Pompem
Overview
Abschnitt betitelt „Overview“Pompem is a Python-based tool that automates the search for known exploits and vulnerabilities across multiple databases including ExploitDB, PacketStorm, and WPScan. It provides security researchers and penetration testers with an efficient way to identify publicly available exploits, vulnerability information, and proof-of-concepts for discovered software and applications without manually querying multiple sources.
Installation
Abschnitt betitelt „Installation“Linux (Debian/Ubuntu)
Abschnitt betitelt „Linux (Debian/Ubuntu)“sudo apt-get install python3 python3-pip
pip3 install pompemFedora/RHEL
Abschnitt betitelt „Fedora/RHEL“sudo dnf install python3 python3-pip
pip3 install pompembrew install python3
pip3 install pompemWindows
Abschnitt betitelt „Windows“pip install pompemFrom Source
Abschnitt betitelt „From Source“git clone https://github.com/jmendozauc/pompem.git
cd pompem
pip3 install -r requirements.txt
python3 pompem.pyVerify Installation
Abschnitt betitelt „Verify Installation“pompem --version
pompem --helpCore Concepts
Abschnitt betitelt „Core Concepts“Vulnerability Databases
Abschnitt betitelt „Vulnerability Databases“Pompem integrates with:
- ExploitDB: Largest exploit database with 50,000+ exploits
- PacketStorm: Vulnerability and security resource repository
- WPScan: WordPress vulnerability database
- SecurityFocus: Bugtraq vulnerability information
- Metasploit Database: Exploitation framework modules
Search Methods
Abschnitt betitelt „Search Methods“- Application name search
- CVE identifier lookup
- Version-specific vulnerability matching
- Software component identification
Data Aggregation
Abschnitt betitelt „Data Aggregation“Pompem combines results from multiple sources to provide comprehensive vulnerability information.
Basic Commands
Abschnitt betitelt „Basic Commands“Search by Application Name
Abschnitt betitelt „Search by Application Name“pompem -s "Apache"
pompem -s "nginx"
pompem -s "WordPress"Search by CVE
Abschnitt betitelt „Search by CVE“pompem -s "CVE-2024-1234"
pompem -c CVE-2024-00000Search with Version Information
Abschnitt betitelt „Search with Version Information“pompem -s "Apache 2.4.41"
pompem -s "WordPress 6.0.1"Search All Databases
Abschnitt betitelt „Search All Databases“pompem -s "application_name" -aCommon Usage Patterns
Abschnitt betitelt „Common Usage Patterns“| Command | Description |
|---|---|
pompem -s "app_name" | Search for application vulnerabilities |
pompem -c "CVE-XXXX" | Search by CVE identifier |
pompem -s "app" -e | Search ExploitDB only |
pompem -s "app" -w | Search WPScan only |
pompem -s "app" -p | Search PacketStorm only |
pompem -s "app" -a | Search all databases |
pompem -s "app" -f json | Output in JSON format |
Database-Specific Searches
Abschnitt betitelt „Database-Specific Searches“ExploitDB Search
Abschnitt betitelt „ExploitDB Search“pompem -s "Apache Struts" -e
pompem -s "PHP 7.4" -eWPScan Search (WordPress)
Abschnitt betitelt „WPScan Search (WordPress)“pompem -s "WordPress" -w
pompem -s "Akismet" -w
pompem -s "WooCommerce" -wPacketStorm Search
Abschnitt betitelt „PacketStorm Search“pompem -s "Cisco IOS" -p
pompem -s "Windows RDP" -pCombined Database Search
Abschnitt betitelt „Combined Database Search“pompem -s "Apache 2.4" -a
pompem -c "CVE-2021-41773" -aAdvanced Search Techniques
Abschnitt betitelt „Advanced Search Techniques“Search with Multiple Terms
Abschnitt betitelt „Search with Multiple Terms“pompem -s "Apache Struts 2 RCE"
pompem -s "PHP SQL injection"Version Range Search
Abschnitt betitelt „Version Range Search“pompem -s "WordPress 5.0"
pompem -s "Drupal 8"Specific Vulnerability Type
Abschnitt betitelt „Specific Vulnerability Type“pompem -s "Apache" | grep -i "rce\|injection\|bypass"Filter Results
Abschnitt betitelt „Filter Results“pompem -s "application" | grep "2024"
pompem -s "application" | grep -i "critical\|high"Output Formats
Abschnitt betitelt „Output Formats“Default Text Output
Abschnitt betitelt „Default Text Output“pompem -s "Apache"JSON Output
Abschnitt betitelt „JSON Output“pompem -s "Apache" -f json
pompem -s "WordPress" -f json > wordpress_vulns.jsonCSV Export
Abschnitt betitelt „CSV Export“pompem -s "application" -f csv > vulns.csvSave to File
Abschnitt betitelt „Save to File“pompem -s "Apache" > apache_vulnerabilities.txt
pompem -c "CVE-2024-1234" > cve_search.txtVulnerability Assessment Workflow
Abschnitt betitelt „Vulnerability Assessment Workflow“Step 1: Identify Target Software
Abschnitt betitelt „Step 1: Identify Target Software“# Determine application versions running on target
# Example: Apache 2.4.41, PHP 7.4.10, WordPress 5.9Step 2: Search Each Component
Abschnitt betitelt „Step 2: Search Each Component“pompem -s "Apache 2.4.41" -a
pompem -s "PHP 7.4.10" -a
pompem -s "WordPress 5.9" -aStep 3: Collect Results
Abschnitt betitelt „Step 3: Collect Results“pompem -s "Apache 2.4.41" -a > apache_vulns.txt
pompem -s "PHP 7.4.10" -a > php_vulns.txt
pompem -s "WordPress 5.9" -a > wordpress_vulns.txtStep 4: Analyze and Prioritize
Abschnitt betitelt „Step 4: Analyze and Prioritize“cat *_vulns.txt | sort | uniq > all_vulnerabilities.txt
grep -i "remote\|critical" all_vulnerabilities.txt > critical_vulns.txtStep 5: Document Findings
Abschnitt betitelt „Step 5: Document Findings“# Create assessment report with findingsReconnaissance Integration
Abschnitt betitelt „Reconnaissance Integration“Web Application Fingerprinting
Abschnitt betitelt „Web Application Fingerprinting“# After identifying web technologies
pompem -s "Nginx 1.18" -a
pompem -s "PHP 8.0" -a
pompem -s "WordPress 5.8" -aService Discovery Follow-up
Abschnitt betitelt „Service Discovery Follow-up“# Search identified services
pompem -s "OpenSSH 7.4" -a
pompem -s "Postfix 2.11" -a
pompem -s "Bind 9.11" -aPlugin/Module Enumeration
Abschnitt betitelt „Plugin/Module Enumeration“# Search discovered plugins
pompem -s "WordPress WooCommerce" -w
pompem -s "Drupal Views" -eBatch Processing
Abschnitt betitelt „Batch Processing“Search Multiple Applications
Abschnitt betitelt „Search Multiple Applications“#!/bin/bash
APPS=("Apache 2.4" "PHP 7.4" "WordPress 5.9" "MySQL 8.0")
for app in "${APPS[@]}"; do
echo "=== Searching for $app ===" >> vulnerabilities.txt
pompem -s "$app" -a >> vulnerabilities.txt
echo "" >> vulnerabilities.txt
doneProcess CVE List
Abschnitt betitelt „Process CVE List“#!/bin/bash
while IFS= read -r cve; do
pompem -c "$cve" -a >> cve_details.txt
done < cve_list.txtSearch from Nmap Output
Abschnitt betitelt „Search from Nmap Output“# After nmap service detection
pompem -s "Apache httpd 2.4.41"
pompem -s "OpenSSH 7.6p1"Exploit Identification
Abschnitt betitelt „Exploit Identification“Find Available Exploits
Abschnitt betitelt „Find Available Exploits“pompem -s "application" -e | grep -i "exploit\|poc"Identify POCs
Abschnitt betitelt „Identify POCs“pompem -s "Apache Struts 2" -e
# Will show available Proof-of-ConceptsGet Exploit Details
Abschnitt betitelt „Get Exploit Details“pompem -s "vulnerability" -a
# Returns full details including exploit source URLsCVE Tracking
Abschnitt betitelt „CVE Tracking“Search by CVE ID
Abschnitt betitelt „Search by CVE ID“pompem -c "CVE-2021-41773"
pompem -c "CVE-2021-44228"Track CVE Across Databases
Abschnitt betitelt „Track CVE Across Databases“pompem -c "CVE-2024-12345" -a
# Shows all available resources for the CVERecent Vulnerability Research
Abschnitt betitelt „Recent Vulnerability Research“pompem -s "2024" | head -20WordPress-Specific Searches
Abschnitt betitelt „WordPress-Specific Searches“Theme Vulnerabilities
Abschnitt betitelt „Theme Vulnerabilities“pompem -s "WordPress Twenty Twenty Two" -wPlugin Search
Abschnitt betitelt „Plugin Search“pompem -s "WordPress Plugin" -w
pompem -s "WooCommerce" -wCore Vulnerability Search
Abschnitt betitelt „Core Vulnerability Search“pompem -s "WordPress 6.0" -wContent Management System Searches
Abschnitt betitelt „Content Management System Searches“Drupal Vulnerabilities
Abschnitt betitelt „Drupal Vulnerabilities“pompem -s "Drupal 9" -a
pompem -s "Drupal Module" -eJoomla Vulnerabilities
Abschnitt betitelt „Joomla Vulnerabilities“pompem -s "Joomla 3.10" -a
pompem -s "Joomla Extension" -eMagento Vulnerabilities
Abschnitt betitelt „Magento Vulnerabilities“pompem -s "Magento 2.4" -aIntegration with Testing Tools
Abschnitt betitelt „Integration with Testing Tools“Feed to Exploit Frameworks
Abschnitt betitelt „Feed to Exploit Frameworks“# Extract exploit URLs for Metasploit
pompem -s "Windows Server 2019" -e | grep "http" > exploit_urls.txtCreate Vulnerability Dashboard
Abschnitt betitelt „Create Vulnerability Dashboard“# Generate JSON report for dashboard
pompem -s "application" -f json > vuln_dashboard.jsonCross-Reference with Nessus
Abschnitt betitelt „Cross-Reference with Nessus“# Compare Pompem results with Nessus scan
pompem -s "service_name" -a > pompem_results.txt
# Compare with Nessus exportReporting
Abschnitt betitelt „Reporting“Generate Summary Report
Abschnitt betitelt „Generate Summary Report“echo "=== Vulnerability Assessment Report ===" > report.txt
echo "Date: $(date)" >> report.txt
echo "Target: target.com" >> report.txt
echo "" >> report.txt
echo "=== Identified Vulnerabilities ===" >> report.txt
pompem -s "identified_service" -a >> report.txtCreate Detailed Vulnerability Documentation
Abschnitt betitelt „Create Detailed Vulnerability Documentation“#!/bin/bash
SERVICES=("Apache 2.4.41" "PHP 7.4.10" "WordPress 5.9")
{
echo "# Vulnerability Assessment Report"
echo "Date: $(date)"
echo ""
for service in "${SERVICES[@]}"; do
echo "## $service"
pompem -s "$service" -a
echo ""
done
} > assessment_report.txtExport for Management Review
Abschnitt betitelt „Export for Management Review“pompem -s "application" -f json | jq '.[] | {name, severity, cve}' > executive_summary.jsonPerformance Optimization
Abschnitt betitelt „Performance Optimization“Parallel Searches (GNU Parallel)
Abschnitt betitelt „Parallel Searches (GNU Parallel)“echo "Apache 2.4" | parallel pompem -s {}
cat app_list.txt | parallel pompem -s {}Batch Caching Results
Abschnitt betitelt „Batch Caching Results“# Cache results for repeated searches
pompem -s "Apache" -a > apache_cache.txt
# Use cached results for reporting
cat apache_cache.txtTroubleshooting
Abschnitt betitelt „Troubleshooting“Database Connection Issues
Abschnitt betitelt „Database Connection Issues“# Check internet connectivity
ping www.google.com
# Verify API endpoints are accessible
curl -I "https://www.exploit-db.com"Timeout Errors
Abschnitt betitelt „Timeout Errors“# Increase timeout for large result sets
timeout 60 pompem -s "popular_application"Filter Large Result Sets
Abschnitt betitelt „Filter Large Result Sets“# Narrow searches to reduce results
pompem -s "Apache 2.4.41" -e # Specific version
pompem -c "CVE-2024-12345" # Specific CVEUpdate Database
Abschnitt betitelt „Update Database“# Ensure latest vulnerability data
pip3 install --upgrade pompemBest Practices
Abschnitt betitelt „Best Practices“- Verify Findings: Cross-reference results with official sources
- Document Sources: Note which database provided each finding
- Prioritize Severity: Focus on critical and high-severity vulnerabilities
- Check Patch Status: Verify if patches are available
- Timeline Tracking: Note vulnerability disclosure dates
- Responsible Disclosure: Follow coordinated disclosure practices
- Regular Searches: Maintain up-to-date vulnerability inventory
- Assessment Reports: Document all findings systematically
Related Tools
Abschnitt betitelt „Related Tools“- Nuclei: Template-based scanning with integration
- Searchsploit: Local ExploitDB search tool
- Shodan: Internet search engine for services
- CVEDetails: CVE information aggregator
- SecurityTrails: DNS and domain intelligence
- OpenCVE: CVE monitoring platform