Suche nach: Cheat Sheet¶

Im Überblick

SearchSploit ist ein Kommandozeilen-Suche-Tool für ExploitDB, mit dem Sie eine Kopie der ExploitDB mitnehmen können, wohin Sie auch gehen. SearchSploit gibt Ihnen die Möglichkeit, detaillierte Offline-Suche durch Ihre vor Ort überprüfte Kopie des Repository durchzuführen. Diese Fähigkeit ist besonders nützlich bei Penetrationstests, bei denen Internet-Konnektivität begrenzt sein kann oder wenn Sie schnell durch tausende von Exploits suchen müssen, ohne auf Web-Schnittstellen zu verlassen.

ZEITSCHRIFTEN Warning: SearchSploit bietet Zugang zu realen Exploits, die Schäden an Systemen verursachen können. Verwenden Sie diese Exploits nur gegen Systeme, die Sie besitzen oder eine ausdrückliche schriftliche Erlaubnis zum Testen haben. Unberechtigte Nutzung von Exploits kann lokale Gesetze und Vorschriften verletzen.

• Installation

Kali Linux Installation¶

# SearchSploit is pre-installed on Kali Linux
searchsploit --version

# Update the database
searchsploit -u

# Check installation path
which searchsploit

# Verify database location
searchsploit --path
```_

### Ubuntu/Debian Installation
```bash
# Install git if not already installed
sudo apt update
sudo apt install git

# Clone ExploitDB repository
sudo git clone https://github.com/offensive-security/exploitdb.git /opt/exploitdb

# Create symbolic link
sudo ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit

# Update PATH (add to ~/.bashrc for persistence)
export PATH="$PATH:/opt/exploitdb"

# Verify installation
searchsploit --help
```_

### Manuelle Installation
```bash
# Download and extract
wget https://github.com/offensive-security/exploitdb/archive/main.zip
unzip main.zip
mv exploitdb-main /opt/exploitdb

# Make searchsploit executable
chmod +x /opt/exploitdb/searchsploit

# Create symbolic link
sudo ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit

# Configure .searchsploit_rc file
echo 'papers_directory="/opt/exploitdb/papers"' > ~/.searchsploit_rc
echo 'exploits_directory="/opt/exploitdb/exploits"' >> ~/.searchsploit_rc
```_

### Docker Installation
```bash
# Create Dockerfile
cat > Dockerfile << 'EOF'
FROM ubuntu:20.04
RUN apt-get update && apt-get install -y git
RUN git clone https://github.com/offensive-security/exploitdb.git /opt/exploitdb
RUN ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit
WORKDIR /opt/exploitdb
ENTRYPOINT ["/opt/exploitdb/searchsploit"]
EOF

# Build Docker image
docker build -t searchsploit .

# Run SearchSploit in Docker
docker run --rm searchsploit apache

# Create alias for easier usage
echo 'alias searchsploit="docker run --rm -v $(pwd):/data searchsploit"' >> ~/.bashrc
```_

oder Basisnutzung

### Einfache Suche
```bash
# Basic search
searchsploit apache

# Search for multiple terms
searchsploit apache 2.4

# Search with quotes for exact phrase
searchsploit "apache 2.4.7"

# Case-insensitive search (default)
searchsploit APACHE

# Case-sensitive search
searchsploit -c Apache

# Search in title only
searchsploit -t apache

# Search excluding specific terms
searchsploit apache --exclude="2.2"
```_

### Erweiterte Suchoptionen
```bash
# Search by platform
searchsploit --platform windows apache
searchsploit --platform linux kernel
searchsploit --platform php web

# Search by exploit type
searchsploit --type remote apache
searchsploit --type local windows
searchsploit --type webapps php

# Search by author
searchsploit --author "Metasploit"
searchsploit --author "exploit-db"

# Search by port
searchsploit --port 80
searchsploit --port 443

# Combine multiple filters
searchsploit --platform linux --type local kernel
```_

### CVE und Vulnerability Searchs
```bash
# Search by CVE number
searchsploit --cve 2021-44228
searchsploit --cve CVE-2021-34527

# Search by multiple CVEs
searchsploit --cve 2021-44228,2021-34527

# Search for recent CVEs
searchsploit --cve 2023-

# Search by vulnerability type
searchsploit "buffer overflow"
searchsploit "sql injection"
searchsploit "privilege escalation"
searchsploit "remote code execution"
```_

### Date based Searchs
```bash
# Search for exploits after specific date
searchsploit --after 2020 apache
searchsploit --after 2021-01-01 windows

# Search for exploits before specific date
searchsploit --before 2019 linux
searchsploit --before 2020-12-31 php

# Search within date range
searchsploit --after 2020 --before 2021 kernel

# Search for recent exploits (last 30 days)
searchsploit --after $(date -d "30 days ago" +%Y-%m-%d)
```_

Ausgabeformatierung und Anzeige

### Ausgabeformate
```bash
# Default table format
searchsploit apache

# Verbose output with full paths
searchsploit -v apache

# JSON output
searchsploit -j apache

# XML output
searchsploit -x apache

# CSV output (pipe to file)
searchsploit apache|sed 's/|/,/g' > results.csv

# Color output (default)
searchsploit --colour apache

# No color output
searchsploit --no-colour apache
```_

### Filter- und Limitierungsergebnisse
```bash
# Limit number of results
searchsploit apache|head -10

# Show only exploit IDs
searchsploit apache|awk '\\\\{print $1\\\\}'|grep -E '^[0-9]+

### Search Result Analysis
```bash
# Gesamtergebnisse
suchsploit apache|wc -l

# Zählen Sie nach Plattform
suchsploit apache|grep -c linux
suchsploit apache|grep -c windows

# Anzahl nach Typ
suchsploit apache|grep -c remote
suchsploit apache|grep -c local

# Extrahieren Sie einzigartige Plattformen
Suchanfragen -j apache|jq -r '.RESULTS_EXPLOIT[]. Plattform |sort|uniq -c

# Ausgewählte Autoren
suchsploit -j apache|jq -r '.RESULTS_EXPLOIT[]. Autor(en) -c

Exploit Management¶

Copying and Downloading Exploits¶

# Kopieren von Exploit in aktuelles Verzeichnis
Suche -m 50383

# Kopieren Sie mehrere Exploits
Suche -m 50383,50384,50385

# Kopieren von Exploit auf bestimmtes Verzeichnis
Suchanfrage -m 50383 -o /tmp/exploits/

# Kopie mit Originaldateinamen erhalten
Suchanfragen -m Exploits/linux/local/50383.c

# Alle Exploits von Suchergebnissen kopieren
suchsploit -j apache|jq -r '.RESULTS_EXPLOIT[]. EDB-ID'|head -5|xargs searchsploit - Ja.

# Batch copy Exploits
echo "50383,50384,50385"|tr ',' '\n'|xargs -I \{\} searchsploit -m \{\}

Viewing and Examining Exploits¶

# Inhalte nutzen
Suche -x 50383

# Open Exploit im Standardeditor
Suche -e 50383

# Exploit mit Syntax-Highlighting ansehen
searchsploit -m 50383 && cat 50383.c|highlight --syntax=c

# Metadaten nutzen
searchsploit -j apache|jq '.RESULTS_EXPLOIT[]|select(.["EDB-ID"] == "50383") '

# Informationen zur Nutzung
Suchanfrage -p 50383

Exploit Organization¶

# Organisierte Verzeichnisstruktur erstellen
mkdir -p nutzt/\{windows,linux,web,mobile\}

# Kopieren von Exploits durch Plattform
searchsploit --platform windows -j|jq -r '.RESULTS_EXPLOIT[].["EDB-ID"]'|head -10|xargs -I \{\} searchsploit -m \{\} -o Exploits/Fenster/

# Kopieren von Exploits nach Typ
searchsploit --type webapps -j|jq -r '.RESULTS_EXPLOIT[].["EDB-ID"]'|head -10|xargs -I \{\} searchsploit -m \{\} -o Exploits/web/

# Exploit Inventar erstellen
suchsploit -j apache|jq -r '.RESULTS_EXPLOIT[]|\(.["EDB-ID"]),\(.Title),\(.Platform),\(.Type)" > apache_exploits.csv

Database Management¶

Database Updates¶

# Update ExploitDB Datenbank
Suchanfragen -u

# Force Update (überschreiben lokale Änderungen)
cd /opt/exploitdb &amp; git reset --hard &amp; git pull

# Überprüfen Sie Updates ohne Anwendung
cd /opt/exploitiert &amp; git fetch && git status

# Spezifische Branche aktualisieren
cd /opt/exploitiert &amp; git pull

# Update verifizieren
Suche --stats

Database Information¶

# Datenbankstatistiken anzeigen
Suche --stats

# Datenbankpfad anzeigen
Suchanfragen --path

# Überprüfen Sie die Integrität der Datenbank
Suchanfragen - Check

# Datenbankindex aufbauen
Suchanfragen -- rebuild

# Versionsinformationen anzeigen
Suchanfragen --version

# Hilfeinformationen anzeigen
Suchanfragen -- Hilfe

Database Maintenance¶

# temporäre Dateien reinigen
finden /opt/exploitdb -name "*.tmp" -delete

# Verwenden der Festplatten
du -sh /opt/exploitiert

# Backup-Datenbank
tar -czf Ausbeutedb_backup_$(date +%Y%m%d.tar.gz /opt/exploitiert

# Wiederherstellen Datenbank von Backup
Teer -xzf Explodb_backup_20231201.tar.gz -C /

# Datenbank nach Wartung überprüfen
Suchanfragen - Check

Automation Scripts¶

Automated Vulnerability Assessment¶

#/bin/bash
# Automatische Sicherheitsbewertung mit SearchSploit

TARGET_LIST="$1"
OUTPUT_DIR="searchsploit_assessment_$(date +%Y%m%d_%H%M%S"
REPORT_FILE="$OUTPUT_DIR/vulnerability_assessment_report.html"

wenn [ -z "$TARGET_LIST" ]||[ ! -f "$TARGET_LIST" ]; dann
echo "Nutzung: $0 <target_list_file>"
echo "Target-Listendatei sollte eine Software/Service pro Zeile enthalten"
echo "Beispiel: 'Apache 2.4.7', 'Windows 10', 'PHP 7.4'"
Ausgang 1
Fichte

mkdir -p "$OUTPUT_DIR"

# Funktion zur Bewertung von Einzelzielen
Bewertung_target() \{
lokale Ziel="$1"
lokale Ziel_dir="$OUTPUT_DIR/$(echo "$target"|tr ' /' '_')"

echo "[+] Assessing: $target"

mkdir -p "$target_dir"

Suche nach Exploits
suchsploit -j "$target" > "$target_dir/search_results.json"

wenn [ -s "$target_dir/search_results.json"]; dann
# Parse und Analyseergebnisse
python3 << EOF
import json
import os
from collections import defaultdict

# Read search results
with open('$target_dir/search_results.json', 'r') as f:
    data = json.load(f)

exploits = data.get('RESULTS_EXPLOIT', [])
shellcodes = data.get('RESULTS_SHELLCODE', [])

print(f"  [+] Found \{len(exploits)\} exploits and \{len(shellcodes)\} shellcodes")

if not exploits and not shellcodes:
    print(f"  [-] No exploits found for: $target")
    exit(0)

# Analyze exploits
analysis = \{
    'target': '$target',
    'total_exploits': len(exploits),
    'total_shellcodes': len(shellcodes),
    'platforms': defaultdict(int),
    'types': defaultdict(int),
    'years': defaultdict(int),
    'severity_assessment': 'Unknown',
    'high_priority_exploits': []
\}

for exploit in exploits:
    platform = exploit.get('Platform', 'Unknown')
    exploit_type = exploit.get('Type', 'Unknown')
    date = exploit.get('Date', '')
    title = exploit.get('Title', '').lower()

    analysis['platforms'][platform] += 1
    analysis['types'][exploit_type] += 1

    if date:
        year = date.split('-')[0]
        analysis['years'][year] += 1

    # Identify high-priority exploits
    if any(keyword in title for keyword in ['remote', 'rce', 'privilege', 'escalation', 'buffer overflow']):
        analysis['high_priority_exploits'].append(exploit)

# Assess severity
total_exploits = len(exploits)
high_priority_count = len(analysis['high_priority_exploits'])
remote_count = analysis['types'].get('remote', 0)

if high_priority_count >5 oder remote_count > 3:
Analyse['severity_assessment'] = 'Kritisch '
elif high_priority_count > 2 oder remote_count > 1:
Analyse['severity_assessment'] = 'High '
elif total_exploment > 5:
Analyse['severity_assessment'] = 'Medium '
andere:
Analyse['severity_assessment'] = 'Low'

# Analyse speichern
mit offen('$target_dir/analysis.json', 'w') als f:
json.dump(Analyse, f, indent=2, default=str)

Print(f) [+] Beurteilung der Schwere: \{Analyse['severity_assessment']\}")
Print(f) [+] Hohe Prioritätsausbeuten: \{high_priority_count\}")
EOF

# Hochprioritätsausbeuten herunterladen
wenn [ -f "$target_dir/analysis.json"]; dann
Python << EOF
import json

with open('$target_dir/analysis.json', 'r') as f:
    analysis = json.load(f)

high_priority = analysis.get('high_priority_exploits', [])[:10]  # Limit to 10

if high_priority:
    with open('$target_dir/priority_exploits.txt', 'w') as f:
        for exploit in high_priority:
            f.write(f"\{exploit.get('EDB-ID', '')\}\\n")
EOF

            # Download priority exploits
            if [ -f "$target_dir/priority_exploits.txt" ]; then
                while read -r edb_id; do
                    if [ -n "$edb_id" ]; then
                        searchsploit -m "$edb_id" -o "$target_dir/" 2>/dev/null||true
Fichte
erledigt < "$target_dir/priority_exploits.txt"
            fi
        fi

        return 0
    else
        echo "  [-] No exploits found for: $target"
        return 1
    fi
\}

# Function to generate comprehensive report
generate_report() \{
    echo "[+] Generating comprehensive assessment report"

    python3 << EOF
import json
import os
import glob
from datetime import datetime
from collections import defaultdict

# Collect all analysis data
all_analyses = []
for analysis_file in glob.glob('$OUTPUT_DIR/*/analysis.json'):
    try:
        with open(analysis_file, 'r') as f:
            data = json.load(f)
            all_analyses.append(data)
    except:
        continue

# Calculate overall statistics
total_targets = len(all_analyses)
total_exploits = sum(a.get('total_exploits', 0) for a in all_analyses)
total_shellcodes = sum(a.get('total_shellcodes', 0) for a in all_analyses)

severity_counts = defaultdict(int)
platform_counts = defaultdict(int)
type_counts = defaultdict(int)

for analysis in all_analyses:
    severity_counts[analysis.get('severity_assessment', 'Unknown')] += 1

    for platform, count in analysis.get('platforms', \{\}).items():
        platform_counts[platform] += count

    for exploit_type, count in analysis.get('types', \{\}).items():
        type_counts[exploit_type] += count

# Generate HTML report
html_content = f"""
<!DOCTYPE html>
<html>
<head>
__HTML_TAG_40_SearchSploit Vulnerability Assessment Report</title>_


</head>_
<body>_
<div class="header">
<h1>SearchSploit Vulnerability Assessment Report</h1>
__HTML_TAG_47_Generiert: \{datetime.now().strftime('%Y%m%d %H:%M:%S')\}_HTML_TAG_48___
</div>

<div class="summary">
__HTML_TAG_51_Executive Zusammenfassung_HTML_TAG_52___
<table>
<tr><th>Metric_HTML_TAG_56__<th>Value</th>__</tr>________________________________________________________________________________________________________________________________________________________________________________________
<tr><td>_Targets Assessed</td>_HTML_TAG_63___\{total_targets\}_HTML_TAG_64__</tr>__
<tr><td>_Total Exploits Found</td><td>_____________________________________
<tr><td>Gesamt Shellcodes Gefunden</td>_HTML_TAG_75___\{total_shellcodes\}_HTML_TAG_76__</tr>__
<tr><td>Critical Risikoziele</td><td>_\{severity_counts.get('Critical', 0)\}_HTML_TAG_82____</tr>____
<tr><td>High Risk Targets_</td><td>_\{severity_counts.get(') High', 0)\}_HTML_TAG_88_</tr>_
<tr><td>Medium Risikoziele</td>_HTML_TAG_93___\{severity_counts.get('Medium', 0)\}_HTML_TAG_94_</tr>__
<tr>__HTML_TAG_97_Low Risikoziele</td>_HTML_TAG_99___\{severity_counts.get('Low', 0)
</table>_
</div>

<div class="summary">_
__HTML_TAG_105_Risk Distribution</h2>___
<div class="chart">
<canvas id="riskChart" width="400" height="200">_HTML_TAG_109___
</div>_
</div>_

<div class="summary">_
<h2>Platform Verteilung_HTML_TAG_114___
<table>
<tr><th>Platform</th>_HTML_TAG_119_Exploit Der Präsident
""

für Plattform, Anzahl in sortiert(platform_counts.items(), key=lambda x: x[1], reverse=True)[:10]:
html_content += f" <tr><td>___________<td>__\{count</td>____</tr>\_\_\___________________________________________________________________________________________________________________________________________________________________________

html_content += ""
</table>_
</div>

__HTML_TAG_130_Individuell Zielbewertungen</h2>_
""

# Einzelne Zieldetails hinzufügen
zur Analyse in sortiert(all_analysen, key=lambda x: x.get('total_exploits', 0), reverse=True):
severity = analysis.get('severity_assessment', 'Unknown').lower()
Ziel = Analyse.get('target', 'Unknown')

html_content += f"""
<div class="target \{severity\}">_
<h3>\{target\}_HTML_TAG_134____
<p>__HTML_TAG_136_Risk Ebene:</strong> \{analysis.get('severity_assessment', 'Unknown')\}_HTML_TAG_138____
<p><strong>Gesamt Exploits:</strong> \{analysis.get('total_exploits', 0)\_HTML_TAG_142__
<p><strong>High-Priority Exploits:</strong> \{len(analysis.get('high_priority_exploits', [])\}</p>__

<h4>Platform Aufschlüsselung:</h4>_
<table>_
<tr><th>Platform</th>_HTML_TAG_153__Count__HTML_TAG_154_
""

für die Plattform, zählen in analysis.get('platforms', \{\}).items():
html_content += f" <tr><td>_________<td>\{count\}_HTML_TAG_160______HTML_TAG_161_\n"

html_content += ""
</table>_
</div>_
""

html_content += f"""

</body>_
</html>_
""

mit offen('$REPORT_FILE', 'w') als f:
f.write(html_content)

Druck(f)[+] Umfassender Bericht generiert: $REPORT_FILE")
EOF
{\cHFFFF}

# Funktion zur Generierung von CSV-Zusammenfassung
erzeugen_csv_summary() \{
echo "[+] CSV Zusammenfassung generieren"

lokal csv_file="$OUTPUT_DIR/vulnerability_summary.csv"

Echo "Target,Total_Exploits, Total_Shellcodes,Severity,High_Priority_Exploits,Top_Platform,Top_Type" > "$csv_file"

für analysis_file in "$OUTPUT_DIR"/*/analysis.json; do
wenn [ -f "$analysis_file" ]; dann
Python __HTML_TAG_166_> "$csv_file"

echo "[+] CSV Zusammenfassung generiert: $csv_file"
{\cHFFFF}

# Hauptausführung
echo "[+] Automatische Sicherheitsbewertung starten"
echo "[+] Zielliste: $TARGET_LIST"
Echo "[+] Ausgabeverzeichnis: $OUTPUT_DIR"

# Abhängigkeiten prüfen
wenn ! Befehl -v searchsploit &> /dev/null; dann
echo "[-] SearchSploit nicht gefunden. Bitte installieren Sie ExploitDB zuerst."
Ausgang 1
Fichte

# Bearbeiten Sie jedes Ziel
total_targets=0
erfolgreich_assessments=0

während des Lesens -r-Ziel; tun
# Leere Zeilen und Kommentare überspringen
[[ -z "$target"||"$target" = ~ ^#*$ ] &gt; weiter

total_targets=$(total_targets + 1))

wenn bewerten_target "$target"; dann
erfolgreich_assessments=$((successful_assessments + 1))
Fichte

# Kleine Verzögerung, um zu vermeiden, überwältigen das System
1

< "$TARGET_LIST"

echo "[+] Assessment completed"
echo "  Total targets: $total_targets"
echo "  Successful assessments: $successful_assessments"

# Generate reports
generate_report
generate_csv_summary

echo "[+] Vulnerability assessment completed"
echo "[+] Results saved in: $OUTPUT_DIR"
echo "[+] Open $REPORT_FILE for detailed report"
__CODE_BLOCK_17__bash
#!/bin/bash
# Automated exploit collection and organization

COLLECTION_NAME="$1"
SEARCH_TERMS="$2"
OUTPUT_DIR="exploit_collection_$\{COLLECTION_NAME\}_$(date +%Y%m%d_%H%M%S)"

if [ -z "$COLLECTION_NAME" ]||[ -z "$SEARCH_TERMS" ]; then
    echo "Usage: $0 <collection_name>_<search_terms>__"
echo "Beispiel: $0 'web_exploits' 'php,apache,nginx,wordpress'"
Ausgang 1
Fichte

mkdir -p "$OUTPUT_DIR"

# Funktion zum Sammeln von Exploits für Suchbegriff
Collect_exploits() \{
lokal search_term="$1"
lokale Bezeichnung_dir="$OUTPUT_DIR/$(echo "$search_term")tr ' /' '_')"

echo "[+] Exploits sammeln für: $search_term"

mkdir -p "$term_dir"

# Ergebnisse suchen und speichern
Suchanfrage -j "$search_term" > "$term_dir/search_results.json"

wenn [ ! -s "$term_dir/search_results.json"]; dann
Echo " [-] Keine Exploits gefunden für: $search_term"
Rückkehr 1
Fichte

# Parse and Kategorize Exploits
Python << EOF
import json
import os
from collections import defaultdict

# Read search results
with open('$term_dir/search_results.json', 'r') as f:
    data = json.load(f)

exploits = data.get('RESULTS_EXPLOIT', [])
print(f"  [+] Found \{len(exploits)\} exploits for $search_term")

# Categorize exploits
categories = \{
    'remote': [],
    'local': [],
    'webapps': [],
    'dos': [],
    'windows': [],
    'linux': [],
    'php': [],
    'recent': []  # Last 2 years
\}

for exploit in exploits:
    exploit_type = exploit.get('Type', '').lower()
    platform = exploit.get('Platform', '').lower()
    title = exploit.get('Title', '').lower()
    date = exploit.get('Date', '')

    # Categorize by type
    if 'remote' in exploit_type:
        categories['remote'].append(exploit)
    elif 'local' in exploit_type:
        categories['local'].append(exploit)
    elif 'webapps' in exploit_type:
        categories['webapps'].append(exploit)
    elif 'dos' in exploit_type:
        categories['dos'].append(exploit)

    # Categorize by platform
    if 'windows' in platform:
        categories['windows'].append(exploit)
    elif 'linux' in platform:
        categories['linux'].append(exploit)
    elif 'php' in platform:
        categories['php'].append(exploit)

    # Check if recent (last 2 years)
    if date:
        year = int(date.split('-')[0])
        if year >= 2022: # Anpassung an das laufende Jahr
Kategorien['recent'].append(exploit)

# Kategorisierte Daten speichern
für Kategorie, Exploits_list inkategorien.items():
wenn Exploits_list:
Kategorie_dir = f'$term_dir/\{Kategorie\} '
os.makedirs(category_dir, exist_ok=True)

mit offen(f'\{category_dir\}/exploits.json', 'w') als f:
json.dump(exploits_list, f, indent=2)

# Download-Liste erstellen
mit open(f'\{category_dir\}/download_list.txt', 'w') als f:
für Exploits_list[:20]: # Limit bis 20 pro Kategorie
f.write(f)\{exploit.get('EDB-ID', '')\\\n")

Print(f" [+] \{Kategorie\}: \{len(exploits_list)\} Exploits")

print(f" [+] Kategorisierung abgeschlossen für $search_term)
EOF

# Exploits nach Kategorie herunterladen
für Kategorie_Dir in "$term_dir"/*; tun
wenn [ -d "$category_dir" ] und [ -f "$category_dir/download_list.txt" ]; dann
Kategorie_name=$(Basisname "$category_dir")
Echo " [+] Download von $category_name Exploits"

während des Lesens -r edb_id; tun
wenn [ -n "$edb_id"]; dann
searchsploit -m "$edb_id" -o "$category_dir/" 2>/dev/null||true
Fichte
erledigt < "$category_dir/download_list.txt"
        fi
    done

    return 0
\}

# Function to create collection index
create_collection_index() \{
    echo "[+] Creating collection index"

    local index_file="$OUTPUT_DIR/collection_index.html"

    python3 << EOF
import json
import os
import glob
from datetime import datetime
from collections import defaultdict

# Collect all exploit data
all_exploits = []
term_stats = defaultdict(lambda: defaultdict(int))

for results_file in glob.glob('$OUTPUT_DIR/*/search_results.json'):
    term_name = os.path.basename(os.path.dirname(results_file))

    try:
        with open(results_file, 'r') as f:
            data = json.load(f)

        exploits = data.get('RESULTS_EXPLOIT', [])
        all_exploits.extend(exploits)

        # Calculate statistics
        term_stats[term_name]['total'] = len(exploits)

        for exploit in exploits:
            platform = exploit.get('Platform', 'Unknown')
            exploit_type = exploit.get('Type', 'Unknown')

            term_stats[term_name]['platforms'][platform] += 1
            term_stats[term_name]['types'][exploit_type] += 1

    except:
        continue

# Generate HTML index
html_content = f"""
<!DOCTYPE html>_
<html>_
<head>_
__HTML_TAG_173_Exploit Sammlung: $COLLECTION_NAME</title>

</head>_
<body>_
<div class="header">_
__HTML_TAG_178_Exploit Sammlung: $COLLECTION_NAME</h1>
<p>Generiert: \{datetime.now().strftime('%Y%m%d %H:%M:%S')\}_HTML_TAG_181___
__HTML_TAG_182_Search Bedingungen: $SEARCH_TERMS</p>_
</div>

<div class="stats">_
<div class="stat-box">
<h3>\{len(all_exploits)\}</h3>_
<p>Gesamt Exploits_HTML_TAG_190___
</div>_
<div class="stat-box">_
<h3>\{len(term_stats)\}</h3>__
__HTML_TAG_195_Search Allgemeine Geschäftsbedingungen
</div>
<div class="stat-box">_
<h3>\{len(set(e.get('Platform', 'Unknown') für e in all_exploits))\}_HTML_TAG_200____
<p>Platforms</p>___
</div>_
<div class="stat-box">_
<h3>\{len(set(e.get('Typ', 'Unknown') für e in all_exploits))\}_HTML_TAG_206____
__HTML_TAG_207_Exploitieren Typen</p>_
</div>_
</div>_

__HTML_TAG_211_Collection Inhalt</h2>_
""

# Details zu jedem Suchbegriff hinzufügen
für term_name, stats in term_stats.items():
html_content += f"""
<div class="term">_
<h3>\{term_name.replace('_', ').title()\}_HTML_TAG_215__
<p><strong>Gesamt Exploits:__HTML_TAG_218_ \{stats['total '\}_HTML_TAG_219__

<h4>Categories Verfügbar:</h4>_
<div style="display: flex; flex-wrap: wrap; gap: 10px;">_
""

# Liste verfügbare Kategorien
Bezeichnung_dir = f"$OUTPUT_DIR/\{term_name\}"
für Kategorie in ['remote', 'local', 'webapps', 'dos', 'windows', 'linux', 'php', 'recent']:
Kategorie_Pfad = f"\{term_dir\}/\{Kategorie\}"
wenn os.path.exists(category_path):
Exploit_count = 0
versuchen:
mit open(f"\{category_path\}/exploits.json", 'r') als f:
nutzt = json.load(f)
Explo_count = len(exploits)
ausgenommen:
passieren

html_content += f"""
<div class="category">_
<strong>\{category.title()\}_HTML_TAG_225__<br>_
\{exploit_count\} nutzt
</div>_
""

html_content += ""
</div>_
</div>_
""

html_content += ""

__HTML_TAG_230_Benutzeranleitung</h2>_
<div class="term">_
__HTML_TAG_233_Directory Structure</h3>__
<ul>_
<li><strong>search_term/</strong>__ Individuelle Suchbegriffe_</li>___
<li><strong>search_term/category/</strong>__ Exploits Kategorisiert nach Typ/Platform_</li>__
<li><strong>search_term/categorie/exploits.json</strong>___ Exploit metadata_</li>____
<li><strong>search_term/category/[EDB-ID].*</strong>_
</ul>_

__HTML_TAG_253_Quick Zugriffsbefehle</h3>
<pre>_
# Alle Remote Exploits anzeigen
finden . -Name "Remote" -Typ d

# Alle heruntergeladenen Exploit Dateien anzeigen
-name "*.c" -o -name "*.py" -o -name "*.rb" -o -name "*.pl"

Suche in der Sammlung
grep -r "Puffer Überlauf" .

# Grafenausbeuten nach Typ
finden . -Name "exploits.json" -exec jq -r '.[].Typ \{\} \;|sort|uniq -c
</pre>_
</div>
</body>_
</html>
""

mit open('$index_file', 'w') als f:
f.write(html_content)

Druck(f)[+] Erhebungsindex generiert: $index_file")
EOF
{\cHFFFF}

# Funktion zum Erstellen einer tragbaren Sammlung
create_portable_collection() )
echo "[+] Erstellen von tragbaren Sammlungsarchiven"

lokale Archive_name="$\{COLLECTION_NAME\}_exploit_collection_$(date +%Y%m%d).tar.gz"

# Create README
Katze > "$OUTPUT_DIR/README.md" << EOF
# Exploit Collection: $COLLECTION_NAME

Generated: $(date)
Search Terms: $SEARCH_TERMS

## Directory Structure

- **search_term/**: Individual search term results
- **search_term/category/**: Exploits categorized by type/platform
- **search_term/category/exploits.json**: Exploit metadata
- **search_term/category/[EDB-ID].***: Downloaded exploit files

## Categories

- **remote**: Remote code execution exploits
- **local**: Local privilege escalation exploits
- **webapps**: Web application exploits
- **dos**: Denial of service exploits
- **windows**: Windows-specific exploits
- **linux**: Linux-specific exploits
- **php**: PHP-specific exploits
- **recent**: Recent exploits (last 2 years)

## Usage

1. Extract the archive to your desired location
2. Open collection_index.html for an overview
3. Navigate to specific categories for targeted exploits
4. Review exploit code before use
5. Ensure proper authorization before testing

## Legal Notice

These exploits are provided for educational and authorized testing purposes only.
Only use against systems you own or have explicit written permission to test.
Unauthorized use may violate local laws and regulations.
EOF

    # Create archive
    tar -czf "$archive_name" -C "$(dirname "$OUTPUT_DIR")" "$(basename "$OUTPUT_DIR")"

    echo "[+] Portable collection created: $archive_name"
    echo "  Archive size: $(du -h "$archive_name"|cut -f1)"
\}

# Main execution
echo "[+] Starting exploit collection and organization"
echo "[+] Collection name: $COLLECTION_NAME"
echo "[+] Search terms: $SEARCH_TERMS"

# Check dependencies
if ! command -v searchsploit &> /dev/null; dann
echo "[-] SearchSploit nicht gefunden. Bitte installieren Sie ExploitDB zuerst."
Ausgang 1
Fichte

# Bearbeiten Sie jeden Suchbegriff
IFS=',' read -ra TERMS `__INLINE_CODE_27_` "$CONFIG_FILE" __HTML_TAG_261_ "$update_log" 2>&1

wenn [ $? -eq 0]; dann
Echo " [+] Datenbank erfolgreich aktualisiert"
Rückkehr 0
andere
Echo " [-] Datenbank-Update fehlgeschlagen"
Rückkehr 1
Fichte
{\cHFFFF}

# Funktion, um neue Exploits zu überprüfen
Check_new_exploits()
lokale Ziel="$1"
Lokale Zeitstempel=$(date +%Y%m%d_%H%M%S)
lokal current_results="$LOG_DIR/$\{target\}_$\{timestamp\}.json"
lokale vorherige_results="$LOG_DIR/$\{target\}_previous.json"

echo "[+] Suche nach neuen Exploits: $target"

# Get current Exploits
searchsploit -j "$target" > "$current_results"

wenn [ ! -s "$current_results" ]; dann
Echo " [-] Keine Exploits gefunden für: $target"
Rückkehr 1
Fichte

# Vergleichen Sie die bisherigen Ergebnisse
wenn [ -f "$previous_results" ]; dann
# Exploit IDs extrahieren
Lokal current_ids=$(jq -r '.RESULTS_EXPLOIT[]?.["EDB-ID"]" "$current_results" 2>/dev/null|sort)
lokale vorherige_ids=$(jq -r '.RESULTS_EXPLOIT[]?.["EDB-ID"]" "$previous_results" 2>/dev/null|sort)

# Neue Exploits finden
lokal new_exploits=$(comm -23 <(echo "$current_ids") <(echo "$previous_ids"))

        if [ -n "$new_exploits" ]; then
            local new_count=$(echo "$new_exploits"|wc -l)
            echo "  [!] Found $new_count new exploits for: $target"

            # Get details of new exploits
            local new_exploits_details="$LOG_DIR/$\{target\}_new_$\{timestamp\}.json"

            python3 << EOF
import json

# Read current results
with open('$current_results', 'r') as f:
    data = json.load(f)

exploits = data.get('RESULTS_EXPLOIT', [])
new_ids = """$new_exploits""".strip().split('\n')

# Filter new exploits
new_exploits = [e for e in exploits if e.get('EDB-ID') in new_ids]

# Save new exploits
with open('$new_exploits_details', 'w') as f:
    json.dump(new_exploits, f, indent=2)

print(f"New exploits saved: $new_exploits_details")
EOF

            # Send alert
            if [ "$ALERT_ON_NEW_EXPLOITS" = "true" ]; then
                send_alert "NEW_EXPLOITS" "$target" "$new_count" "$new_exploits_details"
            fi

            return 0
        else
            echo "  [+] No new exploits found for: $target"
        fi
    else
        echo "  [+] First scan for: $target"
    fi

    # Update previous results
    cp "$current_results" "$previous_results"

    return 0
\}

# Function to assess exploit severity
assess_severity() \{
    local exploits_file="$1"
    local target="$2"

    python3 << EOF
import json

try:
    with open('$exploits_file', 'r') as f:
        exploits = json.load(f)

    if not isinstance(exploits, list):
        exploits = exploits.get('RESULTS_EXPLOIT', [])

    # Severity scoring
    severity_score = 0
    high_severity_count = 0

    for exploit in exploits:
        title = exploit.get('Title', '').lower()
        exploit_type = exploit.get('Type', '').lower()

        # High severity indicators
        if any(keyword in title for keyword in ['remote', 'rce', 'buffer overflow', 'privilege escalation']):
            severity_score += 3
            high_severity_count += 1
        elif 'remote' in exploit_type:
            severity_score += 2
            high_severity_count += 1
        elif any(keyword in title for keyword in ['dos', 'denial of service']):
            severity_score += 1
        else:
            severity_score += 0.5

    print(f"Severity score: \{severity_score\}")
    print(f"High severity exploits: \{high_severity_count\}")

    # Check threshold
    if severity_score >= $MINIMUM_SEVERITY_THRESHOLD:
Print("ALERT_THRESHOLD_EXCEEDEDED")

mit Ausnahme von e:
print(f"Error Bewertung der Schwere: \{e\}")
EOF
{\cHFFFF}

# Funktion, um Alarme zu senden
send_alert() \{
lokal alert_type="$1"
lokale Ziel="$2"
Ortszahl ="$3"
lokale details_file="$4"

lokales Subjekt="[EXPLOIT ALERT] $alert_type: $target"
lokale Nachricht="Alert: $count neue Exploits gefunden für $target bei $(date)"

Echo "[!] Alarm senden: $subject"

# E-Mail-Benachrichtigung
wenn [ "$EMAIL_ALERTS" = "true" ] && [ -n "$ALERT_EMAIL"]
wenn [ -f "$details_file" ]; dann
echo "$message"|mail -s "$subject" -A "$details_file" "$ALERT_EMAIL" 2>/dev/null||\
Echo "E-Mail-Benachrichtigung versagt"
andere
echo "$message"|mail -s "$subject" "$ALERT_EMAIL" 2>/dev/null||\
Echo "E-Mail-Benachrichtigung versagt"
Fichte
Fichte

# Slack alert
wenn [ -n "$SLACK_WEBHOOK" ]; dann
curl -X POST -H 'Content-Typ: Anwendung/json' \
--data "\{\"text\":\"$subject: $message\"\}" .
"$SLACK_WEBHOOK" 2>/dev/null||echo "Schwarzer Alarm versagt"
Fichte

# Discord alert
wenn [ -n "$DISCORD_WEBHOOK"]; dann
curl -X POST -H 'Content-Typ: Anwendung/json' \
--data "\{\"content\":\"$subject: $message\"\}" .
"$DISCORD_WEBHOOK" 2>/dev/null||echo "Discord Alarm versagt"
Fichte
{\cHFFFF}

# Funktion zur Erstellung von Überwachungsberichten
erzeugen_monitoring_report() \{
echo "[+] Überwachungsbericht generieren"

Lokal report_file="$ LOG_DIR/monitoring_report_$(date +%Y%m%d).html"

Python << EOF
import json
import glob
import os
from datetime import datetime, timedelta
from collections import defaultdict

# Collect monitoring data
monitoring_data = defaultdict(list)
total_new_exploits = 0

# Find all new exploit files from last 24 hours
cutoff_time = datetime.now() - timedelta(hours=24)

for new_file in glob.glob('$LOG_DIR/*_new_*.json'):
    try:
        # Extract timestamp from filename
        filename = os.path.basename(new_file)
        timestamp_str = filename.split('_new_')[1].replace('.json', '')
        file_time = datetime.strptime(timestamp_str, '%Y%m%d_%H%M%S')

        if file_time >= cutoff_time:
# Zielname extrahieren
Ziel = Dateiname.split('_new_')[0]

mit open(new_file, 'r') als f:
nutzt = json.load(f)

monitor_data[target].extend(exploits)
total_new_exploits += len(exploits)

ausgenommen:
weiter

# HTML-Bericht generieren
html_content = f"""
<!DOCTYPE html>_
<html>_
<head>_
__HTML_TAG_267_Exploitieren Monitoring Report</title>__

</head>_
<body>_
<div class="header">_
__HTML_TAG_272_Exploitieren Monitoring Report</h1>_
__HTML_TAG_274_Generiert: \{datetime.now().strftime('%Y%m%d %H:%M:%S')\}_HTML_TAG_275___
<p>Monitoring Zeitraum: Letzte 24 Stunden</p>
</div>_

<div class="alert">_
<h2> Alarm Zusammenfassung</h2>
<p>__HTML_TAG_283_Gesamt Neue Exploits:</strong> \{total_new_exploits\}_HTML_TAG_285___
<p><strong> Ziele:</strong> \{len(monitoring_data)\}</p>
</div>
""

wenn Monitoring_data:
html_content += "<h2>Neue Exploits von Target</h2>_

für Ziel, nutzt in monitor_data.items():
html_content += f"""
<div class="target">
<h3>\{target\}_HTML_TAG_295____
<p><strong>Neue Exploits:</strong> \{len(exploits)\}_HTML_TAG_299_________

<table>_
<tr>_HTML_TAG_304_Title_HTML_TAG_303_HTML_HTML_TAG_304_Title_HTML_TAG_305_HTML_HTML_HTML_
""

für Exploit in Exploits[:10]: # Top 10 anzeigen
html_content += f"""
<tr>_
<td><a href="https://www.exploit-db.com/exploits/\{exploit.get('EDB-ID', '')\}" target="_blank">\{exploit.get('EDB-ID') '')\}_HTML_TAG_316_</td>_
<td>\{exploit.get('Title') '')\}_HTML_TAG_319__
<td>\{exploit.get('Platform') '')\}_HTML_TAG_321__
<td>\{exploit.get('Typ') '')\}_HTML_TAG_323___
<td>\{exploit.get('Date') '')\}_HTML_TAG_325__
</tr>_
""

html_content += ""
</table>
</div>_
""
andere:
html_content += ""
<div class="target">
__HTML_TAG_330_ keine neuen Exploits</h2>_
<p> Keine neuen Exploits wurden in den letzten 24 Stunden für überwachte Ziele entdeckt._HTML_TAG_333__
</div>_
""

html_content += ""
</body>_
</html>_
""

mit open('$report_file', 'w') als f:
f.write(html_content)

Druck(f)[+] Monitoring-Bericht generiert: $report_file")
EOF
{\cHFFFF}

# Funktion zur Reinigung von alten Protokollen
Sauberkeit() \{
echo "[+] Reinigung von alten Überwachungsprotokollen"

# Protokolle für 30 Tage halten
"$LOG_DIR" -Name "*.json" -Zeit +30 -delete
"$LOG_DIR" -Name "*.log" -Zeit +30 -delete
"$LOG_DIR" -Name "*.html" -Zeit +7 -delete
{\cHFFFF}

# Hauptüberwachungsschleife
echo "[+] Dauerbetriebsüberwachung starten"
Echo "[+] Prüfintervall: $((CHECK_INTERVAL / 60) Minuten)"

Letzter Beitrag

während wahr; tun
echo "[+] Beginn des Monitoringzyklus bei $(date)"

# Datenbank aktualisieren, wenn nötig
aktuelle_time=$(date +%s)
wenn [ "$UPDATE_DATABASE" = "true" ] && [$((current_time - last_update))) -ge $UPDATE_INTERVAL ]; dann
wenn update_database; dann
last_update=$current_time
Fichte
Fichte

Jedes überwachte Ziel überprüfen
echo "$MONITOR_TARGETS"ilewhile read -r target; do
# Leere Zeilen überspringen
[ -z "$target" ] &gt; weiter

check_new_exploits "$target"
erledigt

# Täglicher Bericht erstellen und aufräumen
erzeugen_monitoring_report
Sauberkeit_logs

echo "[+] Überwachungszyklus abgeschlossen bei $(date)"
echo "[+] Nächster Check in $(CHECK_INTERVAL / 60) Minuten)"

Schlaf "$CHECK_INTERVAL"
erledigt

Integration with Security Tools¶

Metasploit Integration¶

# Suche nach Metasploit-Modulen mit SearchSploit
suchsploit metasploit apache

# Exploits mit Metasploit-Modulen finden
searchsploit -j apache|jq -r '.RESULTS_EXPLOIT[]|select(.Title|contains("Metasploit"))..["EDB-ID"] '

# Cross-Reference mit Metasploit Datenbank
msfconsole -q -x "Suche edb:12345; Ausfahrt"

Nmap Integration¶

# Verwenden Sie SearchSploit mit Nmap-Scanergebnissen
nmap -sV Target.com|grep -E "^[0-9]+/tcp"ilewhile Lesezeile; tun
service=$(echo "$line"|awk '\{print $3\}')
version=$(echo "$line"|awk '\{print $4" "$5\}')
echo "Searching Exploits für: $service $version"
searchsploit "$service $version"
erledigt

# Nmap Skript erstellen mit SearchSploit
Kat > searchsploit.nse << 'EOF'
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"

description = [[
Uses SearchSploit to find exploits for detected services.
]]

author = "Security Researcher"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = \{"discovery", "safe"\}

portrule = shortport.version_port_or_service()

action = function(host, port)
    local service = port.service
    local version = port.version

    if service and version then
        local cmd = string.format("searchsploit '%s %s'", service, version.version or "")
        local result = os.execute(cmd)
        return string.format("SearchSploit query: %s", cmd)
    end

    return nil
end
EOF
__CODE_BLOCK_21__bash
# Export SearchSploit results for Burp Suite
searchsploit -j web|jq -r '.RESULTS_EXPLOIT[]|select(.Type|contains("webapps"))|.Title' > burp_payloads.txt

# Create Burp Suite extension payload list
searchsploit --type webapps -j|jq -r '.RESULTS_EXPLOIT[]|.["EDB-ID"]'|while read id; do
Suchanfrage -m "$id" -o /tmp/burp_exploits/
erledigt

Troubleshooting¶

Common Issues¶

Database Problems¶

# Datenbank nicht gefunden
Suchanfragen --path
ls -la /opt/exploitdb/

# Rebuild Datenbank
Suchanfragen -- rebuild

# Berechtigungen reparieren
sudo chown -R $USER:$USER /opt/exploitdb/

# Manuelles Datenbank-Update
cd /opt/exploitiert &amp; git Zug

Search Issues¶

# Keine Ergebnisse gefunden
Suchanfragen - Check
Suche --stats

# Löschen Cache
rm -rf ~/.searchsploit_cache

# Suche nach Debug
searchsploit --debug apache

# Suchbegriffe anzeigen
searchsploit -e "exact match"
searchsploit -i "case insensitive"

File Access Problems¶

# Berechtigung verweigert
Sudo chmod +x /opt/exploitdb/searchsploit

# Datei nicht gefunden
Suche -p 12345
ls -la /opt/exploitdb/exploitiert/

# Probleme mit dem Kopieren
Suche -m 12345 -o /tmp/
ls -la /tmp/

Performance Issues¶

# Langsame Suche
searchsploit --platform linux apache # Limit Plattform
searchsploit -t apache # Titel nur
suchsploit apache|head -20 # Limit Ergebnisse

# Große Datenbank
du -sh /opt/exploitiert
git gc --aggressive # Cleanup git repo

# Speicherprobleme
ulimit -v 1000000 # virtueller Speicher begrenzen

Resources¶

This cheat sheet provides a comprehensive reference for using SearchSploit for exploit research and vulnerability assessment. Always ensure you have proper authorization before using any exploits in any environment.

Filter by specific platforms¶

searchsploit apache|grep -i linux searchsploit apache|grep -i windows

Filter by exploit type¶

searchsploit apache|grep -i remote searchsploit apache|grep -i local

Sort by date (newest first)¶

searchsploit -j apache|jq -r '.RESULTS_EXPLOIT[]|"(.Date) (.Title)"'|sort -r

### Suchergebnisanalyse