Skip to content
/ exploit-searcher Public

Simultaneously search CVEs and exploits across multiple cybersecurity data sources.

License

GPL-3.0 license
12 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

djjoa/exploit-searcher

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
Images
Images
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
exploit-searcher.py
exploit-searcher.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

exploit-searcher

Simultaneously search CVEs and exploits across multiple cybersecurity data sources.

LOGO

Forenote

This project is still a work in progress. Open collaboration is welcomed and encouraged. Please submit a pull request or reach out to me on Discord.

Overview

Pentesting is a cyclical process involving discovery of new services, frameworks, and technologies. Substantial host information is obtained via popular scanning tools such as Nmap, Nikto, etc. but scanning tools fall short when new frameworks and technologies are revealed which can't be scanned directly.

Exploit-searcher aims to fill the gaps between the initial reconnaissance phase and exploitation phase by aggregating CVE's, exploits, and papers across multiple cybersecurity sources.

Data Sources

  • GitHub (PoC's)
  • nvd.nist.gov
  • exploit-db (EDB currently not indexable)
  • cvedetails
  • rapid7
  • Packet Storm

Installation

git clone https://github.com/djjoa/exploit-searcher.git
[py | python | python3] -m pip install -r requirements.txt
[py | python | python3] exploit-searcher.py -h 

python .\exploit-searcher.py -h             
usage: exploit-searcher.py [-h] [-v] -s SEARCH
                           [-e {github,rapid7,packetstorm,cve,nvd} [{github,rapid7,packetstorm,cve,nvd} ...]]
                           [-c CVE] [-l LIMIT] [-q]

options:
  -h, --help            show this help message and exit
  -v, --verbose         add verbosity
  -s SEARCH, --search SEARCH
                        the search term to query all databases for (exploit,
                        vulnerability, CVE, technology, framework)
  -e {github,rapid7,packetstorm,cve,nvd} [{github,rapid7,packetstorm,cve,nvd} ...], --engine {github,rapid7,packetstorm,cve,nvd} [{github,rapid7,packetstorm,cve,nvd} ...]    
                        engines to use in query; defaults to ALL when not specified.   
                        values must be SPACE seperated (not comma).
  -c CVE, --cve CVE     CVE ID to refine search
  -l LIMIT, --limit LIMIT
                        number of results to display from each source (experimental)   
  -q, --quiet           don't print the banner when running

Usage

Query SaltStack across all datasources

python .\exploit-searcher.py -s 'SaltStack'

TODO

  • implement CVE argument functionality
  • add CVE Details data source
  • add Rapid7 data source
  • add Packet Storm data source
  • add NVD data source
  • add verbosity
  • update README with explanation of colored output
  • fix Packet Storm outputting 1 less than desired results
  • fix Packet Storm systems and tags lenght output not matching other columns (soup.find_all())
  • obtained access to nvd api and reworked script functionality
  • added fuzzy syntax highlighting based on interesting words

Contact

Zer0 - @x41x41x41x41 - Discord Zer0#0272

Project Link: https://github.com/djjoa/exploit-searcher

About

Simultaneously search CVEs and exploits across multiple cybersecurity data sources.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

12 stars

Watchers

0 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages