Pular para o conteúdo
1337skills 1337skills - Folhas de Dicas

Pompem

Overview

Pompem is a Python-based tool that automates the search for known exploits and vulnerabilities across multiple databases including ExploitDB, PacketStorm, and WPScan. It provides security researchers and penetration testers with an efficient way to identify publicly available exploits, vulnerability information, and proof-of-concepts for discovered software and applications without manually querying multiple sources.

Installation

Linux (Debian/Ubuntu)

sudo apt-get install python3 python3-pip
pip3 install pompem

Fedora/RHEL

sudo dnf install python3 python3-pip
pip3 install pompem

macOS

brew install python3
pip3 install pompem

Windows

pip install pompem

From Source

git clone https://github.com/jmendozauc/pompem.git
cd pompem
pip3 install -r requirements.txt
python3 pompem.py

Verify Installation

pompem --version
pompem --help

Core Concepts

Vulnerability Databases

Pompem integrates with:

  • ExploitDB: Largest exploit database with 50,000+ exploits
  • PacketStorm: Vulnerability and security resource repository
  • WPScan: WordPress vulnerability database
  • SecurityFocus: Bugtraq vulnerability information
  • Metasploit Database: Exploitation framework modules

Search Methods

  • Application name search
  • CVE identifier lookup
  • Version-specific vulnerability matching
  • Software component identification

Data Aggregation

Pompem combines results from multiple sources to provide comprehensive vulnerability information.

Basic Commands

Search by Application Name

pompem -s "Apache"
pompem -s "nginx"
pompem -s "WordPress"

Search by CVE

pompem -s "CVE-2024-1234"
pompem -c CVE-2024-00000

Search with Version Information

pompem -s "Apache 2.4.41"
pompem -s "WordPress 6.0.1"

Search All Databases

pompem -s "application_name" -a

Common Usage Patterns

CommandDescription
pompem -s "app_name"Search for application vulnerabilities
pompem -c "CVE-XXXX"Search by CVE identifier
pompem -s "app" -eSearch ExploitDB only
pompem -s "app" -wSearch WPScan only
pompem -s "app" -pSearch PacketStorm only
pompem -s "app" -aSearch all databases
pompem -s "app" -f jsonOutput in JSON format

Database-Specific Searches

pompem -s "Apache Struts" -e
pompem -s "PHP 7.4" -e

WPScan Search (WordPress)

pompem -s "WordPress" -w
pompem -s "Akismet" -w
pompem -s "WooCommerce" -w
pompem -s "Cisco IOS" -p
pompem -s "Windows RDP" -p
pompem -s "Apache 2.4" -a
pompem -c "CVE-2021-41773" -a

Advanced Search Techniques

Search with Multiple Terms

pompem -s "Apache Struts 2 RCE"
pompem -s "PHP SQL injection"
pompem -s "WordPress 5.0"
pompem -s "Drupal 8"

Specific Vulnerability Type

pompem -s "Apache" | grep -i "rce\|injection\|bypass"

Filter Results

pompem -s "application" | grep "2024"
pompem -s "application" | grep -i "critical\|high"

Output Formats

Default Text Output

pompem -s "Apache"

JSON Output

pompem -s "Apache" -f json
pompem -s "WordPress" -f json > wordpress_vulns.json

CSV Export

pompem -s "application" -f csv > vulns.csv

Save to File

pompem -s "Apache" > apache_vulnerabilities.txt
pompem -c "CVE-2024-1234" > cve_search.txt

Vulnerability Assessment Workflow

Step 1: Identify Target Software

# Determine application versions running on target
# Example: Apache 2.4.41, PHP 7.4.10, WordPress 5.9

Step 2: Search Each Component

pompem -s "Apache 2.4.41" -a
pompem -s "PHP 7.4.10" -a
pompem -s "WordPress 5.9" -a

Step 3: Collect Results

pompem -s "Apache 2.4.41" -a > apache_vulns.txt
pompem -s "PHP 7.4.10" -a > php_vulns.txt
pompem -s "WordPress 5.9" -a > wordpress_vulns.txt

Step 4: Analyze and Prioritize

cat *_vulns.txt | sort | uniq > all_vulnerabilities.txt
grep -i "remote\|critical" all_vulnerabilities.txt > critical_vulns.txt

Step 5: Document Findings

# Create assessment report with findings

Reconnaissance Integration

Web Application Fingerprinting

# After identifying web technologies
pompem -s "Nginx 1.18" -a
pompem -s "PHP 8.0" -a
pompem -s "WordPress 5.8" -a

Service Discovery Follow-up

# Search identified services
pompem -s "OpenSSH 7.4" -a
pompem -s "Postfix 2.11" -a
pompem -s "Bind 9.11" -a

Plugin/Module Enumeration

# Search discovered plugins
pompem -s "WordPress WooCommerce" -w
pompem -s "Drupal Views" -e

Batch Processing

Search Multiple Applications

#!/bin/bash
APPS=("Apache 2.4" "PHP 7.4" "WordPress 5.9" "MySQL 8.0")

for app in "${APPS[@]}"; do
    echo "=== Searching for $app ===" >> vulnerabilities.txt
    pompem -s "$app" -a >> vulnerabilities.txt
    echo "" >> vulnerabilities.txt
done

Process CVE List

#!/bin/bash
while IFS= read -r cve; do
    pompem -c "$cve" -a >> cve_details.txt
done < cve_list.txt

Search from Nmap Output

# After nmap service detection
pompem -s "Apache httpd 2.4.41"
pompem -s "OpenSSH 7.6p1"

Exploit Identification

Find Available Exploits

pompem -s "application" -e | grep -i "exploit\|poc"

Identify POCs

pompem -s "Apache Struts 2" -e
# Will show available Proof-of-Concepts

Get Exploit Details

pompem -s "vulnerability" -a
# Returns full details including exploit source URLs

CVE Tracking

Search by CVE ID

pompem -c "CVE-2021-41773"
pompem -c "CVE-2021-44228"

Track CVE Across Databases

pompem -c "CVE-2024-12345" -a
# Shows all available resources for the CVE

Recent Vulnerability Research

pompem -s "2024" | head -20

WordPress-Specific Searches

Theme Vulnerabilities

pompem -s "WordPress Twenty Twenty Two" -w
pompem -s "WordPress Plugin" -w
pompem -s "WooCommerce" -w
pompem -s "WordPress 6.0" -w

Content Management System Searches

Drupal Vulnerabilities

pompem -s "Drupal 9" -a
pompem -s "Drupal Module" -e

Joomla Vulnerabilities

pompem -s "Joomla 3.10" -a
pompem -s "Joomla Extension" -e

Magento Vulnerabilities

pompem -s "Magento 2.4" -a

Integration with Testing Tools

Feed to Exploit Frameworks

# Extract exploit URLs for Metasploit
pompem -s "Windows Server 2019" -e | grep "http" > exploit_urls.txt

Create Vulnerability Dashboard

# Generate JSON report for dashboard
pompem -s "application" -f json > vuln_dashboard.json

Cross-Reference with Nessus

# Compare Pompem results with Nessus scan
pompem -s "service_name" -a > pompem_results.txt
# Compare with Nessus export

Reporting

Generate Summary Report

echo "=== Vulnerability Assessment Report ===" > report.txt
echo "Date: $(date)" >> report.txt
echo "Target: target.com" >> report.txt
echo "" >> report.txt
echo "=== Identified Vulnerabilities ===" >> report.txt
pompem -s "identified_service" -a >> report.txt

Create Detailed Vulnerability Documentation

#!/bin/bash
SERVICES=("Apache 2.4.41" "PHP 7.4.10" "WordPress 5.9")

{
    echo "# Vulnerability Assessment Report"
    echo "Date: $(date)"
    echo ""
    
    for service in "${SERVICES[@]}"; do
        echo "## $service"
        pompem -s "$service" -a
        echo ""
    done
} > assessment_report.txt

Export for Management Review

pompem -s "application" -f json | jq '.[] | {name, severity, cve}' > executive_summary.json

Performance Optimization

Parallel Searches (GNU Parallel)

echo "Apache 2.4" | parallel pompem -s {}
cat app_list.txt | parallel pompem -s {}

Batch Caching Results

# Cache results for repeated searches
pompem -s "Apache" -a > apache_cache.txt
# Use cached results for reporting
cat apache_cache.txt

Troubleshooting

Database Connection Issues

# Check internet connectivity
ping www.google.com

# Verify API endpoints are accessible
curl -I "https://www.exploit-db.com"

Timeout Errors

# Increase timeout for large result sets
timeout 60 pompem -s "popular_application"

Filter Large Result Sets

# Narrow searches to reduce results
pompem -s "Apache 2.4.41" -e  # Specific version
pompem -c "CVE-2024-12345"     # Specific CVE

Update Database

# Ensure latest vulnerability data
pip3 install --upgrade pompem

Best Practices

  • Verify Findings: Cross-reference results with official sources
  • Document Sources: Note which database provided each finding
  • Prioritize Severity: Focus on critical and high-severity vulnerabilities
  • Check Patch Status: Verify if patches are available
  • Timeline Tracking: Note vulnerability disclosure dates
  • Responsible Disclosure: Follow coordinated disclosure practices
  • Regular Searches: Maintain up-to-date vulnerability inventory
  • Assessment Reports: Document all findings systematically
  • Nuclei: Template-based scanning with integration
  • Searchsploit: Local ExploitDB search tool
  • Shodan: Internet search engine for services
  • CVEDetails: CVE information aggregator
  • SecurityTrails: DNS and domain intelligence
  • OpenCVE: CVE monitoring platform