SearchSploit Cheat Sheet
__HTML_TAG_29_ Todos los comandos
Overview¶
SearchSploit es una herramienta de búsqueda de línea de comandos para ExploitDB que le permite tomar una copia del ExploitDB con usted donde quiera que vaya. SearchSploit le da la facultad de realizar búsquedas fuera de línea detalladas a través de su copia localmente verificada del repositorio. Esta capacidad es particularmente útil durante las pruebas de penetración en los contactos donde la conectividad de Internet puede ser limitada o cuando necesita buscar rápidamente a través de miles de exploits sin depender de interfaces web.
▪ restablecimiento Advertencia: SearchSploit proporciona acceso a explotaciones reales que pueden causar daños a los sistemas. Únicamente utilice estos exploits contra sistemas que posee o tenga permiso escrito explícito para probar. El uso no autorizado de explotaciones puede violar las leyes y reglamentos locales.
Instalación¶
Kali Linux Instalación¶
# SearchSploit is pre-installed on Kali Linux
searchsploit --version
# Update the database
searchsploit -u
# Check installation path
which searchsploit
# Verify database location
searchsploit --path
Ubuntu/Debian Instalación¶
# Install git if not already installed
sudo apt update
sudo apt install git
# Clone ExploitDB repository
sudo git clone https://github.com/offensive-security/exploitdb.git /opt/exploitdb
# Create symbolic link
sudo ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit
# Update PATH (add to ~/.bashrc for persistence)
export PATH="$PATH:/opt/exploitdb"
# Verify installation
searchsploit --help
Instalación manual¶
# Download and extract
wget https://github.com/offensive-security/exploitdb/archive/main.zip
unzip main.zip
mv exploitdb-main /opt/exploitdb
# Make searchsploit executable
chmod +x /opt/exploitdb/searchsploit
# Create symbolic link
sudo ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit
# Configure .searchsploit_rc file
echo 'papers_directory="/opt/exploitdb/papers"' > ~/.searchsploit_rc
echo 'exploits_directory="/opt/exploitdb/exploits"' >> ~/.searchsploit_rc
Docker Instalación¶
# Create Dockerfile
cat > Dockerfile << 'EOF'
FROM ubuntu:20.04
RUN apt-get update && apt-get install -y git
RUN git clone https://github.com/offensive-security/exploitdb.git /opt/exploitdb
RUN ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit
WORKDIR /opt/exploitdb
ENTRYPOINT ["/opt/exploitdb/searchsploit"]
EOF
# Build Docker image
docker build -t searchsploit .
# Run SearchSploit in Docker
docker run --rm searchsploit apache
# Create alias for easier usage
echo 'alias searchsploit="docker run --rm -v $(pwd):/data searchsploit"' >> ~/.bashrc
Uso básico¶
Búsquedas simples¶
# Basic search
searchsploit apache
# Search for multiple terms
searchsploit apache 2.4
# Search with quotes for exact phrase
searchsploit "apache 2.4.7"
# Case-insensitive search (default)
searchsploit APACHE
# Case-sensitive search
searchsploit -c Apache
# Search in title only
searchsploit -t apache
# Search excluding specific terms
searchsploit apache --exclude="2.2"
Opciones de búsqueda avanzadas¶
# Search by platform
searchsploit --platform windows apache
searchsploit --platform linux kernel
searchsploit --platform php web
# Search by exploit type
searchsploit --type remote apache
searchsploit --type local windows
searchsploit --type webapps php
# Search by author
searchsploit --author "Metasploit"
searchsploit --author "exploit-db"
# Search by port
searchsploit --port 80
searchsploit --port 443
# Combine multiple filters
searchsploit --platform linux --type local kernel
CVE and Vulnerability Searchs¶
# Search by CVE number
searchsploit --cve 2021-44228
searchsploit --cve CVE-2021-34527
# Search by multiple CVEs
searchsploit --cve 2021-44228,2021-34527
# Search for recent CVEs
searchsploit --cve 2023-
# Search by vulnerability type
searchsploit "buffer overflow"
searchsploit "sql injection"
searchsploit "privilege escalation"
searchsploit "remote code execution"
Fecha de búsqueda¶
# Search for exploits after specific date
searchsploit --after 2020 apache
searchsploit --after 2021-01-01 windows
# Search for exploits before specific date
searchsploit --before 2019 linux
searchsploit --before 2020-12-31 php
# Search within date range
searchsploit --after 2020 --before 2021 kernel
# Search for recent exploits (last 30 days)
searchsploit --after $(date -d "30 days ago" +%Y-%m-%d)
Output Formatting and Display¶
Formatos de salida¶
# Default table format
searchsploit apache
# Verbose output with full paths
searchsploit -v apache
# JSON output
searchsploit -j apache
# XML output
searchsploit -x apache
# CSV output (pipe to file)
searchsploit apache|sed 's/|/,/g' > results.csv
# Color output (default)
searchsploit --colour apache
# No color output
searchsploit --no-colour apache
Filtración y Limitación de Resultados¶
# Limit number of results
searchsploit apache|head -10
# Show only exploit IDs
searchsploit apache|awk '\\\\{print $1\\\\}'|grep -E '^[0-9]+
### Search Result Analysis
```bash
# Contando resultados totales
searchsploit apache habitwc -l
# Cuenta por plataforma
searchsploit apache WordPressgrep -c linux
searchsploit apache sufrimientogrep -c windows
# Cuenta por tipo
searchsploit apache WordPressgrep -c remote
searchsploit apache WordPressgrep -c local
# Extraer plataformas únicas
searchsploit -j apache sufrimientojq -r '.RESULTS_EXPLOIT[]. Plataforma de subida -c
# Extracto de autores únicos
searchsploit -j apache vidasjq -r '.RESULTS_EXPLOIT[]. Autor de subida -c
Exploit Management¶
Copying and Downloading Exploits¶
# Copiar exploit al directorio actual
searchsploit -m 50383
# Copia múltiples explotaciones
searchsploit -m 50383,50384,50385
# Copiar el exploit al directorio específico
searchsploit -m 50383 -o /tmp/exploits/
# Copia con nombre de archivo original conservado
searchsploit -m exploits/linux/local/50383.c
# Copiar todas las explotaciones de los resultados de la búsqueda
searchsploit -j apache vidasjq -r '.RESULTS_EXPLOIT[]. EDB-ID, cabeza de emergencia -5 búsquedas de vidas -m
# Explotas de copia de lote
eco "50383,50384,50385" intimidadtr ',' '\n' vivenxargs -I \{\} searchsploit -m \{\}
__CODE_BLOCK_11_bash
# Ver contenido de exploit
searchsploit -x 50383
# Explotación abierta en editor predeterminado
searchsploit -e 50383
# Ver explotar con sintaxis resaltando
searchsploit -m 50383 " gato 50383.c sometidahighlight --syntax=c
# Ver metadatos de exploit
searchsploit -j apache vidasjq '.RESULTS_EXPLOIT[] sometidaselect(.["EDB-ID"] == "50383") '
# Extract exploit information
searchsploit -p 50383
Exploit Organization¶
# Crear estructura de directorio organizado
mkdir -p exploits/\{windows,linux,web,mobile\}
# Copiar explotaciones por plataforma
searchsploit --platform windows -j vidasjq -r '.RESULTS_EXPLOIT[].["EDB-ID"]" WordPresshead -10 vidasxargs -I \{\} searchsploit -m \{\} -o exploits/windows/
# Copia explotaciones por tipo
searchsploit --type webapps -j vidasjq -r '.RESULTS_EXPLOIT[].["EDB-ID"]" WordPresshead -10 vidasxargs -I \{\} searchsploit -m \{\} -o exploits/web/
# Crear inventario de explotación
searchsploit -j apache habitjq -r '.RESULTS_EXPLOIT[] eterna"\(.["EDB-ID"]),\(.Título),\(.Platform),\(.Type)" "
__CODE_BLOCK_13_bash
# Update ExploitDB database
searchsploit -u
# Actualización de la fuerza (sobreescribir cambios locales)
cd /opt/exploitdb " pl git reset --hard " git pull
# Check for updates without applying
cd /opt/exploitdb " Unidos "
# Actualizar rama específica
cd /opt/exploitdb " git pull origin main "
# Verificar la actualización
searchsploit --stats
__CODE_BLOCK_14_bash
# Mostrar estadísticas de la base de datos
searchsploit --stats
# Mostrar ruta de la base de datos
searchsploit - Rápido.
# Comprobar la integridad de la base de datos
searchsploit - Mira.
# Índice de la base de datos
searchsploit --rebuild
# Mostrar información de la versión
searchsploit --versión
# Mostrar información de ayuda
searchsploit - ¡Ayuda!
Database Maintenance¶
# Limpiar archivos temporales
encontrar /opt/exploitdb -nombre "*.tmp" -delete
# Uso del disco
du -sh /opt/exploitdb
# Backup database
tar -czf exploitdb_backup_$(date ################################################################################################################################################################################################################################################################
# Restaurar la base de datos de respaldo
tar -xzf exploitdb_backup_20231201.tar.gz -C /
# Verificar la base de datos después del mantenimiento
searchsploit - Mira.
Automation Scripts¶
Automated Vulnerability Assessment¶
#/bin/bash
# Evaluación de vulnerabilidad automatizada mediante SearchSploit
TARGET_LIST="$1"
OUTPUT_DIR="searchsploit_assessment_$(date "
REPORT_FILE="$OUTPUT_DIR/vulnerability_assessment_report.html"
si [ -z "$TARGET_LIST" ] permanece en la vida [ ! -f "$TARGET_LIST" ]; entonces
eco "Usage: $0 <target_list_file>"
eco "Target list file should contain one software/service per line"
"Ejemplo: 'Apache 2.4.7', 'Windows 10', 'PHP 7.4'"
Salida 1
fi
mkdir -p "$OUTPUT_DIR"
# Función para evaluar el objetivo único
assess_target() \{
local target="$1"
local target_dir="$OUTPUT_DIR/$(echo "$target" durabletr ' /' '_')"
eco "[+] Evaluación: $target"
mkdir -p "$target_dir"
# Search for exploits
searchsploit -j "$target" "$target_dir/search_results.json"
si [ -s "$target_dir/search_results.json" ]; entonces
# Parse and analysis results
python3 << EOF
import json
import os
from collections import defaultdict
# Read search results
with open('$target_dir/search_results.json', 'r') as f:
data = json.load(f)
exploits = data.get('RESULTS_EXPLOIT', [])
shellcodes = data.get('RESULTS_SHELLCODE', [])
print(f" [+] Found \{len(exploits)\} exploits and \{len(shellcodes)\} shellcodes")
if not exploits and not shellcodes:
print(f" [-] No exploits found for: $target")
exit(0)
# Analyze exploits
analysis = \{
'target': '$target',
'total_exploits': len(exploits),
'total_shellcodes': len(shellcodes),
'platforms': defaultdict(int),
'types': defaultdict(int),
'years': defaultdict(int),
'severity_assessment': 'Unknown',
'high_priority_exploits': []
\}
for exploit in exploits:
platform = exploit.get('Platform', 'Unknown')
exploit_type = exploit.get('Type', 'Unknown')
date = exploit.get('Date', '')
title = exploit.get('Title', '').lower()
analysis['platforms'][platform] += 1
analysis['types'][exploit_type] += 1
if date:
year = date.split('-')[0]
analysis['years'][year] += 1
# Identify high-priority exploits
if any(keyword in title for keyword in ['remote', 'rce', 'privilege', 'escalation', 'buffer overflow']):
analysis['high_priority_exploits'].append(exploit)
# Assess severity
total_exploits = len(exploits)
high_priority_count = len(analysis['high_priority_exploits'])
remote_count = analysis['types'].get('remote', 0)
if high_priority_count >_ 5 o remote_count 3:
análisis['severity_assessment] = 'Critical '
elif high_priority_count 2 o control remoto_continuar 1:
análisis['severity_assessment] = 'High '
elif total_exploits > 5:
análisis['severity_assessment] = 'Medium '
más:
análisis['severity_assessment] = 'Low'
# Ahorrar análisis
con open('$target_dir/analysis.json', 'w') como f:
json.dump(análisis, f, indent=2, default=str)
print(f) [+] Evaluación de la severidad: \{análisis['severity_assessment']\}")
print(f) [+] Explotas de alta prioridad: \{high_priority_count\}")
EOF
# Descargar exploits de alta prioridad
si [ -f "$target_dir/analysis.json" ]; entonces
python3 << EOF
import json
with open('$target_dir/analysis.json', 'r') as f:
analysis = json.load(f)
high_priority = analysis.get('high_priority_exploits', [])[:10] # Limit to 10
if high_priority:
with open('$target_dir/priority_exploits.txt', 'w') as f:
for exploit in high_priority:
f.write(f"\{exploit.get('EDB-ID', '')\}\\n")
EOF
# Download priority exploits
if [ -f "$target_dir/priority_exploits.txt" ]; then
while read -r edb_id; do
if [ -n "$edb_id" ]; then
searchsploit -m "$edb_id" -o "$target_dir/" 2>__/dev/null sometida soportatrue
fi
hecho < "$target_dir/priority_exploits.txt"
fi
fi
return 0
else
echo " [-] No exploits found for: $target"
return 1
fi
\}
# Function to generate comprehensive report
generate_report() \{
echo "[+] Generating comprehensive assessment report"
python3 << EOF
import json
import os
import glob
from datetime import datetime
from collections import defaultdict
# Collect all analysis data
all_analyses = []
for analysis_file in glob.glob('$OUTPUT_DIR/*/analysis.json'):
try:
with open(analysis_file, 'r') as f:
data = json.load(f)
all_analyses.append(data)
except:
continue
# Calculate overall statistics
total_targets = len(all_analyses)
total_exploits = sum(a.get('total_exploits', 0) for a in all_analyses)
total_shellcodes = sum(a.get('total_shellcodes', 0) for a in all_analyses)
severity_counts = defaultdict(int)
platform_counts = defaultdict(int)
type_counts = defaultdict(int)
for analysis in all_analyses:
severity_counts[analysis.get('severity_assessment', 'Unknown')] += 1
for platform, count in analysis.get('platforms', \{\}).items():
platform_counts[platform] += count
for exploit_type, count in analysis.get('types', \{\}).items():
type_counts[exploit_type] += count
# Generate HTML report
html_content = f"""
<!DOCTYPE html>
<html>
<head>
<title>SearchSploit Vulnerability Assessment Report</title>_
</head>
<body>
<div class="header">
<h1>SearchSploit Vulnerability Assessment Report</h1>_
__HTML_TAG_47_Generated: \{datetime.now().strftime('%Y-%m-%d ¿Por qué?
</div>
<div class="summary">
<h2>Executive Summary</h2>
<table>
<tr>____________________________________________________________________
<tr>_<td>Targets Assessed</td><td>_\{total_targets\}_</td>__</tr>_
<tr>_<td>_Total Exploits Found_</td>____HTML_TAG_69_\{total_exploits\}_HTML_TAG_70__________________________________________________
<tr>___HTML_TAG_73_Total Shellcodes Found_HTML_TAG_74__<td>\{total_shellcodes\}__</td>___</tr>
<tr>_<td>_Critical Risk Targets</td>_<td>\{severity_counts.get('Critical', 0)\</td>_</tr>_
<tr>_<td>_High Risk Targets_</td>___________\{severity_counts.get(' Alto. 0)\_HTML_TAG_88___</tr>
<tr>_<td>Medium Risk Targets</td>__HTML_TAG_93_\{severity_counts.get('Medium', 0)\_HTML_TAG_94__</tr>
<tr>_<td>Low Risk Targets</td><td>\{severity_counts.get('Low', 0)\_HTML_TAG_100__</tr>
</table>
</div>
<div class="summary">
<h2>_Risk Distribution_</h2>
<div class="chart">
<canvas id="riskChart" width="400" height="200">_</canvas>
</div>
</div>
<div class="summary">
<h2>Platform Distribution_</h2>_
<table>
<tr>_<th>_________________________________________________________________ Count</th>_</tr>_
"
para plataforma, cuenta en orden(platform_counts.items(), key=lambda x: x[1], reverse=True)[:10]:
html_content += f" <tr>_<td>\{platform\}</td>___________________________________________________
html_content += ""
</table>
</div>
__HTML_TAG_130_Individual Evaluaciones de objetivos_HTML_TAG_131__
"
# Añádase los detalles del objetivo individual
para el análisis en ordenados (all_analyses, key=lambda x: x.get('total_exploits', 0), reverse=True):
severidad = análisis.get('severity_assessment', 'Unknown').lower()
target = analysis.get('target', 'Unknown')
html_content += f""
<div class="target \{severity\}">
<h3>\{target\}_HTML_TAG_134__
<p>_<strong>Risk Nivel:</strong> \{analysis.get('severity_assessment', 'Unknown')\</p>__
<p>___HTML_TAG_140_Total Exploits:_HTML_TAG_141_ \{analysis.get('total_exploits', 0)\_HTML_TAG_142_
<p>_<strong>High-Priority Exploits:</strong> \{len(analysis.get('high_priority_exploits', [])\}_HTML_TAG_146___
<h4>Platform Desglose:_HTML_TAG_148___
<table>
<tr>_<th>__________________________________________________________________________
"
para plataforma, cuenta en analysis.get('platforms', \{\}).items():
html_content += f" <tr>__<td>_\{platform\}_____________________________________________________________
html_content += ""
</table>
</div>
"
html_content += f""
</body>
</html>
"
con open('$REPORT_FILE', 'w') como f:
f.write(html_content)
print(f"[+] Informe completo generado: $REPORT_FILE")
EOF
{\cHFF}
# Función para generar resumen CSV
generate_csv_summary() \{
eco "[+] Generando resumen CSV"
local csv_file="$OUTPUT_DIR/vulnerability_summary.csv"
eco "Target,Total_Exploits, Total_Shellcodes,Severity,High_Priority_Exploits,Top_Platform,Top_Type "$csv_file"
for analysis_file in "$OUTPUT_DIR"/*/analysis.json; do
si [ -f "$analysis_file" ]; entonces
python3 << EOF
import json
with open('$analysis_file', 'r') as f:
data = json.load(f)
target = data.get('target', 'Unknown').replace(',', ';')
total_exploits = data.get('total_exploits', 0)
total_shellcodes = data.get('total_shellcodes', 0)
severity = data.get('severity_assessment', 'Unknown')
high_priority = len(data.get('high_priority_exploits', []))
platforms = data.get('platforms', \{\})
top_platform = max(platforms.keys(), key=lambda k: platforms[k]) if platforms else 'Unknown'
types = data.get('types', \{\})
top_type = max(types.keys(), key=lambda k: types[k]) if types else 'Unknown'
print(f"\{target\},\{total_exploits\},\{total_shellcodes\},\{severity\},\{high_priority\},\{top_platform\},\{top_type\}")
EOF
fi
done >] "$csv_file"
eco "[+] Resumen CSV generado: $csv_file"
{\cHFF}
# Ejecución principal
eco "[+] Inicio de evaluación de vulnerabilidad automatizada"
eco "[+] Lista de objetivos: $TARGET_LIST"
eco "[+] Directorio de salida: $OUTPUT_DIR
# Dependencias de control
¡Si! comando -v searchsploit > /dev/null; entonces
echo "[-] SearchSploit not found. Por favor, instale ExploitDB primero."
Salida 1
fi
# Proceso cada objetivo
total_targets=0
successful_assessments=0
mientras leído -r objetivo; hacer
# Skip empty lines and comments
[[ -z "$target" sobrevivir"$target" =~ ^#.*$ ]] Continuar
total_targets=$(total_targets + 1))
si evalúa_target "$target"; entonces
successful_assessments=$((successful_assessments + 1))
fi
# Pequeño retraso para evitar abrumar el sistema
dormir 1
< "$TARGET_LIST"
echo "[+] Assessment completed"
echo " Total targets: $total_targets"
echo " Successful assessments: $successful_assessments"
# Generate reports
generate_report
generate_csv_summary
echo "[+] Vulnerability assessment completed"
echo "[+] Results saved in: $OUTPUT_DIR"
echo "[+] Open $REPORT_FILE for detailed report"
__CODE_BLOCK_17__bash
#!/bin/bash
# Automated exploit collection and organization
COLLECTION_NAME="$1"
SEARCH_TERMS="$2"
OUTPUT_DIR="exploit_collection_$\{COLLECTION_NAME\}_$(date +%Y%m%d_%H%M%S)"
if [ -z "$COLLECTION_NAME" ]||[ -z "$SEARCH_TERMS" ]; then
echo "Usage: $0 <collection_name> <search_terms>_
eco "Ejemplo: $0 'web_exploits' 'php,apache,nginx,wordpress'"
Salida 1
fi
mkdir -p "$OUTPUT_DIR"
# Función para recoger explotaciones para el término de búsqueda
collect_exploits() \{
local search_term="$1"
local term_dir="$OUTPUT_DIR/$(echo "$search_term" habittr ' /' '_')"
eco "[+] Recoger explotaciones para: $search_term"
mkdir -p "$term_dir"
# Buscar y guardar resultados
searchsploit -j "$search_term" "$term_dir/search_results.json"
si [ ! -s "$term_dir/search_results.json" ]; entonces
eco " No hay exploits encontrados para: $search_term"
Regreso 1
fi
# Parse and categorize exploits
python3 __HTML_TAG_169_= 2022: # Ajuste basado en el año actual
categorías ['recent'].append(exploit)
# Guardar datos categorizados
para la categoría, exploits_list in categories.items():
si exploits_list:
category_dir = f'$term_dir/\{category\} '
os.makedirs(category_dir, exist_ok=True)
con open(f'\{category_dir\}/exploits.json', 'w') as f:
json.dump(exploits_list, f, indent=2)
# Crear lista de descargas
con open(f'\{category_dir\}/download_list.txt, 'w') como f:
para explotar en exploits_list[:20]: # Limit to 20 per category
f.write(f"\{exploit.get('EDB-ID', '')\\n")
print(f" [+] \{category\}: \{len(exploits_list)\} exploits")
print(f" [+] Categorización completada para $search_term")
EOF
# Descargar exploits por categoría
para categoría_dir en "$term_dir"/*; do
si [ -d "$category_dir" ] " [ -f "$category_dir/download_list.txt" ]; entonces
category_name=$(basename "$category_dir")
eco [+] Descargar $category_name exploits"
mientras leído -r edb_id; hacer
si [ -n "$edb_id" ]; entonces
searchsploit -m "$edb_id" -o "$category_dir/" 2 confianza/dev/null habittrue
fi
hecho < "$category_dir/download_list.txt"
fi
done
return 0
\}
# Function to create collection index
create_collection_index() \{
echo "[+] Creating collection index"
local index_file="$OUTPUT_DIR/collection_index.html"
python3 << EOF
import json
import os
import glob
from datetime import datetime
from collections import defaultdict
# Collect all exploit data
all_exploits = []
term_stats = defaultdict(lambda: defaultdict(int))
for results_file in glob.glob('$OUTPUT_DIR/*/search_results.json'):
term_name = os.path.basename(os.path.dirname(results_file))
try:
with open(results_file, 'r') as f:
data = json.load(f)
exploits = data.get('RESULTS_EXPLOIT', [])
all_exploits.extend(exploits)
# Calculate statistics
term_stats[term_name]['total'] = len(exploits)
for exploit in exploits:
platform = exploit.get('Platform', 'Unknown')
exploit_type = exploit.get('Type', 'Unknown')
term_stats[term_name]['platforms'][platform] += 1
term_stats[term_name]['types'][exploit_type] += 1
except:
continue
# Generate HTML index
html_content = f"""
<!DOCTYPE html>
<html>
<head>
__HTML_TAG_173_Exploit Collection: $COLLECTION_NAME</title>_
</head>
<body>
<div class="header">
<h1>Explot Collection: $COLLECTION_NAME</h1>_
__HTML_TAG_180_Generated: \{datetime.now()strftime('%Y-%m-%d %H:%M:%S')\}_HTML_TAG_181_____
<p>Search Términos: $SEARCH_TERMS__HTML_TAG_183_
</div>
<div class="stats">
<div class="stat-box">
<h3>\{len(all_exploits)\}_HTML_TAG_188___
__HTML_TAG_189_Total Exploits</p>
</div>
<div class="stat-box">
__HTML_TAG_193_\{len(term_stats)\}_HTML_TAG_194___
<p>Search Términos</p>_
</div>
<div class="stat-box">
__HTML_TAG_199_\{len(set(e.get('Platform', 'Unknown') for e in all_exploits)}</h3>__
<p>Platforms</p>
</div>
<div class="stat-box">
<h3>\{len(set(e.get('Type', 'Unknown') for e in all_exploits))\</h3>_
<p>Explot Tipos</p>
</div>
</div>
__HTML_TAG_211_Colección Contents</h2>
"
# Añadir detalles para cada término de búsqueda
para term_name, Estadísticas en term_stats.items():
html_content += f""
<div class="term">
__HTML_TAG_214_\{term_name.replace('_', '')title()\_</h3>__
<p>_<strong>Total Exploits:_HTML_TAG_218_ \{stats['total '
__HTML_TAG_220_Categorías Disponibles:</h4>
<div style="display: flex; flex-wrap: wrap; gap: 10px;">
"
# Lista de categorías disponibles
term_dir = f"$OUTPUT_DIR/\{term_name\}"
para la categoría en ['remote', 'local', 'webapps', 'dos', 'ventanas', 'linux', 'php', 'recent']:
categor_path = f"\{term_dir\}/\{category\}"
si os.path.exists(category_path):
exploit_count = 0
Prueba:
con open(f"\{category_path\}/exploits.json", 'r') como f:
exploits = json.load(f)
exploit_count = len(exploits)
excepto:
paso
html_content += f""
<div class="category">
<strong>\{category.title()\_</strong>___________________
\{exploit_count\} exploits
</div>
"
html_content += ""
</div>
</div>
"
html_content += ""
<h2> Instrucciones de uso_</h2>
<div class="term">
<h3>_Directory Structure_</h3>_
<ul>
<li>__<strong>_search_term/_</strong> - Resultados del término de búsqueda individuales___HTML_TAG_239_
<li>__<strong>search_term/category/</strong> - Exploits categorized by type/platform</li>
<li>_<strong>search_term/categoría/exploits.json_</strong> - Exploit metadata</li>_
<li>__<strong>_search_term/category/[EDB-ID].*_</strong> - Explotación descargada</li>
</ul>
<h3>Quick Access Commands</h3>
<pre>
# Ver todas las explotaciones remotas
encontrar . -nombre "remote" -tipo d
# Lista todos los archivos de exploit descargados
encontrar. -nombre "*.c" -o -nombre "*.py" -o -nombre "*.rb" -o -nombre "*.pl"
# Search within collection
grep -r "desbordamiento del amor" .
# Cuenta explotaciones por tipo
encontrar . -nombre "exploits.json" -exec jq -r '.[].Type' \{\} \; -c
</pre>
</div>
</body>
</html>
"
con open('$index_file', 'w') como f:
f.write(html_content)
print(f"[+] Índice de colección generado: $index_file")
EOF
{\cHFF}
# Función para crear colección portátil
create_portable_collection() \{
eco "[+] Creación de archivo de colección portátil"
archivo local_name="$\{COLLECTION_NAME\}_exploit_collection_$(date +%Y%m%d).tar.gz"
# Create README
gato "$OUTPUT_DIR/README.md" << EOF
# Exploit Collection: $COLLECTION_NAME
Generated: $(date)
Search Terms: $SEARCH_TERMS
## Directory Structure
- **search_term/**: Individual search term results
- **search_term/category/**: Exploits categorized by type/platform
- **search_term/category/exploits.json**: Exploit metadata
- **search_term/category/[EDB-ID].***: Downloaded exploit files
## Categories
- **remote**: Remote code execution exploits
- **local**: Local privilege escalation exploits
- **webapps**: Web application exploits
- **dos**: Denial of service exploits
- **windows**: Windows-specific exploits
- **linux**: Linux-specific exploits
- **php**: PHP-specific exploits
- **recent**: Recent exploits (last 2 years)
## Usage
1. Extract the archive to your desired location
2. Open collection_index.html for an overview
3. Navigate to specific categories for targeted exploits
4. Review exploit code before use
5. Ensure proper authorization before testing
## Legal Notice
These exploits are provided for educational and authorized testing purposes only.
Only use against systems you own or have explicit written permission to test.
Unauthorized use may violate local laws and regulations.
EOF
# Create archive
tar -czf "$archive_name" -C "$(dirname "$OUTPUT_DIR")" "$(basename "$OUTPUT_DIR")"
echo "[+] Portable collection created: $archive_name"
echo " Archive size: $(du -h "$archive_name"|cut -f1)"
\}
# Main execution
echo "[+] Starting exploit collection and organization"
echo "[+] Collection name: $COLLECTION_NAME"
echo "[+] Search terms: $SEARCH_TERMS"
# Check dependencies
if ! command -v searchsploit &> /dev/null; entonces
echo "[-] SearchSploit not found. Por favor, instale ExploitDB primero."
Salida 1
fi
# Procesar cada término de búsqueda
IFS=',' read -ra TERMS `__INLINE_CODE_27_` "$CONFIG_FILE" << 'EOF'
# Exploit Monitoring Configuration
# Monitoring targets (one per line)
MONITOR_TARGETS="
Apache
nginx
WordPress
PHP
Windows 10
Linux kernel
OpenSSL
"
# Alert settings
ALERT_ON_NEW_EXPLOITS=true
ALERT_ON_HIGH_SEVERITY=true
MINIMUM_SEVERITY_THRESHOLD=5
# Database settings
UPDATE_DATABASE=true
UPDATE_INTERVAL=86400 # 24 hours
# Notification settings
EMAIL_ALERTS=true
SLACK_WEBHOOK=""
DISCORD_WEBHOOK=""
EOF
echo "Created $CONFIG_FILE - please configure monitoring settings"
exit 1
fi
source "$CONFIG_FILE"
# Function to update ExploitDB
update_database() \{
echo "[+] Updating ExploitDB database"
local update_log="$LOG_DIR/database_update_$(date +%Y%m%d_%H%M%S).log"
searchsploit -u >_ "$update_log" 2 conviniendo personalmente1
si [ $? -eq 0 ]; entonces
eco [+] Base de datos actualizada con éxito"
retorno 0
más
eco " La actualización de la base falló"
Regreso 1
fi
{\cHFF}
# Función para comprobar nuevas explotaciones
check_new_exploits() \{
local target="$1"
local timestamp=$(date +%Y%d_%H%M%S)
local current_results="$LOG_DIR/$\{target\}_$\{timestamp\}.json"
local previous_results="$LOG_DIR/$\{target\}_previous.json"
eco "[+] Checking for new exploits: $target"
# Get current exploits
searchsploit -j "$target" "$current_results"
si [ ! -s "$current_results" ]; entonces
eco " No hay exploits encontrados para: $target"
Regreso 1
fi
# Compare with previous results
si [ -f "$previous_results" ]; entonces
# Extract exploit IDs
local current_ids=$(jq -r '.RESULTS_EXPLOIT[]?.["EDB-ID"] "$current_results" 2 propiedades/dev/null sometidasort)
local previous_ids=$(jq -r '.RESULTS_EXPLOIT[]?.["EDB-ID"] "$previous_results" 2 confianza/dev/null eternasort)
# Find new exploits
local new_exploits=$(comm -23 __HTML_TAG_262_= $MINIMUM_SEVERITY_THRESHOLD:
print("ALERT_THRESHOLD_EXCEED")
excepto Excepción como e:
print(f"Error evaluando la gravedad: \{e\}")
EOF
{\cHFF}
# Función para enviar alertas
send_alert() \{
local alert_type="$1"
blanco local="$2"
cuenta local="$3"
local details_file="$4"
local subject="[EXPLOIT ALERT] $alert_type: $target"
local message="Alert: $count new exploits found for $target at $(date)"
eco "[!] Alerta de envío: $subject"
Alerta de correo electrónico
si [ "$EMAIL_ALERTS" = "verdad" ] " .
si [ -f "$details_file" ]; entonces
eco "$message" WordPressmail -s "$subject" -A "$details_file" "$ALERT_EMAIL" 2 titulado/dev/null habit
eco "Email alert failed"
más
eco "$message" WordPressmail -s "$subject" "$ALERT_EMAIL" 2 confianza/dev/null sometida eterna\
eco "Email alert failed"
fi
fi
# Slack alert
si [ -n "$SLACK_WEBHOOK" ]; entonces
curl -X POST -H 'Content-type: application/json' \
--data "\{\"text\":\"$subject: $message\"\" \
"$SLACK_WEBHOOK" "La alerta falló"
fi
Alerta de disco
si [ -n "$DISCORD_WEBHOOK" ]; entonces
curl -X POST -H 'Content-type: application/json' \
--data "\{\"content\":\"$subject: $message\"\" \
"$DISCORD_WEBHOOK" 2 título/dev/null sometido "La alerta de disco falló"
fi
{\cHFF}
# Función para generar informe de monitoreo
genera_monitoring_report() \{
eco "[+] Generando informe de monitoreo"
local report_file="$ LOG_DIR/monitoring_report_$(date +%Y%m%d).html"
python3 __HTML_TAG_263_= cutoff_time:
# Extract target name
target = filename.split('_new_')[0]
con open(new_file, 'r') como f:
exploits = json.load(f)
monitoring_data[target].extend(exploits)
total_new_exploits += len(exploits)
excepto:
continuar
# Generar informe HTML
html_content = f""
<!DOCTYPE html>
<html>_
<head>
<title>Explot Monitoring Report</title>_
</head>
<body>
<div class="header">
__HTML_TAG_272_Explot Monitoring Report</h1>
__HTML_TAG_274_Generated: \{datetime.now()strftime('%Y-%m-%d ¿Por qué?
<p>Monitoring Período: Las últimas 24 horas</p>
</div>
<div class="alert">
<h2> Alert Summary_</h2>
<p>___HTML_TAG_283_Total New Exploits:_HTML_TAG_284__ \{total_new_exploits\}_HTML_TAG_285___
<p>___HTML_TAG_287_Afectado Metas:_HTML_TAG_288__ \{len(monitoring_data)\</p>
</div>
"
si control_data:
html_content += "<h2>New Exploits by Target_HTML_TAG_292_"
for target, exploits in monitoring_data.items():
html_content += f""
<div class="target">
<h3>\{target\}_HTML_TAG_295__
<p>___HTML_TAG_297_Nuevos Exploits:</strong> \{len(exploits)\}_HTML_TAG_299__
<table>
__HTM__________________________________________________________________________
"
para explotar en las explotaciones [:10]: # Mostrar top 10
html_content += f""
<tr>
<td>___HTML_TAG_315_\{exploit.get('EDB-ID', ')\_HTML_TAG_316_____HTML_TAG_317_
__HTML_TAG_318_\{exploit.get('Title', "
__HTML_TAG_320_\{exploit.get('Platform', "
__HTML_TAG_322_\{exploit.get('Type', "
__HTML_TAG_324_\{exploit.get('Date', "
</tr>
"
html_content += ""
</table>
</div>
"
más:
html_content += ""
<div class="target">
<h2>_ No hay nuevos explosivos</h2>_
__HTML_TAG_332_No se detectaron nuevos exploits en las últimas 24 horas para objetivos monitorizados.</p>_
</div>
"
html_content += ""
</body>
</html>_
"
con open('$report_file', 'w') como f:
f.write(html_content)
print(f"[+] Informe de monitoreo generado: $report_file")
EOF
{\cHFF}
# Función para limpiar viejos registros
cleanup_logs() \{
eco "[+] Limpieza de viejos registros de monitoreo"
# Mantén registros durante 30 días
encontrar "$LOG_DIR" -nombre "*.json" -mtime +30 -delete
encontrar "$LOG_DIR" -nombre "*.log" -mtime +30 -delete
encontrar "$LOG_DIR" -nombre "*.html" -mtime +7 - ¡Lee!
{\cHFF}
# Main monitoring loop
eco "[+] Inicio de monitoreo continuo de hazañas"
eco "[+] Intervalo de comprobación: $((CHECK_INTERVAL / 60) minutos"
last_update=0
mientras que cierto; hacer
eco "[+] Ciclo de monitoreo inicial en $(fecha)"
# Actualizar la base de datos si es necesario
current_time=$(date +%s)
si [ "$UPDATE_DATABASE" = "true" ] "
si update_database; entonces
last_update=$current_time
fi
fi
# Check each monitored target
eco "$MONITOR_TARGETS" mientras tanto leído -r objetivo; hacer
# Skip empty lines
[ -z "$target"]
check_new_exploits "$target"
hecho
# Generar informe diario y limpieza
genera_monitoring_report
cleanup_logs
eco "[+] ciclo de monitoreo completado en $(fecha)"
eco "[+] Next check in $((CHECK_INTERVAL / 60) minutes"
dormir "$CHECK_INTERVAL"
hecho
__CODE_BLOCK_19_bash
# Search for Metasploit modules using SearchSploit
searchsploit metásploit apache
# Encontrar explotaciones con módulos Metasploit
searchsploit -j apache vidasjq -r '.RESULTS_EXPLOIT[] sometidaselect(.Title habitcontains("Metasploit")) '
# Cross-reference with Metasploit database
msfconsole -q -x "search edb:12345; exit"
Nmap Integration¶
# Use SearchSploit con los resultados del análisis de Nmap
nmap -sV target.com soportagrep -E "^[0-9]+/tcp" permanentemente línea de lectura; do
service=$(echo "$line" WordPressawk '\{print $3\})
versión=$(echo "$line")
eco "Buscando explotaciones para: $service $version"
searchsploit "$service $version"
hecho
# Create Nmap script using SearchSploit
cat > búsquedasploit.nse << 'EOF'
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
description = [[
Uses SearchSploit to find exploits for detected services.
]]
author = "Security Researcher"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = \{"discovery", "safe"\}
portrule = shortport.version_port_or_service()
action = function(host, port)
local service = port.service
local version = port.version
if service and version then
local cmd = string.format("searchsploit '%s %s'", service, version.version or "")
local result = os.execute(cmd)
return string.format("SearchSploit query: %s", cmd)
end
return nil
end
EOF
__CODE_BLOCK_21__bash
# Export SearchSploit results for Burp Suite
searchsploit -j web|jq -r '.RESULTS_EXPLOIT[]|select(.Type|contains("webapps"))|.Title' >_ burp_payloads.txt
# Create Burp Suite extension payload list
searchsploit --type webapps -j vidasjq -r '.RESULTS_EXPLOIT[] tortura.["EDB-ID"] "durante la lectura id; do
searchsploit -m "$id" -o /tmp/burp_exploits/
hecho
Troubleshooting¶
Common Issues¶
Database Problems¶
# Base de datos no encontrada
searchsploit - Rápido.
ls -la /opt/exploitdb/
# Base de datos
searchsploit --rebuild
# Fijar permisos
sudo chown -R $USER:$USER /opt/exploitdb/
Actualización de la base de datos manual
cd /opt/exploitdb ♪
Search Issues¶
# No se han encontrado resultados
searchsploit - Mira.
searchsploit --stats
# Caché transparente
rm -rf ~/.searchsploit_cache
# Búsqueda de depuración
searchsploit --debug apache
# Términos de búsqueda
searchsploit -e "exact match"
searchsploit -i "case insensible"
File Access Problems¶
Permiso negado
sudo chmod +x /opt/exploitdb/searchsploit
# Archivo no encontrado
searchsploit -p 12345
ls -la /opt/exploitdb/exploits/
# Problemas de copia
searchsploit -m 12345 -o /tmp/
ls -la /tmp/
Performance Issues¶
# Búsquedas lentas
searchsploit --platform linux apache # Limit platform
searchsploit -t apache # Title only
searchsploit apache sufrimientohead -20 # Limit results
# Gran base de datos
du -sh /opt/exploitdb/
git gc --aggressive # Cleanup git repo
# Cuestiones de memoria
ulimit -v 1000000 # Limite la memoria virtual
Resources¶
- SearchSploit GitHub Repository
- ExploitDB Website
- Offensive Security Documentation
- SearchSploit Manual
- Exploit Development Resources
- CVE Database
- National Vulnerability Database
This cheat sheet provides a comprehensive reference for using SearchSploit for exploit research and vulnerability assessment. Always ensure you have proper authorization before using any exploits in any environment.
Filter by specific platforms¶
searchsploit apache|grep -i linux searchsploit apache|grep -i windows
Filter by exploit type¶
searchsploit apache|grep -i remote searchsploit apache|grep -i local
Sort by date (newest first)¶
searchsploit -j apache|jq -r '.RESULTS_EXPLOIT[]|"(.Date) (.Title)"'|sort -r
Exploit Management¶
Copying and Downloading Exploits¶
Viewing and Examining Exploits¶
Exploit Organization¶
Database Management¶
Database Updates¶
Database Information¶
Database Maintenance¶
Automation Scripts¶
Automated Vulnerability Assessment¶
Exploit Collection and Organization¶
Continuous Monitoring for New Exploits¶
Integration with Security Tools¶
Metasploit Integration¶
Nmap Integration¶
Burp Suite Integration¶
Troubleshooting¶
Common Issues¶
Database Problems¶
Search Issues¶
File Access Problems¶
Performance Issues¶
Resources¶
- SearchSploit GitHub Repository
- ExploitDB Website
- Offensive Security Documentation
- SearchSploit Manual
- Exploit Development Resources
- CVE Database
- National Vulnerability Database
This cheat sheet provides a comprehensive reference for using SearchSploit for exploit research and vulnerability assessment. Always ensure you have proper authorization before using any exploits in any environment.
Filter by specific platforms¶
searchsploit apache|grep -i linux searchsploit apache|grep -i windows
Filter by exploit type¶
searchsploit apache|grep -i remote searchsploit apache|grep -i local
Sort by date (newest first)¶
searchsploit -j apache|jq -r '.RESULTS_EXPLOIT[]|"(.Date) (.Title)"'|sort -r ```
Resources¶
[SearchSploit GitHub Repository](URL_338_ - [ExploitDB Website](URL_339__ - [Documentación de seguridad defensiva](URL_340__ - [SearchSploit Manual](URL_341__ - [Explot Development Resources](URL_342_ - [CVE Database](URL_343__ - [Base de datos de vulnerabilidad nacional](URL_344__
-...
*Esta hoja de trampa proporciona una referencia completa para el uso de SearchSploit para la investigación de explotación y evaluación de vulnerabilidad. Siempre asegúrese de tener una autorización adecuada antes de utilizar cualquier explotación en cualquier entorno. *