콘텐츠로 이동
1337skills 1337skills - 치트시트

SploitScan

Overview

섹션 제목: “Overview”

SploitScan is a versatile command-line tool that aggregates vulnerability intelligence from multiple sources including NVD (National Vulnerability Database), Exploit-DB, Shodan, GitHub, and security advisories. It performs real-time searches to identify public exploits, proof-of-concepts, and vulnerability details for specified CVE IDs or software products.

The tool is particularly useful during the reconnaissance phase of authorized security assessments, allowing penetration testers to quickly identify available exploits and vulnerabilities affecting target systems without manual database searches.

Installation

섹션 제목: “Installation”

Linux/macOS

섹션 제목: “Linux/macOS”
# Clone the repository
git clone https://github.com/xaitax/SploitScan.git
cd SploitScan

# Install Python dependencies
pip3 install -r requirements.txt

# Make executable
chmod +x sploitscan.py

# Create symlink for system-wide access
sudo ln -s $(pwd)/sploitscan.py /usr/local/bin/sploitscan

Windows

섹션 제목: “Windows”
# Clone via Git Bash or PowerShell
git clone https://github.com/xaitax/SploitScan.git
cd SploitScan

# Install dependencies
pip install -r requirements.txt

# Run directly with Python
python sploitscan.py [options]

Using pip (if available)

섹션 제목: “Using pip (if available)”
pip3 install sploitscan
sploitscan --help

Basic Usage

섹션 제목: “Basic Usage”

Search by CVE

섹션 제목: “Search by CVE”
# Search a single CVE
sploitscan --cve CVE-2024-1234

# Search multiple CVEs
sploitscan --cve CVE-2024-1234 CVE-2024-5678

# Search with detailed output
sploitscan --cve CVE-2024-1234 --verbose

Search by Product/Software

섹션 제목: “Search by Product/Software”
# Search for vulnerabilities in a specific product
sploitscan --product "Apache Log4j"

# Search with version information
sploitscan --product "Microsoft Exchange" --version 2019

Search by Exploit Database

섹션 제목: “Search by Exploit Database”
# Search Exploit-DB only
sploitscan --cve CVE-2024-1234 --source exploitdb

# Search multiple sources
sploitscan --cve CVE-2024-1234 --source nvd exploitdb github

Common Commands

섹션 제목: “Common Commands”
CommandDescription
sploitscan --cve CVE-IDSearch specific CVE across all sources
sploitscan --product "Name"Find vulnerabilities in product
sploitscan --latestShow latest vulnerabilities
sploitscan --trendingDisplay trending exploits
sploitscan --source DB-NAMESearch specific database only
sploitscan --severity highFilter by severity level
sploitscan --output jsonExport results in JSON format
sploitscan --limit 50Limit number of results
sploitscan --verboseDetailed output with all info
sploitscan --update-dbUpdate local databases

Advanced Techniques

섹션 제목: “Advanced Techniques”

Filter by Severity

섹션 제목: “Filter by Severity”
# High severity only
sploitscan --cve CVE-2024-1234 --severity high

# Critical vulnerabilities
sploitscan --product "Windows" --severity critical

# Multiple severity levels
sploitscan --cve CVE-2024-1234 --severity critical high

Output Formatting

섹션 제목: “Output Formatting”
# JSON output for parsing
sploitscan --cve CVE-2024-1234 --output json > results.json

# CSV export
sploitscan --product "Docker" --output csv > vuln_report.csv

# Pretty-printed text
sploitscan --cve CVE-2024-1234 --output text --verbose

Automated Scanning

섹션 제목: “Automated Scanning”
# Scan multiple CVEs from file
while read cve; do
  sploitscan --cve "$cve"
done < cve_list.txt

# Batch processing with output
for cve in CVE-2024-1234 CVE-2024-5678 CVE-2024-9012; do
  echo "=== Scanning $cve ===" >> report.txt
  sploitscan --cve "$cve" --output json >> report.txt
done

CVSS Score Filtering

섹션 제목: “CVSS Score Filtering”
# Find vulnerabilities with CVSS > 8.0
sploitscan --product "Apache" --cvss-min 8.0

# Range filtering
sploitscan --cve CVE-2024-1234 --cvss-min 5.0 --cvss-max 7.9

Database Sources

섹션 제목: “Database Sources”

Primary Sources

섹션 제목: “Primary Sources”
SourceCoverageUpdate FrequencyDetails
NVD (NIST)~200,000+ CVEsReal-timeOfficial CVE repository
Exploit-DB~40,000+ exploitsDailyPublic exploit collection
ShodanInternet scansContinuousVulnerable service detection
GitHubPoC reposReal-timeSecurity research POCs
CISARecent exploitsDailyUS government advisories
PacketStormMultipleDailySecurity news and exploits

API Integration

섹션 제목: “API Integration”
# Configure API keys for enhanced results
export SHODAN_API_KEY="your_key_here"
export GITHUB_API_TOKEN="your_token_here"

sploitscan --cve CVE-2024-1234 --use-apis

Practical Assessment Scenarios

섹션 제목: “Practical Assessment Scenarios”

Pre-Engagement Reconnaissance

섹션 제목: “Pre-Engagement Reconnaissance”
# Scan all known vulnerabilities for target software stack
sploitscan --product "Apache 2.4.41" --verbose > apache_vulns.txt
sploitscan --product "PHP 7.4" --verbose > php_vulns.txt

# Prioritize by CVSS score
sploitscan --product "OpenSSL 1.1.1" --cvss-min 7.0

Exploit Availability Check

섹션 제목: “Exploit Availability Check”
# Verify public exploits exist for vulnerability
sploitscan --cve CVE-2024-1234 --source exploitdb github

# Check PoC availability on GitHub
sploitscan --cve CVE-2024-1234 --source github --output json | grep -i "github_repo"

Vulnerability Comparison

섹션 제목: “Vulnerability Comparison”
# Generate report comparing two products
{
  echo "=== Product A Vulnerabilities ===" 
  sploitscan --product "Product A" --severity critical
  echo ""
  echo "=== Product B Vulnerabilities ===" 
  sploitscan --product "Product B" --severity critical
} > comparison.txt

Trend Analysis

섹션 제목: “Trend Analysis”
# Identify trending exploits affecting your environment
sploitscan --trending --severity high

# Check if target software appears in recent exploits
sploitscan --product "Windows Server" --latest

Output Analysis

섹션 제목: “Output Analysis”

Parsing JSON Results

섹션 제목: “Parsing JSON Results”
# Extract CVE IDs from results
sploitscan --product "Apache" --output json | jq '.results[].cve_id'

# Get exploit URLs
sploitscan --cve CVE-2024-1234 --output json | jq '.results[].exploit_url'

# Filter by CVSS score
sploitscan --product "OpenSSL" --output json | jq '.results[] | select(.cvss_score >= 8.0)'

Generating Reports

섹션 제목: “Generating Reports”
# Create formatted vulnerability report
{
  echo "Vulnerability Assessment Report - $(date)"
  echo "Target: Apache 2.4.41"
  echo "Generated: $(date)"
  echo ""
  sploitscan --product "Apache 2.4.41" --output text --verbose
} > assessment_report.txt

# HTML report generation
sploitscan --product "Apache" --output json | python3 << 'EOF'
import json, sys
data = json.load(sys.stdin)
print("<html><table>")
for item in data.get('results', []):
    print(f"<tr><td>{item['cve_id']}</td><td>{item['title']}</td></tr>")
print("</table></html>")
EOF

Configuration

섹션 제목: “Configuration”

Config File Location

섹션 제목: “Config File Location”
# Linux/macOS
~/.sploitscan/config.yaml

# Windows
%APPDATA%\sploitscan\config.yaml

Sample Configuration

섹션 제목: “Sample Configuration”
# Default severity filter
default_severity: "medium"

# Default number of results
default_limit: 25

# Enable API sources
use_apis: true

# API keys
api_keys:
  shodan: "your_key"
  github: "your_token"

# Database sources priority
sources:
  - nvd
  - exploitdb
  - github
  - shodan

# Cache settings
cache_enabled: true
cache_expiry_hours: 24

Performance Optimization

섹션 제목: “Performance Optimization”

Parallel Scanning

섹션 제목: “Parallel Scanning”
# Use GNU parallel for batch processing
cat cve_list.txt | parallel sploitscan --cve {} --output json

# With xargs
cat cve_list.txt | xargs -n 1 -P 4 sploitscan --cve

Caching Results

섹션 제목: “Caching Results”
# Enable caching for repeated searches
sploitscan --cve CVE-2024-1234 --cache

# Clear cache
sploitscan --clear-cache

# Check cache status
sploitscan --cache-info

Troubleshooting

섹션 제목: “Troubleshooting”

Common Issues

섹션 제목: “Common Issues”
# No results returned
# Solution: Check internet connection and API rate limits
sploitscan --cve CVE-2024-1234 --verbose

# SSL certificate errors
# Solution: Update certificates or disable SSL verification (use cautiously)
sploitscan --cve CVE-2024-1234 --insecure

# Rate limiting
# Solution: Add delays between requests
sploitscan --cve CVE-2024-1234 --delay 2

Debugging

섹션 제목: “Debugging”
# Enable debug logging
sploitscan --cve CVE-2024-1234 --debug

# Log to file
sploitscan --cve CVE-2024-1234 --log-file debug.log --log-level debug

# Check version and configuration
sploitscan --version
sploitscan --config-info

Best Practices

섹션 제목: “Best Practices”
  1. Verify Authorization: Always ensure you have written permission before scanning targets
  2. Cross-Reference Sources: Don’t rely on single database; verify findings across multiple sources
  3. Update Regularly: Run --update-db frequently to get latest vulnerability information
  4. Respect Rate Limits: Implement delays when performing large-scale scans
  5. Document Findings: Export results and maintain detailed assessment records
  6. Privacy: Configure API keys securely and never commit them to version control
  7. Staged Approach: Test with known CVEs first before production assessments

Integration Examples

섹션 제목: “Integration Examples”

Integration with Metasploit

섹션 제목: “Integration with Metasploit”
# Export exploits for Metasploit usage
sploitscan --cve CVE-2024-1234 --output json | grep -i "metasploit_module"

# Automated module checking
for cve in $(cat targets.txt); do
  sploitscan --cve "$cve" | grep -i metasploit
done

Integration with OSINT Tools

섹션 제목: “Integration with OSINT Tools”
# Feed results to TheHarvester
sploitscan --product "Company Software" --output json > results.json

# Correlate with vulnerability scanners
# Use SploitScan findings to prioritize Nessus/OpenVAS scans

Resources

섹션 제목: “Resources”

Summary

섹션 제목: “Summary”

SploitScan streamlines vulnerability research by aggregating intelligence from multiple sources. Effective use requires proper authorization, systematic methodology, and careful result verification. Regular database updates and integration with other security tools maximize assessment effectiveness.