【开源工具】 - 从漏洞数据库搜索漏洞的工具go-exploitdb
【🔔】互联网资料/工具,安全性未知,需要自行研判安全性。
这是一个从某些漏洞数据库中搜索漏洞的工具。漏洞被插入到 sqlite 数据库(go-exploitdb)中,可以通过命令行界面进行搜索。在服务器模式下,可以使用简单的Web API。如以下漏洞数据库:
-
ExploitDB(OffectiveSecurity) 通过 CVE 编号或漏洞利用数据库 ID。
-
GitHub 存储库
-
很棒的 Cve Poc
-
inTheWild DB
Docker 部署
有一个可用的 Docker 镜像“docker pull vulsio/go-exploitdb”。使用容器时,它采用与普通命令行相同的参数。
本地部署安装
要求
go-exploitdb 需要以下软件包。
-
git
-
SQLite3、MySQL、PostgreSQL、Redis
-
最新版本的go
-
https://golang.org/doc/installd
安装 go-exploitdb
$ mkdir -p $GOPATH/src/github.com/vulsio
$ cd $GOPATH/src/github.com/vulsio
$ git clone https://github.com/vulsio/go-exploitdb.git
$ cd go-exploitdb
$ make install
用法:获取和插入exp
$ go-exploitdb fetch --help
Fetch the data of exploit
Usage:
go-exploitdb fetch [command]
Available Commands:
awesomepoc Fetch the data of Awesome Poc
exploitdb Fetch the data of offensive security exploit db
githubrepos Fetch the data of github repos
inthewild Fetch the data of inTheWild Poc
Flags:
--batch-size int The number of batch size to insert. (default 500)
-h, --help help for fetch
Global Flags:
--config string config file (default is $HOME/.go-exploitdb.yaml)
--dbpath string /path/to/sqlite3 or SQL connection string
--dbtype string Database type to store data in (sqlite3, mysql, postgres or redis supported)
--debug debug mode (default: false)
--debug-sql SQL debug mode
--http-proxy string http://proxy-url:port (default: empty)
--log-dir string /path/to/log
--log-json output log as JSON
--log-to-file output log to file
Use "go-exploitdb fetch [command] --help" for more information about a command.
获取并插入Offensive Security ExploitDB
$ go-exploitdb fetch exploitdb
用法:搜索exp
$ go-exploitdb search -h
Search the data of exploit
Usage:
go-exploitdb search [flags]
Flags:
-h, --help help for search
--param string All Exploits: None | by CVE: [CVE-xxxx] | by ID: [xxxx] (default: None)
--type string All Exploits by CVE: CVE | by ID: ID (default: CVE)
Global Flags:
--config string config file (default is $HOME/.go-exploitdb.yaml)
--dbpath string /path/to/sqlite3 or SQL connection string
--dbtype string Database type to store data in (sqlite3, mysql, postgres or redis supported)
--debug debug mode (default: false)
--debug-sql SQL debug mode
--http-proxy string http://proxy-url:port (default: empty)
--log-dir string /path/to/log
--log-json output log as JSON
--log-to-file output log to file
通过 CVE 搜索漏洞(例如 CVE-2009-4091)
$ go-exploitdb search --type CVE --param CVE-2009-4091
Results:
---------------------------------------
[*]CVE-ExploitID Reference:
CVE: CVE-2009-4091
Exploit Type: OffensiveSecurity
Exploit Unique ID: 10180
URL: https://www.exploit-db.com/exploits/10180
Description: Simplog 0.9.3.2 - Multiple Vulnerabilities
[*]Exploit Detail Info:
[*]OffensiveSecurity:
- Document:
Path: https://gitlab.com/exploit-database/exploitdb/-/tree/main/exploits/php/webapps/10180.txt
File Type: webapps
---------------------------------------
通过 ExploitDB-ID 搜索漏洞(例如 ExploitDB-ID:10180)
$ go-exploitdb search --type ID --param 10180
Results:
---------------------------------------
[*]CVE-ExploitID Reference:
CVE: CVE-2009-4091
Exploit Type: OffensiveSecurity
Exploit Unique ID: 10180
URL: https://www.exploit-db.com/exploits/10180
Description: Simplog 0.9.3.2 - Multiple Vulnerabilities
[*]Exploit Detail Info:
[*]OffensiveSecurity:
- Document:
Path: https://gitlab.com/exploit-database/exploitdb/-/tree/main/exploits/php/webapps/10180.txt
File Type: webapps
---------------------------------------
[*]CVE-ExploitID Reference:
CVE: CVE-2009-4092
Exploit Type: OffensiveSecurity
Exploit Unique ID: 10180
URL: https://www.exploit-db.com/exploits/10180
Description: Simplog 0.9.3.2 - Multiple Vulnerabilities
[*]Exploit Detail Info:
[*]OffensiveSecurity:
- Document:
Path: https://gitlab.com/exploit-database/exploitdb/-/tree/main/exploits/php/webapps/10180.txt
File Type: webapps
---------------------------------------
[*]CVE-ExploitID Reference:
CVE: CVE-2009-4093
Exploit Type: OffensiveSecurity
Exploit Unique ID: 10180
URL: https://www.exploit-db.com/exploits/10180
Description: Simplog 0.9.3.2 - Multiple Vulnerabilities
[*]Exploit Detail Info:
[*]OffensiveSecurity:
- Document:
Path: https://gitlab.com/exploit-database/exploitdb/-/tree/main/exploits/php/webapps/10180.txt
File Type: webapps
---------------------------------------
用法:以服务器模式启动 go-exploitdb
$ go-exploitdb server -h
Start go-exploitdb HTTP server
Usage:
go-exploitdb server [flags]
Flags:
--bind string HTTP server bind to IP address (default: loop back interface
-h, --help help for server
--port string HTTP server port number (default: 1326
Global Flags:
--config string config file (default is $HOME/.go-exploitdb.yaml)
--dbpath string /path/to/sqlite3 or SQL connection string
--dbtype string Database type to store data in (sqlite3, mysql, postgres or redis supported)
--debug debug mode (default: false)
--debug-sql SQL debug mode
--http-proxy string http://proxy-url:port (default: empty)
--log-dir string /path/to/log
--log-json output log as JSON
--log-to-file output log to file
启动服务器
$ go-exploitdb server
INFO[09-30|15:05:57] Starting HTTP Server...
INFO[09-30|15:05:57] Listening... URL=127.0.0.1:1326
搜索 CURL 获取的 CVE 漏洞(例如 CVE-2006-2896)
$ curl http://127.0.0.1:1326/cves/CVE-2006-2896 | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:100 666 100 666 0 0 39340 0 --:--:-- --:--:-- --:--:-- 41625
[
{
"ID": 325173,
"exploit_type": "OffensiveSecurity",
"exploit_unique_id": "1875",
"url": "https://www.exploit-db.com/exploits/1875",
"description": "FunkBoard CF0.71 - 'profile.php' Remote User Pass Change",
"cve_id": "CVE-2006-2896",
"offensive_security": {
"ID": 325173,
"ExploitID": 325173,
"exploit_unique_id": "1875",
"document": {
"OffensiveSecurityID": 325173,
"exploit_unique_id": "1875",
"document_url": "https://gitlab.com/exploit-database/exploitdb/-/tree/main/exploits/php/webapps/1875.html",
"description": "FunkBoard CF0.71 - 'profile.php' Remote User Pass Change",
"date": "0001-01-01T00:00:00Z",
"author": "ajann",
"type": "webapps",
"platform": "php",
"port": ""
},
"shell_code": null,
}
}
]
通过唯一 ID 搜索漏洞(例如漏洞唯一 ID:10180)
$ curl http://127.0.0.1:1326/id/10180 | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:100 1936 100 1936 0 0 52643 0 --:--:-- --:--:-- --:--:-- 53777
[
{
"ID": 334917,
"exploit_type": "OffensiveSecurity",
"exploit_unique_id": "10180",
"url": "https://www.exploit-db.com/exploits/10180",
"description": "Simplog 0.9.3.2 - Multiple Vulnerabilities",
"cve_id": "CVE-2009-4091",
"offensive_security": {
"ID": 334917,
"ExploitID": 334917,
"exploit_unique_id": "10180",
"document": {
"OffensiveSecurityID": 334917,
"exploit_unique_id": "10180",
"document_url": "https://gitlab.com/exploit-database/exploitdb/-/tree/main/exploits/php/webapps/10180.txt",
"description": "Simplog 0.9.3.2 - Multiple Vulnerabilities",
"date": "0001-01-01T00:00:00Z",
"author": "Amol Naik",
"type": "webapps",
"platform": "php",
"port": ""
},
"shell_code": null,
}
},
{
"ID": 334918,
"exploit_type": "OffensiveSecurity",
"exploit_unique_id": "10180",
"url": "https://www.exploit-db.com/exploits/10180",
"description": "Simplog 0.9.3.2 - Multiple Vulnerabilities",
"cve_id": "CVE-2009-4092",
"offensive_security": {
"ID": 334917,
"ExploitID": 334917,
"exploit_unique_id": "10180",
"document": {
"OffensiveSecurityID": 334917,
"exploit_unique_id": "10180",
"document_url": "https://gitlab.com/exploit-database/exploitdb/-/tree/main/exploits/php/webapps/10180.txt",
"description": "Simplog 0.9.3.2 - Multiple Vulnerabilities",
"date": "0001-01-01T00:00:00Z",
"author": "Amol Naik",
"type": "webapps",
"platform": "php",
"port": ""
},
"shell_code": null,
}
},
{
"ID": 334919,
"exploit_type": "OffensiveSecurity",
"exploit_unique_id": "10180",
"url": "https://www.exploit-db.com/exploits/10180",
"description": "Simplog 0.9.3.2 - Multiple Vulnerabilities",
"cve_id": "CVE-2009-4093",
"offensive_security": {
"ID": 334917,
"ExploitID": 334917,
"exploit_unique_id": "10180",
"document": {
"OffensiveSecurityID": 334917,
"exploit_unique_id": "10180",
"document_url": "https://gitlab.com/exploit-database/exploitdb/-/tree/main/exploits/php/webapps/10180.txt",
"description": "Simplog 0.9.3.2 - Multiple Vulnerabilities",
"date": "0001-01-01T00:00:00Z",
"author": "Amol Naik",
"type": "webapps",
"platform": "php",
"port": ""
},
"shell_code": null,
}
}
]
参考链接
-
go-exploitdb: https://github.com/vulsio/go-exploitdb
-
awesome-cve-poc: https://github.com/qazbnm456/awesome-cve-poc
-
github search: https://github.com/search?o=desc&q=CVE&s=&type=Repositories
-
inthewilddb: https://github.com/gmatuz/inthewilddb
-
ExploitDB(OffectiveSecurity): https://www.exploit-db.com/
原文始发于微信公众号(埋藏酱油瓶):【开源工具】 - 从漏洞数据库搜索漏洞的工具go-exploitdb
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论