cache
Use exact search¶
searchsploit -e "exact term"
Case-sensitive search¶
searchsploit -c "CaseSensitive"
Debug search¶
searchsploit --debug apache ```_
Probleme herunterladen¶
```bash
Check internet connectivity¶
ping www.exploit-db.com
Use alternative download method¶
curl -O https://www.exploit-db.com/download/12345
Check file permissions¶
ls -la /opt/exploitdb/exploits/
Manual file copy¶
cp /opt/exploitdb/exploits/linux/local/12345.c . ```_
Leistungsoptimierung¶
```bash
Limit search results¶
searchsploit apache|head -20
Use specific search terms¶
searchsploit "Apache 2.4.7" --exclude="2.2"
Search specific platforms only¶
searchsploit --platform linux apache
Use JSON output for parsing¶
searchsploit -j apache|jq '.RESULTS_EXPLOIT[0]' ```_
Ressourcen¶
- [ExploitDB Website](LINK_7__
- ExploitDB GitHub Repository
- SearchSploit Dokumentation
- [offensive Sicherheit](LINK_7_
- [CVE Datenbank](LINK_7
- [Nationale Sicherheitsdatenbank](LINK_7
- (LINK_7_)
--
*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Verwendung von ExploitDB und SearchSploit für Schwachstellenforschung und Exploit-Entwicklung. Stellen Sie immer sicher, dass Sie eine ordnungsgemäße Genehmigung haben, bevor Sie irgendwelche Exploits in jeder Umgebung verwenden. *