Aller au contenu
1337skills 1337skills - Aide-mémoires

Pompem

Overview

Section intitulée « Overview »

Pompem is a Python-based tool that automates the search for known exploits and vulnerabilities across multiple databases including ExploitDB, PacketStorm, and WPScan. It provides security researchers and penetration testers with an efficient way to identify publicly available exploits, vulnerability information, and proof-of-concepts for discovered software and applications without manually querying multiple sources.

Installation

Section intitulée « Installation »

Linux (Debian/Ubuntu)

Section intitulée « Linux (Debian/Ubuntu) »
sudo apt-get install python3 python3-pip
pip3 install pompem

Fedora/RHEL

Section intitulée « Fedora/RHEL »
sudo dnf install python3 python3-pip
pip3 install pompem

macOS

Section intitulée « macOS »
brew install python3
pip3 install pompem

Windows

Section intitulée « Windows »
pip install pompem

From Source

Section intitulée « From Source »
git clone https://github.com/jmendozauc/pompem.git
cd pompem
pip3 install -r requirements.txt
python3 pompem.py

Verify Installation

Section intitulée « Verify Installation »
pompem --version
pompem --help

Core Concepts

Section intitulée « Core Concepts »

Vulnerability Databases

Section intitulée « Vulnerability Databases »

Pompem integrates with:

  • ExploitDB: Largest exploit database with 50,000+ exploits
  • PacketStorm: Vulnerability and security resource repository
  • WPScan: WordPress vulnerability database
  • SecurityFocus: Bugtraq vulnerability information
  • Metasploit Database: Exploitation framework modules

Search Methods

Section intitulée « Search Methods »
  • Application name search
  • CVE identifier lookup
  • Version-specific vulnerability matching
  • Software component identification

Data Aggregation

Section intitulée « Data Aggregation »

Pompem combines results from multiple sources to provide comprehensive vulnerability information.

Basic Commands

Section intitulée « Basic Commands »

Search by Application Name

Section intitulée « Search by Application Name »
pompem -s "Apache"
pompem -s "nginx"
pompem -s "WordPress"

Search by CVE

Section intitulée « Search by CVE »
pompem -s "CVE-2024-1234"
pompem -c CVE-2024-00000

Search with Version Information

Section intitulée « Search with Version Information »
pompem -s "Apache 2.4.41"
pompem -s "WordPress 6.0.1"

Search All Databases

Section intitulée « Search All Databases »
pompem -s "application_name" -a

Common Usage Patterns

Section intitulée « Common Usage Patterns »
CommandDescription
pompem -s "app_name"Search for application vulnerabilities
pompem -c "CVE-XXXX"Search by CVE identifier
pompem -s "app" -eSearch ExploitDB only
pompem -s "app" -wSearch WPScan only
pompem -s "app" -pSearch PacketStorm only
pompem -s "app" -aSearch all databases
pompem -s "app" -f jsonOutput in JSON format

Database-Specific Searches

Section intitulée « Database-Specific Searches »
Section intitulée « ExploitDB Search »
pompem -s "Apache Struts" -e
pompem -s "PHP 7.4" -e

WPScan Search (WordPress)

Section intitulée « WPScan Search (WordPress) »
pompem -s "WordPress" -w
pompem -s "Akismet" -w
pompem -s "WooCommerce" -w
Section intitulée « PacketStorm Search »
pompem -s "Cisco IOS" -p
pompem -s "Windows RDP" -p
Section intitulée « Combined Database Search »
pompem -s "Apache 2.4" -a
pompem -c "CVE-2021-41773" -a

Advanced Search Techniques

Section intitulée « Advanced Search Techniques »

Search with Multiple Terms

Section intitulée « Search with Multiple Terms »
pompem -s "Apache Struts 2 RCE"
pompem -s "PHP SQL injection"
Section intitulée « Version Range Search »
pompem -s "WordPress 5.0"
pompem -s "Drupal 8"

Specific Vulnerability Type

Section intitulée « Specific Vulnerability Type »
pompem -s "Apache" | grep -i "rce\|injection\|bypass"

Filter Results

Section intitulée « Filter Results »
pompem -s "application" | grep "2024"
pompem -s "application" | grep -i "critical\|high"

Output Formats

Section intitulée « Output Formats »

Default Text Output

Section intitulée « Default Text Output »
pompem -s "Apache"

JSON Output

Section intitulée « JSON Output »
pompem -s "Apache" -f json
pompem -s "WordPress" -f json > wordpress_vulns.json

CSV Export

Section intitulée « CSV Export »
pompem -s "application" -f csv > vulns.csv

Save to File

Section intitulée « Save to File »
pompem -s "Apache" > apache_vulnerabilities.txt
pompem -c "CVE-2024-1234" > cve_search.txt

Vulnerability Assessment Workflow

Section intitulée « Vulnerability Assessment Workflow »

Step 1: Identify Target Software

Section intitulée « Step 1: Identify Target Software »
# Determine application versions running on target
# Example: Apache 2.4.41, PHP 7.4.10, WordPress 5.9

Step 2: Search Each Component

Section intitulée « Step 2: Search Each Component »
pompem -s "Apache 2.4.41" -a
pompem -s "PHP 7.4.10" -a
pompem -s "WordPress 5.9" -a

Step 3: Collect Results

Section intitulée « Step 3: Collect Results »
pompem -s "Apache 2.4.41" -a > apache_vulns.txt
pompem -s "PHP 7.4.10" -a > php_vulns.txt
pompem -s "WordPress 5.9" -a > wordpress_vulns.txt

Step 4: Analyze and Prioritize

Section intitulée « Step 4: Analyze and Prioritize »
cat *_vulns.txt | sort | uniq > all_vulnerabilities.txt
grep -i "remote\|critical" all_vulnerabilities.txt > critical_vulns.txt

Step 5: Document Findings

Section intitulée « Step 5: Document Findings »
# Create assessment report with findings

Reconnaissance Integration

Section intitulée « Reconnaissance Integration »

Web Application Fingerprinting

Section intitulée « Web Application Fingerprinting »
# After identifying web technologies
pompem -s "Nginx 1.18" -a
pompem -s "PHP 8.0" -a
pompem -s "WordPress 5.8" -a

Service Discovery Follow-up

Section intitulée « Service Discovery Follow-up »
# Search identified services
pompem -s "OpenSSH 7.4" -a
pompem -s "Postfix 2.11" -a
pompem -s "Bind 9.11" -a

Plugin/Module Enumeration

Section intitulée « Plugin/Module Enumeration »
# Search discovered plugins
pompem -s "WordPress WooCommerce" -w
pompem -s "Drupal Views" -e

Batch Processing

Section intitulée « Batch Processing »

Search Multiple Applications

Section intitulée « Search Multiple Applications »
#!/bin/bash
APPS=("Apache 2.4" "PHP 7.4" "WordPress 5.9" "MySQL 8.0")

for app in "${APPS[@]}"; do
    echo "=== Searching for $app ===" >> vulnerabilities.txt
    pompem -s "$app" -a >> vulnerabilities.txt
    echo "" >> vulnerabilities.txt
done

Process CVE List

Section intitulée « Process CVE List »
#!/bin/bash
while IFS= read -r cve; do
    pompem -c "$cve" -a >> cve_details.txt
done < cve_list.txt

Search from Nmap Output

Section intitulée « Search from Nmap Output »
# After nmap service detection
pompem -s "Apache httpd 2.4.41"
pompem -s "OpenSSH 7.6p1"

Exploit Identification

Section intitulée « Exploit Identification »

Find Available Exploits

Section intitulée « Find Available Exploits »
pompem -s "application" -e | grep -i "exploit\|poc"

Identify POCs

Section intitulée « Identify POCs »
pompem -s "Apache Struts 2" -e
# Will show available Proof-of-Concepts

Get Exploit Details

Section intitulée « Get Exploit Details »
pompem -s "vulnerability" -a
# Returns full details including exploit source URLs

CVE Tracking

Section intitulée « CVE Tracking »

Search by CVE ID

Section intitulée « Search by CVE ID »
pompem -c "CVE-2021-41773"
pompem -c "CVE-2021-44228"

Track CVE Across Databases

Section intitulée « Track CVE Across Databases »
pompem -c "CVE-2024-12345" -a
# Shows all available resources for the CVE

Recent Vulnerability Research

Section intitulée « Recent Vulnerability Research »
pompem -s "2024" | head -20

WordPress-Specific Searches

Section intitulée « WordPress-Specific Searches »

Theme Vulnerabilities

Section intitulée « Theme Vulnerabilities »
pompem -s "WordPress Twenty Twenty Two" -w
Section intitulée « Plugin Search »
pompem -s "WordPress Plugin" -w
pompem -s "WooCommerce" -w
Section intitulée « Core Vulnerability Search »
pompem -s "WordPress 6.0" -w

Content Management System Searches

Section intitulée « Content Management System Searches »

Drupal Vulnerabilities

Section intitulée « Drupal Vulnerabilities »
pompem -s "Drupal 9" -a
pompem -s "Drupal Module" -e

Joomla Vulnerabilities

Section intitulée « Joomla Vulnerabilities »
pompem -s "Joomla 3.10" -a
pompem -s "Joomla Extension" -e

Magento Vulnerabilities

Section intitulée « Magento Vulnerabilities »
pompem -s "Magento 2.4" -a

Integration with Testing Tools

Section intitulée « Integration with Testing Tools »

Feed to Exploit Frameworks

Section intitulée « Feed to Exploit Frameworks »
# Extract exploit URLs for Metasploit
pompem -s "Windows Server 2019" -e | grep "http" > exploit_urls.txt

Create Vulnerability Dashboard

Section intitulée « Create Vulnerability Dashboard »
# Generate JSON report for dashboard
pompem -s "application" -f json > vuln_dashboard.json

Cross-Reference with Nessus

Section intitulée « Cross-Reference with Nessus »
# Compare Pompem results with Nessus scan
pompem -s "service_name" -a > pompem_results.txt
# Compare with Nessus export

Reporting

Section intitulée « Reporting »

Generate Summary Report

Section intitulée « Generate Summary Report »
echo "=== Vulnerability Assessment Report ===" > report.txt
echo "Date: $(date)" >> report.txt
echo "Target: target.com" >> report.txt
echo "" >> report.txt
echo "=== Identified Vulnerabilities ===" >> report.txt
pompem -s "identified_service" -a >> report.txt

Create Detailed Vulnerability Documentation

Section intitulée « Create Detailed Vulnerability Documentation »
#!/bin/bash
SERVICES=("Apache 2.4.41" "PHP 7.4.10" "WordPress 5.9")

{
    echo "# Vulnerability Assessment Report"
    echo "Date: $(date)"
    echo ""
    
    for service in "${SERVICES[@]}"; do
        echo "## $service"
        pompem -s "$service" -a
        echo ""
    done
} > assessment_report.txt

Export for Management Review

Section intitulée « Export for Management Review »
pompem -s "application" -f json | jq '.[] | {name, severity, cve}' > executive_summary.json

Performance Optimization

Section intitulée « Performance Optimization »

Parallel Searches (GNU Parallel)

Section intitulée « Parallel Searches (GNU Parallel) »
echo "Apache 2.4" | parallel pompem -s {}
cat app_list.txt | parallel pompem -s {}

Batch Caching Results

Section intitulée « Batch Caching Results »
# Cache results for repeated searches
pompem -s "Apache" -a > apache_cache.txt
# Use cached results for reporting
cat apache_cache.txt

Troubleshooting

Section intitulée « Troubleshooting »

Database Connection Issues

Section intitulée « Database Connection Issues »
# Check internet connectivity
ping www.google.com

# Verify API endpoints are accessible
curl -I "https://www.exploit-db.com"

Timeout Errors

Section intitulée « Timeout Errors »
# Increase timeout for large result sets
timeout 60 pompem -s "popular_application"

Filter Large Result Sets

Section intitulée « Filter Large Result Sets »
# Narrow searches to reduce results
pompem -s "Apache 2.4.41" -e  # Specific version
pompem -c "CVE-2024-12345"     # Specific CVE

Update Database

Section intitulée « Update Database »
# Ensure latest vulnerability data
pip3 install --upgrade pompem

Best Practices

Section intitulée « Best Practices »
  • Verify Findings: Cross-reference results with official sources
  • Document Sources: Note which database provided each finding
  • Prioritize Severity: Focus on critical and high-severity vulnerabilities
  • Check Patch Status: Verify if patches are available
  • Timeline Tracking: Note vulnerability disclosure dates
  • Responsible Disclosure: Follow coordinated disclosure practices
  • Regular Searches: Maintain up-to-date vulnerability inventory
  • Assessment Reports: Document all findings systematically
Section intitulée « Related Tools »
  • Nuclei: Template-based scanning with integration
  • Searchsploit: Local ExploitDB search tool
  • Shodan: Internet search engine for services
  • CVEDetails: CVE information aggregator
  • SecurityTrails: DNS and domain intelligence
  • OpenCVE: CVE monitoring platform