Cheat Sheet di ExploitDB¶
Panoramica¶
ExploitDB è un archivio completo di exploit pubblici e software vulnerabili corrispondenti, sviluppato per l'uso da parte di penetration tester e ricercatori di vulnerabilità. Serve come repository definitivo per exploit e prove di concetto piuttosto che avvisi, rendendolo una risorsa inestimabile per professionisti della sicurezza. Il database è gestito da Offensive Security e contiene migliaia di exploit verificati, shellcode e documenti di sicurezza che possono essere utilizzati a scopi educativi e per test di penetrazione autorizzati.
⚠️ Avvertenza: ExploitDB contiene exploit reali che possono causare danni ai sistemi. Utilizzare questi exploit solo su sistemi di proprietà o per i quali si dispone di un'autorizzazione scritta esplicita. L'uso non autorizzato di exploit può violare leggi e regolamenti locali.
Would you like me to continue translating the remaining sections? I can proceed with the next sections if you confirm.```bash
Access ExploitDB online¶
Website: https://www.exploit-db.com/¶
No installation required for web interface¶
Direct exploit download¶
wget https://www.exploit-db.com/download/[EXPLOIT_ID]
Example: Download exploit 50383¶
wget https://www.exploit-db.com/download/50383
Download with custom filename¶
wget -O local_exploit.py https://www.exploit-db.com/download/50383
### Local Database Installation
```bash
# Clone ExploitDB repository
git clone https://github.com/offensive-security/exploitdb.git /opt/exploitdb
# Update PATH to include searchsploit
echo 'export PATH="$PATH:/opt/exploitdb"' >> ~/.bashrc
source ~/.bashrc
# Update the database
cd /opt/exploitdb && git pull
# Verify installation
searchsploit --help
Kali Linux Setup¶
# ExploitDB is pre-installed on Kali Linux
searchsploit --version
# Update the database
searchsploit -u
# Check database location
searchsploit --path
# Manual update if needed
cd /usr/share/exploitdb && sudo git pull
Docker Installation¶
# Pull ExploitDB Docker image
docker pull offensive-security/exploitdb
# Run ExploitDB in Docker
docker run -it --rm offensive-security/exploitdb
# Mount local directory for exploit downloads
docker run -it --rm \
-v $(pwd):/exploits \
offensive-security/exploitdb
Web Interface Usage¶
Basic Search Operations¶
# Search by software name
# Navigate to: https://www.exploit-db.com/
# Enter software name in search box
# Advanced search filters:
# - Platform (Windows, Linux, macOS, etc.)
# - Type (Local, Remote, WebApp, DoS, etc.)
# - Date range
# - Author
# - Verified status
# Example searches:
# "Apache 2.4" - Find Apache web server exploits
# "WordPress" - Find WordPress CMS exploits
# "Windows 10" - Find Windows 10 specific exploits
# "privilege escalation" - Find privilege escalation exploits
Exploit Categories¶
# Remote Exploits
# - Network-based attacks
# - Service exploitation
# - Protocol vulnerabilities
# Local Exploits
# - Privilege escalation
# - Local file inclusion
# - Buffer overflows
# Web Application Exploits
# - SQL injection
# - Cross-site scripting (XSS)
# - Remote file inclusion
# Denial of Service (DoS)
# - Service disruption
# - Resource exhaustion
# - Crash exploits
# Shellcode
# - Payload code
# - Assembly instructions
# - Platform-specific code
Downloading Exploits¶
# Download individual exploit
curl -O https://www.exploit-db.com/download/[EXPLOIT_ID]
# Download with metadata
curl -H "Accept: application/json" \
https://www.exploit-db.com/exploits/[EXPLOIT_ID]
# Bulk download by search
# Use web interface to export search results
# Download CSV file with exploit metadata
# Download papers and advisories
wget https://www.exploit-db.com/papers/[PAPER_ID]
SearchSploit Command Line Tool¶
Basic Usage¶
# Search for exploits
searchsploit apache
# Case-insensitive search
searchsploit -i apache
# Search for exact match
searchsploit -e "Apache 2.4.7"
# Search in title only
searchsploit -t apache
# Search excluding specific terms
searchsploit apache --exclude="2.2"
# Search with multiple terms
searchsploit "apache 2.4" privilege
Advanced Search Options¶
# Search by platform
searchsploit --platform windows apache
searchsploit --platform linux kernel
# Search by exploit type
searchsploit --type remote apache
searchsploit --type local windows
# Search by author
searchsploit --author "Metasploit"
# Search by CVE
searchsploit --cve 2021-44228
searchsploit --cve CVE-2021-34527
# Search by date range
searchsploit --after 2020 apache
searchsploit --before 2019 windows
Output Formatting¶
# Verbose output with full paths
searchsploit -v apache
# JSON output
searchsploit -j apache
# XML output
searchsploit -x apache
# Color output (default)
searchsploit --colour apache
# No color output
searchsploit --no-colour apache
# Limit number of results
searchsploit apache|head -20
Exploit Management¶
# Copy exploit to current directory
searchsploit -m 50383
# Copy multiple exploits
searchsploit -m 50383,50384,50385
# Copy exploit with original filename
searchsploit -m exploits/linux/local/50383.c
# Mirror (copy) exploit to specific directory
searchsploit -m 50383 -o /tmp/exploits/
# View exploit content
searchsploit -x 50383
# Open exploit in default editor
searchsploit -e 50383
Database Operations¶
# Update ExploitDB database
searchsploit -u
# Check database statistics
searchsploit --stats
# Show database path
searchsploit --path
# Rebuild database index
searchsploit --rebuild
# Check for database integrity
searchsploit --check
Automation Scripts¶
Automated Vulnerability Research¶
#!/bin/bash
# Automated vulnerability research using ExploitDB
TARGET_SOFTWARE="$1"
OUTPUT_DIR="vulnerability_research_$(date +%Y%m%d_%H%M%S)"
REPORT_FILE="$OUTPUT_DIR/vulnerability_report.html"
if [ -z "$TARGET_SOFTWARE" ]; then
echo "Usage: $0 <target_software>"
echo "Example: $0 'Apache 2.4'"
exit 1
fi
mkdir -p "$OUTPUT_DIR"
# Function to search and analyze exploits
search_exploits() \\\\{
local software="$1"
local search_dir="$OUTPUT_DIR/exploits"
echo "[+] Searching for exploits related to: $software"
mkdir -p "$search_dir"
# Perform comprehensive search
searchsploit -j "$software" > "$OUTPUT_DIR/search_results.json"
if [ ! -s "$OUTPUT_DIR/search_results.json" ]; then
echo "[-] No exploits found for: $software"
return 1
fi
# Parse results and categorize
python3 << EOF
import json
import os
from collections import defaultdict
# Read search results
with open('$OUTPUT_DIR/search_results.json', 'r') as f:
data = json.load(f)
exploits = data.get('RESULTS_EXPLOIT', [])
shellcodes = data.get('RESULTS_SHELLCODE', [])
print(f"[+] Found \\\\{len(exploits)\\\\} exploits and \\\\{len(shellcodes)\\\\} shellcodes")
# Categorize exploits
categories = defaultdict(list)
platforms = defaultdict(int)
types = defaultdict(int)
years = defaultdict(int)
for exploit in exploits:
# Extract information
title = exploit.get('Title', '')
platform = exploit.get('Platform', 'Unknown')
exploit_type = exploit.get('Type', 'Unknown')
date = exploit.get('Date', '')
edb_id = exploit.get('EDB-ID', '')
# Categorize
categories[platform].append(exploit)
platforms[platform] += 1
types[exploit_type] += 1
if date:
year = date.split('-')[0]
years[year] += 1
# Save categorized data
categorized_data = \\\\{
'total_exploits': len(exploits),
'total_shellcodes': len(shellcodes),
'platforms': dict(platforms),
'types': dict(types),
'years': dict(years),
'categories': \\\\{k: v for k, v in categories.items()\\\\}
\\\\}
with open('$OUTPUT_DIR/categorized_exploits.json', 'w') as f:
json.dump(categorized_data, f, indent=2)
print("[+] Exploit categorization completed")
EOF
return 0
\\\\}
# Function to download relevant exploits
download_exploits() \\\\{
echo "[+] Downloading relevant exploits"
local download_dir="$OUTPUT_DIR/downloaded_exploits"
mkdir -p "$download_dir"
# Extract high-priority exploit IDs
python3 << EOF
import json
with open('$OUTPUT_DIR/search_results.json', 'r') as f:
data = json.load(f)
exploits = data.get('RESULTS_EXPLOIT', [])
# Priority criteria
high_priority = []
for exploit in exploits:
title = exploit.get('Title', '').lower()
exploit_type = exploit.get('Type', '').lower()
platform = exploit.get('Platform', '').lower()
# High priority: remote exploits, privilege escalation, recent
if any(keyword in title for keyword in ['remote', 'rce', 'privilege', 'escalation']):
high_priority.append(exploit.get('EDB-ID', ''))
elif 'remote' in exploit_type:
high_priority.append(exploit.get('EDB-ID', ''))
# Limit to top 20 for download
high_priority = high_priority[:20]
with open('$OUTPUT_DIR/priority_exploits.txt', 'w') as f:
for edb_id in high_priority:
f.write(f"\\\\{edb_id\\\\}\\n")
print(f"[+] Identified \\\\{len(high_priority)\\\\} high-priority exploits")
EOF
# Download priority exploits
if [ -f "$OUTPUT_DIR/priority_exploits.txt" ]; then
while read -r edb_id; do
if [ -n "$edb_id" ]; then
echo " [+] Downloading exploit: $edb_id"
searchsploit -m "$edb_id" -o "$download_dir/" 2>/dev/null||true
fi
done < "$OUTPUT_DIR/priority_exploits.txt"
fi
\\\\}
# Function to analyze exploit code
analyze_exploits() \\\\{
echo "[+] Analyzing downloaded exploits"
local analysis_file="$OUTPUT_DIR/exploit_analysis.txt"
cat > "$analysis_file" << EOF
Exploit Code Analysis Report
===========================
Target Software: $TARGET_SOFTWARE
Analysis Date: $(date)
EOF
# Analyze each downloaded exploit
find "$OUTPUT_DIR/downloaded_exploits" -type f -name "*.c" -o -name "*.py" -o -name "*.rb" -o -name "*.pl"|while read -r exploit_file; do
echo "Analyzing: $(basename "$exploit_file")" >> "$analysis_file"
echo "----------------------------------------" >> "$analysis_file"
# Extract key information
if [ -f "$exploit_file" ]; then
# Look for CVE references
cve_refs=$(grep -i "CVE-[0-9]\\\\\{4\\\\\}-[0-9]\\\\\{4,\\\\\}" "$exploit_file"|head -5)
if [ -n "$cve_refs" ]; then
echo "CVE References:" >> "$analysis_file"
echo "$cve_refs" >> "$analysis_file"
echo "" >> "$analysis_file"
fi
# Look for usage instructions
usage=$(grep -i -A 5 -B 5 "usage\|compile\|run" "$exploit_file"|head -10)
if [ -n "$usage" ]; then
echo "Usage Instructions:" >> "$analysis_file"
echo "$usage" >> "$analysis_file"
echo "" >> "$analysis_file"
fi
# Look for requirements
requirements=$(grep -i -A 3 -B 3 "require\|import\|include" "$exploit_file"|head -10)
if [ -n "$requirements" ]; then
echo "Requirements/Dependencies:" >> "$analysis_file"
echo "$requirements" >> "$analysis_file"
echo "" >> "$analysis_file"
fi
fi
echo "========================================" >> "$analysis_file"
echo "" >> "$analysis_file"
done
\\\\}
# Function to generate HTML report
generate_report() \\\\{
echo "[+] Generating vulnerability research report"
python3 << EOF
import json
import os
from datetime import datetime
# Read categorized data
try:
with open('$OUTPUT_DIR/categorized_exploits.json', 'r') as f:
data = json.load(f)
except:
data = \\\\{'total_exploits': 0, 'total_shellcodes': 0, 'platforms': \\\\{\\\\}, 'types': \\\\{\\\\}, 'years': \\\\{\\\\}\\\\}
# Generate HTML report
html_content = f"""
<!DOCTYPE html>
<html>
<head>
<title>Vulnerability Research Report - $TARGET_SOFTWARE</title>
<style>
body \\\\{\\\\{ font-family: Arial, sans-serif; margin: 20px; \\\\}\\\\}
.header \\\\{\\\\{ background-color: #f0f0f0; padding: 20px; border-radius: 5px; \\\\}\\\\}
.section \\\\{\\\\{ margin: 20px 0; padding: 15px; border: 1px solid #ddd; border-radius: 5px; \\\\}\\\\}
.critical \\\\{\\\\{ border-color: #f44336; background-color: #ffebee; \\\\}\\\\}
.high \\\\{\\\\{ border-color: #ff9800; background-color: #fff3e0; \\\\}\\\\}
.medium \\\\{\\\\{ border-color: #2196f3; background-color: #e3f2fd; \\\\}\\\\}
table \\\\{\\\\{ border-collapse: collapse; width: 100%; margin: 10px 0; \\\\}\\\\}
th, td \\\\{\\\\{ border: 1px solid #ddd; padding: 8px; text-align: left; \\\\}\\\\}
th \\\\{\\\\{ background-color: #f2f2f2; \\\\}\\\\}
.chart \\\\{\\\\{ margin: 20px 0; \\\\}\\\\}
</style>
<script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
</head>
<body>
<div class="header">
<h1>Vulnerability Research Report</h1>
<h2>Target: $TARGET_SOFTWARE</h2>
<p>Generated: \\\\{datetime.now().strftime('%Y-%m-%d %H:%M:%S')\\\\}</p>
</div>
<div class="section">
<h2>Executive Summary</h2>
<p><strong>Total Exploits Found:</strong> \\\\{data.get('total_exploits', 0)\\\\}</p>
<p><strong>Total Shellcodes Found:</strong> \\\\{data.get('total_shellcodes', 0)\\\\}</p>
<p><strong>Risk Assessment:</strong> \\\\{'High' if data.get('total_exploits', 0) > 10 else 'Medium' if data.get('total_exploits', 0) > 5 else 'Low'\\\\}</p>
</div>
<div class="section">
<h2>Platform Distribution</h2>
<table>
<tr><th>Platform</th><th>Exploit Count</th></tr>
"""
for platform, count in sorted(data.get('platforms', \\\\{\\\\}).items(), key=lambda x: x[1], reverse=True):
html_content += f" <tr><td>\\\\{platform\\\\}</td><td>\\\\{count\\\\}</td></tr>\\n"
html_content += """
</table>
</div>
<div class="section">
<h2>Exploit Types</h2>
<table>
<tr><th>Type</th><th>Count</th></tr>
"""
for exploit_type, count in sorted(data.get('types', \\\\{\\\\}).items(), key=lambda x: x[1], reverse=True):
html_content += f" <tr><td>\\\\{exploit_type\\\\}</td><td>\\\\{count\\\\}</td></tr>\\n"
html_content += """
</table>
</div>
<div class="section">
<h2>Timeline Analysis</h2>
<div class="chart">
<canvas id="timelineChart" width="400" height="200"></canvas>
</div>
</div>
<div class="section">
<h2>Recommendations</h2>
<ul>
<li><strong>Immediate Actions:</strong> Review and patch all identified vulnerabilities</li>
<li><strong>Security Controls:</strong> Implement additional security measures for high-risk components</li>
<li><strong>Monitoring:</strong> Set up monitoring for exploitation attempts</li>
<li><strong>Testing:</strong> Conduct penetration testing to validate security posture</li>
</ul>
</div>
<script>
const ctx = document.getElementById('timelineChart').getContext('2d');
const chart = new Chart(ctx, \\\\{
type: 'line',
data: \\\\{
labels: [""" + ", ".join([f"'\\\\{year\\\\}'" for year in sorted(data.get('years', \\\\{\\\\}).keys())]) + """],
datasets: [\\\\{
label: 'Exploits by Year',
data: [""" + ", ".join([str(count) for year, count in sorted(data.get('years', \\\\{\\\\}).items())]) + """],
borderColor: '#f44336',
backgroundColor: 'rgba(244, 67, 54, 0.1)',
tension: 0.1
\\\\}]
\\\\},
options: \\\\{
responsive: true,
plugins: \\\\{
title: \\\\{
display: true,
text: 'Exploit Discovery Timeline'
\\\\}
\\\\}
\\\\}
\\\\});
</script>
</body>
</html>
"""
with open('$REPORT_FILE', 'w') as f:
f.write(html_content)
print(f"[+] HTML report generated: $REPORT_FILE")
EOF
\\\\}
# Function to check for recent exploits
check_recent_exploits() \\\\{
echo "[+] Checking for recent exploits (last 30 days)"
local recent_file="$OUTPUT_DIR/recent_exploits.txt"
local cutoff_date=$(date -d "30 days ago" +%Y-%m-%d)
searchsploit --after "$cutoff_date" "$TARGET_SOFTWARE" > "$recent_file"
if [ -s "$recent_file" ]; then
local recent_count=$(wc -l ``< "$recent_file")
echo " [!] Found $recent_count recent exploits"
# Send alert if recent exploits found
if [ "$recent_count" -gt 0 ]; then
echo "ALERT: Recent exploits found for $TARGET_SOFTWARE"|\
mail -s "Security Alert: Recent Exploits" security@company.com 2>``/dev/null||\
echo "Alert: Recent exploits detected (email failed)"
fi
else
echo " [+] No recent exploits found"
fi
\\\\}
# Main execution
echo "[+] Starting vulnerability research for: $TARGET_SOFTWARE"
# Check dependencies
if ! command -v searchsploit &> /dev/null; then
echo "[-] searchsploit not found. Please install ExploitDB first."
exit 1
fi
# Perform research
if search_exploits "$TARGET_SOFTWARE"; then
download_exploits
analyze_exploits
generate_report
check_recent_exploits
echo "[+] Vulnerability research completed"
echo "[+] Results saved in: $OUTPUT_DIR"
echo "[+] Open $REPORT_FILE for detailed report"
else
echo "[-] No exploits found for: $TARGET_SOFTWARE"
exit 1
fi
CVE to Exploit Mapping¶
#!/bin/bash
# Map CVE numbers to available exploits
CVE_LIST_FILE="$1"
OUTPUT_DIR="cve_exploit_mapping_$(date +%Y%m%d_%H%M%S)"
if [ -z "$CVE_LIST_FILE" ]||[ ! -f "$CVE_LIST_FILE" ]; then
echo "Usage: $0 <cve_list_file>"
echo "CVE list file should contain one CVE per line (e.g., CVE-2021-44228)"
exit 1
fi
mkdir -p "$OUTPUT_DIR"
# Function to search exploits for CVE
search_cve_exploits() \\\\{
local cve="$1"
local cve_dir="$OUTPUT_DIR/$cve"
echo "[+] Searching exploits for: $cve"
mkdir -p "$cve_dir"
# Search for exploits
searchsploit --cve "$cve" -j > "$cve_dir/search_results.json"
if [ -s "$cve_dir/search_results.json" ]; then
# Parse and analyze results
python3 << EOF
import json
with open('$cve_dir/search_results.json', 'r') as f:
data = json.load(f)
exploits = data.get('RESULTS_EXPLOIT', [])
shellcodes = data.get('RESULTS_SHELLCODE', [])
print(f" [+] Found \\\\{len(exploits)\\\\} exploits and \\\\{len(shellcodes)\\\\} shellcodes for $cve")
# Save summary
summary = \\\\{
'cve': '$cve',
'exploit_count': len(exploits),
'shellcode_count': len(shellcodes),
'exploits': exploits,
'shellcodes': shellcodes
\\\\}
with open('$cve_dir/summary.json', 'w') as f:
json.dump(summary, f, indent=2)
# Download top 5 exploits
if exploits:
top_exploits = exploits[:5]
with open('$cve_dir/top_exploits.txt', 'w') as f:
for exploit in top_exploits:
f.write(f"\\\\{exploit.get('EDB-ID', '')\\\\}\\n")
EOF
# Download top exploits
if [ -f "$cve_dir/top_exploits.txt" ]; then
while read -r edb_id; do
if [ -n "$edb_id" ]; then
searchsploit -m "$edb_id" -o "$cve_dir/" 2>/dev/null||true
fi
done < "$cve_dir/top_exploits.txt"
fi
return 0
else
echo " [-] No exploits found for: $cve"
return 1
fi
\\\\}
# Function to generate mapping report
generate_mapping_report() \\\\{
echo "[+] Generating CVE to exploit mapping report"
local report_file="$OUTPUT_DIR/cve_exploit_mapping.html"
python3 << EOF
import json
import os
from datetime import datetime
import glob
# Collect all CVE summaries
cve_data = []
for summary_file in glob.glob('$OUTPUT_DIR/*/summary.json'):
try:
with open(summary_file, 'r') as f:
data = json.load(f)
cve_data.append(data)
except:
continue
# Sort by exploit count
cve_data.sort(key=lambda x: x.get('exploit_count', 0), reverse=True)
# Generate HTML report
html_content = f"""
<!DOCTYPE html>
<html>
<head>
<title>CVE to Exploit Mapping Report</title>
<style>
body \\\\{\\\\{ font-family: Arial, sans-serif; margin: 20px; \\\\}\\\\}
.header \\\\{\\\\{ background-color: #f0f0f0; padding: 20px; border-radius: 5px; \\\\}\\\\}
.cve \\\\{\\\\{ margin: 20px 0; padding: 15px; border: 1px solid #ddd; border-radius: 5px; \\\\}\\\\}
.high-risk \\\\{\\\\{ border-color: #f44336; background-color: #ffebee; \\\\}\\\\}
.medium-risk \\\\{\\\\{ border-color: #ff9800; background-color: #fff3e0; \\\\}\\\\}
.low-risk \\\\{\\\\{ border-color: #4caf50; background-color: #e8f5e8; \\\\}\\\\}
table \\\\{\\\\{ border-collapse: collapse; width: 100%; margin: 10px 0; \\\\}\\\\}
th, td \\\\{\\\\{ border: 1px solid #ddd; padding: 8px; text-align: left; \\\\}\\\\}
th \\\\{\\\\{ background-color: #f2f2f2; \\\\}\\\\}
</style>
</head>
<body>
<div class="header">
<h1>CVE to Exploit Mapping Report</h1>
<p>Generated: \\\\{datetime.now().strftime('%Y-%m-%d %H:%M:%S')\\\\}</p>
<p>Total CVEs Analyzed: \\\\{len(cve_data)\\\\}</p>
</div>
<div class="section">
<h2>Summary Statistics</h2>
<table>
<tr><th>Metric</th><th>Value</th></tr>
<tr><td>CVEs with Exploits</td><td>\\\\{sum(1 for cve in cve_data if cve.get('exploit_count', 0) > 0)\\\\}</td></tr>
<tr><td>CVEs without Exploits</td><td>\\\\{sum(1 for cve in cve_data if cve.get('exploit_count', 0) == 0)\\\\}</td></tr>
<tr><td>Total Exploits Found</td><td>\\\\{sum(cve.get('exploit_count', 0) for cve in cve_data)\\\\}</td></tr>
<tr><td>Total Shellcodes Found</td><td>\\\\{sum(cve.get('shellcode_count', 0) for cve in cve_data)\\\\}</td></tr>
</table>
</div>
"""
# Add individual CVE details
for cve in cve_data:
exploit_count = cve.get('exploit_count', 0)
risk_class = 'high-risk' if exploit_count > 5 else 'medium-risk' if exploit_count > 0 else 'low-risk'
html_content += f"""
<div class="cve \\\\{risk_class\\\\}">
<h3>\\\\{cve.get('cve', 'Unknown')\\\\}</h3>
<p><strong>Exploits Available:</strong> \\\\{exploit_count\\\\}</p>
<p><strong>Shellcodes Available:</strong> \\\\{cve.get('shellcode_count', 0)\\\\}</p>
<p><strong>Risk Level:</strong> \\\\{'High' if exploit_count > 5 else 'Medium' if exploit_count > 0 else 'Low'\\\\}</p>
"""
if exploit_count > 0:
html_content += """
<h4>Available Exploits:</h4>
<table>
<tr><th>EDB-ID</th><th>Title</th><th>Platform</th><th>Type</th></tr>
"""
for exploit in cve.get('exploits', [])[:10]: # Show top 10
html_content += f"""
<tr>
<td><a href="https://www.exploit-db.com/exploits/\\\\{exploit.get('EDB-ID', '')\\\\}" target="_blank">\\\\{exploit.get('EDB-ID', '')\\\\}</a></td>
<td>\\\\{exploit.get('Title', '')\\\\}</td>
<td>\\\\{exploit.get('Platform', '')\\\\}</td>
<td>\\\\{exploit.get('Type', '')\\\\}</td>
</tr>
"""
html_content += " </table>"
html_content += " </div>"
html_content += """
</body>
</html>
"""
with open('$report_file', 'w') as f:
f.write(html_content)
print(f"[+] Mapping report generated: $report_file")
EOF
\\\\}
# Main execution
echo "[+] Starting CVE to exploit mapping"
# Process each CVE
total_cves=0
cves_with_exploits=0
while read -r cve; do
# Skip empty lines and comments
[[ -z "$cve"||"$cve" =~ ^#.*$ ]] && continue
total_cves=$((total_cves + 1))
if search_cve_exploits "$cve"; then
cves_with_exploits=$((cves_with_exploits + 1))
fi
# Small delay to avoid overwhelming the system
sleep 1
done < "$CVE_LIST_FILE"
echo "[+] CVE mapping completed"
echo " Total CVEs processed: $total_cves"
echo " CVEs with exploits: $cves_with_exploits"
# Generate final report
generate_mapping_report
echo "[+] Results saved in: $OUTPUT_DIR"
Exploit Testing Framework¶
#!/bin/bash
# Automated exploit testing framework
EXPLOIT_ID="$1"
TARGET_HOST="$2"
TARGET_PORT="$3"
OUTPUT_DIR="exploit_test_$(date +%Y%m%d_%H%M%S)"
if [ -z "$EXPLOIT_ID" ]||[ -z "$TARGET_HOST" ]; then
echo "Usage: $0 <exploit_id> <target_host> [target_port]"
echo "Example: $0 50383 192.168.1.100 80"
exit 1
fi
mkdir -p "$OUTPUT_DIR"
# Function to download and analyze exploit
prepare_exploit() \\\\{
local edb_id="$1"
local exploit_dir="$OUTPUT_DIR/exploit_$edb_id"
echo "[+] Preparing exploit: $edb_id"
mkdir -p "$exploit_dir"
# Download exploit
searchsploit -m "$edb_id" -o "$exploit_dir/"
if [ $? -ne 0 ]; then
echo "[-] Failed to download exploit: $edb_id"
return 1
fi
# Find the downloaded file
local exploit_file=$(find "$exploit_dir" -type f -name "*$edb_id*"|head -1)
if [ ! -f "$exploit_file" ]; then
echo "[-] Exploit file not found"
return 1
fi
echo "[+] Exploit downloaded: $exploit_file"
# Analyze exploit
analyze_exploit_code "$exploit_file"
return 0
\\\\}
# Function to analyze exploit code
analyze_exploit_code() \\\\{
local exploit_file="$1"
local analysis_file="$OUTPUT_DIR/exploit_analysis.txt"
echo "[+] Analyzing exploit code"
cat > "$analysis_file" << EOF
Exploit Analysis Report
======================
Exploit ID: $EXPLOIT_ID
File: $(basename "$exploit_file")
Analysis Date: $(date)
EOF
# Determine file type
local file_type=$(file "$exploit_file"|cut -d: -f2)
echo "File Type: $file_type" >> "$analysis_file"
echo "" >> "$analysis_file"
# Extract metadata
echo "Metadata Analysis:" >> "$analysis_file"
echo "-----------------" >> "$analysis_file"
# Look for CVE references
local cve_refs=$(grep -i "CVE-[0-9]\\\\\{4\\\\\}-[0-9]\\\\\{4,\\\\\}" "$exploit_file")
if [ -n "$cve_refs" ]; then
echo "CVE References:" >> "$analysis_file"
echo "$cve_refs" >> "$analysis_file"
echo "" >> "$analysis_file"
fi
# Look for target information
local targets=$(grep -i -E "target|vulnerable|affected" "$exploit_file"|head -10)
if [ -n "$targets" ]; then
echo "Target Information:" >> "$analysis_file"
echo "$targets" >> "$analysis_file"
echo "" >> "$analysis_file"
fi
# Look for usage instructions
local usage=$(grep -i -A 5 -B 5 -E "usage|compile|run|execute" "$exploit_file"|head -20)
if [ -n "$usage" ]; then
echo "Usage Instructions:" >> "$analysis_file"
echo "$usage" >> "$analysis_file"
echo "" >> "$analysis_file"
fi
# Look for dependencies
local deps=$(grep -i -E "import|include|require|from.*import" "$exploit_file"|head -10)
if [ -n "$deps" ]; then
echo "Dependencies:" >> "$analysis_file"
echo "$deps" >> "$analysis_file"
echo "" >> "$analysis_file"
fi
# Security analysis
echo "Security Analysis:" >> "$analysis_file"
echo "-----------------" >> "$analysis_file"
# Check for dangerous functions
local dangerous=$(grep -i -E "system|exec|eval|shell|cmd|popen" "$exploit_file"|head -10)
if [ -n "$dangerous" ]; then
echo "Potentially Dangerous Functions:" >> "$analysis_file"
echo "$dangerous" >> "$analysis_file"
echo "" >> "$analysis_file"
fi
# Check for network operations
local network=$(grep -i -E "socket|connect|bind|listen|send|recv" "$exploit_file"|head -10)
if [ -n "$network" ]; then
echo "Network Operations:" >> "$analysis_file"
echo "$network" >> "$analysis_file"
echo "" >> "$analysis_file"
fi
echo "[+] Exploit analysis completed: $analysis_file"
\\\\}
# Function to perform pre-test reconnaissance
pre_test_recon() \\\\{
local target="$1"
local port="$2"
local recon_file="$OUTPUT_DIR/reconnaissance.txt"
echo "[+] Performing pre-test reconnaissance"
cat > "$recon_file" << EOF
Pre-Test Reconnaissance Report
=============================
Target: $target
Port: $port
Date: $(date)
EOF
# Basic connectivity test
echo "Connectivity Test:" >> "$recon_file"
if ping -c 3 "$target" &>/dev/null; then
echo " [+] Target is reachable" >> "$recon_file"
else
echo " [-] Target is not reachable" >> "$recon_file"
fi
echo "" >> "$recon_file"
# Port scan
if [ -n "$port" ]; then
echo "Port Scan:" >> "$recon_file"
if command -v nmap &> /dev/null; then
nmap -p "$port" "$target" >> "$recon_file" 2>&1
elif command -v nc &> /dev/null; then
if nc -z "$target" "$port" 2>/dev/null; then
echo " [+] Port $port is open" >> "$recon_file"
else
echo " [-] Port $port is closed or filtered" >> "$recon_file"
fi
fi
echo "" >> "$recon_file"
fi
# Service detection
if [ -n "$port" ] && command -v nmap &> /dev/null; then
echo "Service Detection:" >> "$recon_file"
nmap -sV -p "$port" "$target" >> "$recon_file" 2>&1
echo "" >> "$recon_file"
fi
echo "[+] Reconnaissance completed: $recon_file"
\\\\}
# Function to create test environment
create_test_environment() \\\\{
echo "[+] Creating test environment"
local test_dir="$OUTPUT_DIR/test_environment"
mkdir -p "$test_dir"
# Copy exploit to test directory
cp "$OUTPUT_DIR"/exploit_*/[0-9]*.* "$test_dir/" 2>/dev/null||true
# Create test script template
cat > "$test_dir/test_exploit.sh" << 'EOF'
#!/bin/bash
# Exploit test script template
EXPLOIT_FILE="$1"
TARGET_HOST="$2"
TARGET_PORT="$3"
if [ -z "$EXPLOIT_FILE" ]||[ -z "$TARGET_HOST" ]; then
echo "Usage: $0 <exploit_file> <target_host> [target_port]"
exit 1
fi
echo "[+] Testing exploit: $EXPLOIT_FILE"
echo "[+] Target: $TARGET_HOST:$TARGET_PORT"
# Determine exploit type and run accordingly
case "$EXPLOIT_FILE" in
*.py)
echo "[+] Running Python exploit"
python3 "$EXPLOIT_FILE" "$TARGET_HOST" "$TARGET_PORT"
;;
*.c)
echo "[+] Compiling and running C exploit"
gcc -o exploit "$EXPLOIT_FILE" && ./exploit "$TARGET_HOST" "$TARGET_PORT"
;;
*.rb)
echo "[+] Running Ruby exploit"
ruby "$EXPLOIT_FILE" "$TARGET_HOST" "$TARGET_PORT"
;;
*.pl)
echo "[+] Running Perl exploit"
perl "$EXPLOIT_FILE" "$TARGET_HOST" "$TARGET_PORT"
;;
*)
echo "[-] Unknown exploit type"
exit 1
;;
esac
EOF
chmod +x "$test_dir/test_exploit.sh"
echo "[+] Test environment created: $test_dir"
\\\\}
# Function to generate test report
generate_test_report() \\\\{
echo "[+] Generating test report"
local report_file="$OUTPUT_DIR/exploit_test_report.html"
cat > "$report_file" << EOF
<!DOCTYPE html>
<html>
<head>
<title>Exploit Test Report</title>
<style>
body \\\\{ font-family: Arial, sans-serif; margin: 20px; \\\\}
.header \\\\{ background-color: #f0f0f0; padding: 20px; border-radius: 5px; \\\\}
.section \\\\{ margin: 20px 0; padding: 15px; border: 1px solid #ddd; border-radius: 5px; \\\\}
.warning \\\\{ border-color: #ff9800; background-color: #fff3e0; \\\\}
.info \\\\{ border-color: #2196f3; background-color: #e3f2fd; \\\\}
pre \\\\{ background-color: #f5f5f5; padding: 10px; border-radius: 3px; overflow-x: auto; \\\\}
table \\\\{ border-collapse: collapse; width: 100%; \\\\}
th, td \\\\{ border: 1px solid #ddd; padding: 8px; text-align: left; \\\\}
th \\\\{ background-color: #f2f2f2; \\\\}
</style>
</head>
<body>
<div class="header">
<h1>Exploit Test Report</h1>
<p><strong>Exploit ID:</strong> $EXPLOIT_ID</p>
<p><strong>Target:</strong> $TARGET_HOST:$TARGET_PORT</p>
<p><strong>Test Date:</strong> $(date)</p>
</div>
<div class="section warning">
<h2>⚠️ Important Notice</h2>
<p>This report contains information about security exploits. Use this information responsibly and only against systems you own or have explicit permission to test.</p>
</div>
<div class="section">
<h2>Test Summary</h2>
<table>
<tr><th>Parameter</th><th>Value</th></tr>
<tr><td>Exploit ID</td><td>$EXPLOIT_ID</td></tr>
<tr><td>Target Host</td><td>$TARGET_HOST</td></tr>
<tr><td>Target Port</td><td>$TARGET_PORT</td></tr>
<tr><td>Test Status</td><td>Prepared (Manual execution required)</td></tr>
</table>
</div>
<div class="section">
<h2>Files Generated</h2>
<ul>
<li><strong>Exploit Analysis:</strong> exploit_analysis.txt</li>
<li><strong>Reconnaissance:</strong> reconnaissance.txt</li>
<li><strong>Test Environment:</strong> test_environment/</li>
<li><strong>Test Script:</strong> test_environment/test_exploit.sh</li>
</ul>
</div>
<div class="section info">
<h2>Next Steps</h2>
<ol>
<li>Review the exploit analysis and reconnaissance reports</li>
<li>Ensure you have proper authorization to test the target</li>
<li>Navigate to the test_environment directory</li>
<li>Execute the test script with appropriate parameters</li>
<li>Monitor the target system for any impact</li>
<li>Document all findings and remediation steps</li>
</ol>
</div>
<div class="section warning">
<h2>Legal and Ethical Considerations</h2>
<ul>
<li>Only test systems you own or have explicit written permission to test</li>
<li>Ensure testing is conducted in a controlled environment</li>
<li>Have proper incident response procedures in place</li>
<li>Document all testing activities for compliance purposes</li>
<li>Follow responsible disclosure practices for any vulnerabilities found</li>
</ul>
</div>
</body>
</html>
EOF
echo "[+] Test report generated: $report_file"
\\\\}
# Main execution
echo "[+] Starting exploit testing framework"
echo "[+] Exploit ID: $EXPLOIT_ID"
echo "[+] Target: $TARGET_HOST:$TARGET_PORT"
# Check dependencies
if ! command -v searchsploit &> /dev/null; then
echo "[-] searchsploit not found. Please install ExploitDB first."
exit 1
fi
# Prepare exploit
if prepare_exploit "$EXPLOIT_ID"; then
# Perform reconnaissance
pre_test_recon "$TARGET_HOST" "$TARGET_PORT"
# Create test environment
create_test_environment
# Generate report
generate_test_report
echo "[+] Exploit testing framework setup completed"
echo "[+] Results saved in: $OUTPUT_DIR"
echo "[+] Review the analysis before proceeding with testing"
echo "[+] REMEMBER: Only test systems you own or have permission to test"
else
echo "[-] Failed to prepare exploit"
exit 1
fi
Integration with Other Tools¶
Metasploit Integration¶
# Search for Metasploit modules related to ExploitDB entries
searchsploit -m 12345
grep -i "metasploit" 12345.rb
# Convert ExploitDB exploit to Metasploit module
# Manual process - requires Ruby/Metasploit knowledge
# Use ExploitDB references in Metasploit
msfconsole -q -x "search edb:12345"
Nmap Integration¶
# Use Nmap scripts with ExploitDB references
nmap --script vuln target.com
# Custom Nmap script using ExploitDB data
nmap --script-args=exploitdb-path=/opt/exploitdb target.com
Burp Suite Integration¶
# Import ExploitDB payloads into Burp Suite
# Manual process through Burp's payload options
# Use ExploitDB exploits for manual testing
# Copy exploit code and adapt for web application testing
Troubleshooting¶
Common Issues¶
Database Update Problems¶
```bash
Manual database update¶
cd /opt/exploitdb && git pull
Fix permission issues¶
sudo chown -R \(USER:\)USER /opt/exploitdb
Rebuild database index¶
searchsploit --rebuild
Check database integrity¶
searchsploit --check
#### Ricerca Issuesbash
Clear search cache¶
rm -rf ~/.searchsploit_cache
Use exact search¶
searchsploit -e "exact term"
Case-sensitive search¶
searchsploit -c "CaseSensitive"
Debug search¶
searchsploit --debug apache
#### Scarica Problemibash
Check internet connectivity¶
ping www.exploit-db.com
Use alternative download method¶
curl -O https://www.exploit-db.com/download/12345
Check file permissions¶
ls -la /opt/exploitdb/exploits/
Manual file copy¶
cp /opt/exploitdb/exploits/linux/local/12345.c .
### Ottimizzazione delle Prestazionibash
Limit search results¶
searchsploit apache|head -20
Use specific search terms¶
searchsploit "Apache 2.4.7" --exclude="2.2"
Search specific platforms only¶
searchsploit --platform linux apache
Use JSON output for parsing¶
searchsploit -j apache|jq '.RESULTS_EXPLOIT[0]' ```## Risorse https://www.exploit-db.com/- Sito Web ExploitDBhttps://www.exploit-db.com/searchsploit- Repository GitHub di ExploitDBhttps://cve.mitre.org/- Documentazione di SearchSploithttps://www.corelan.be/index.php/articles/- [Offensive Security](