go-exploitdb 从多个漏洞利用数据库中搜索漏洞利用工具

go-exploitdb 从多个漏洞利用数据库中搜索漏洞利用工具

go-exploitdb简介

这是一个从一些漏洞利用数据库中搜索漏洞利用的工具。可以通过命令行界面搜索sqlite数据库(go-exploitdb)中插入的漏洞。在服务器模式下,可以使用简单的 Web API。

从如以下漏洞数据库中检索数据

  1. ExploitDB(OffensiveSecurity)通过 CVE 编号或 Exploit Database ID。
  2. GitHub 存储库
  3. 很棒的 Cve Poc

安装方法

Docker 部署

有一个 Docker 镜像可用

go-exploitdb 从多个漏洞利用数据库中搜索漏洞利用工具
docker pull princechrismc/go-exploitdb

使用容器时,它采用与普通命令行相同的参数。

本地部署安装

要求

go-exploitdb 需要以下软件包。

安装go-exploitdb

mkdir -p $GOPATH/src/github.com/vulsio
cd $GOPATH/src/github.com/vulsio
git clone https://github.com/vulsio/go-exploitdb.git
cd go-exploitdb
make install

kali linux下可以直接使用如下命令安装使用

apt install go-exploitdb -y

用法:

获取和插入Exploit

go-exploitdb fetch --help
获取exploit数据

用法:
  go-exploitdb fetch [command]

可用命令:
  awesomepoc  获取Awesome Poc
  exploitdb   获取攻击性安全漏洞
  githubrepos 获取github repos的数据

Flags:
      --batch-size int 要插入的大小数。(默认500)
      -h,--help             帮助

全局标志:
      --config string       配置文件 (默认是 $HOME/.go-exploitdb.yaml)
      --dbpath string       /path/to/sqlite3 或 SQL 连接字符串
      --dbtype string       存储数据的数据库类型(sqlite3, mysql, postgres或redis支持)
      --debug               调试模式(默认为关闭)
      --debug-sql           SQL调试模式
      --http-proxy string   http://代理url:端口 (默认: 空)
      --log-dir string      /path/to/log
      --log-json            输出日志为 JSON 
      --log-to-file         输出日志到文件

使用“ go-exploitdb fetch [command] --help ” 获取更多信息关于命令。

获取和插入攻击性安全漏洞利用数据库

go-exploitdb fetch exploitdb

用法:搜索Exploits

$ go-exploitdb search -h

Search the data of exploit

用法:
  go-exploitdb search [flags]

Flags:
  -h, --help            搜索帮助信息
      --param string   所有exploit: None | by CVE: [CVE-xxxx] | by ID: [xxxx](默认:无)
      --type string    All Exploits by CVE: CVE  |  by ID: ID (default: CVE)



全局标志:
      --config string       配置文件 (默认是 $HOME/.go-exploitdb.yaml)
      --dbpath string       /path/to/sqlite3 或 SQL 连接字符串
      --dbtype string       存储数据的数据库类型(sqlite3, mysql, postgres或redis支持)
      --debug               调试模式(默认为关闭)
      --debug-sql           SQL调试模式
      --http-proxy string   http://代理url:端口 (默认: 空)
      --log-dir string      /path/to/log
      --log-json            输出日志为 JSON 
      --log-to-file         输出日志到文件


按 CVE 搜索exploit(例如 CVE-2009-4091)

$ go-exploitdb search --type CVE --param CVE-2009-4091

Results:
---------------------------------------

[*]CVE-ExploitID Reference:
  CVE: CVE-2009-4091
  Exploit Type: OffensiveSecurity
  Exploit Unique ID: 10180
  URL: https://www.exploit-db.com/exploits/10180
  Description: Simplog 0.9.3.2 - Multiple Vulnerabilities

[*]Exploit Detail Info:
  [*]OffensiveSecurity:
  - Document:
    Path: https://github.com/offensive-security/exploitdb/exploits/php/webapps/10180.txt
    File Type: webapps
---------------------------------------

按 ExploitDB-ID 搜索漏洞(例如 ExploitDB-ID:10180)

$ go-exploitdb search --type ID --param 10180

Results:
---------------------------------------

[*]CVE-ExploitID Reference:
  CVE: CVE-2009-4091
  Exploit Type: OffensiveSecurity
  Exploit Unique ID: 10180
  URL: https://www.exploit-db.com/exploits/10180
  Description: Simplog 0.9.3.2 - Multiple Vulnerabilities

[*]Exploit Detail Info:
  [*]OffensiveSecurity:
  - Document:
    Path: https://github.com/offensive-security/exploitdb/exploits/php/webapps/10180.txt
    File Type: webapps
---------------------------------------

[*]CVE-ExploitID Reference:
  CVE: CVE-2009-4092
  Exploit Type: OffensiveSecurity
  Exploit Unique ID: 10180
  URL: https://www.exploit-db.com/exploits/10180
  Description: Simplog 0.9.3.2 - Multiple Vulnerabilities

[*]Exploit Detail Info:
  [*]OffensiveSecurity:
  - Document:
    Path: https://github.com/offensive-security/exploitdb/exploits/php/webapps/10180.txt
    File Type: webapps
---------------------------------------

[*]CVE-ExploitID Reference:
  CVE: CVE-2009-4093
  Exploit Type: OffensiveSecurity
  Exploit Unique ID: 10180
  URL: https://www.exploit-db.com/exploits/10180
  Description: Simplog 0.9.3.2 - Multiple Vulnerabilities

[*]Exploit Detail Info:
  [*]OffensiveSecurity:
  - Document:
    Path: https://github.com/offensive-security/exploitdb/exploits/php/webapps/10180.txt
    File Type: webapps
---------------------------------------

用法:以服务器模式启动 go-exploitdb

$ go-exploitdb server -h

Start go-exploitdb HTTP server

用法:
  go-exploitdb server [flags]

Flags:
      --bind string   HTTP服务器绑定到IP地址(默认为回循环接口)
  -h, --help          服务器帮助信息
      --port string   HTTP服务器端口号(默认为1326)



全局标志:
      --config string       配置文件 (默认是 $HOME/.go-exploitdb.yaml)
      --dbpath string       /path/to/sqlite3 或 SQL 连接字符串
      --dbtype string       存储数据的数据库类型(sqlite3, mysql, postgres或redis支持)
      --debug               调试模式(默认为关闭)
      --debug-sql           SQL调试模式
      --http-proxy string   http://代理url:端口 (默认: 空)
      --log-dir string      /path/to/log
      --log-json            输出日志为 JSON 
      --log-to-file         输出日志到文件

启动服务器

$ go-exploitdb server
INFO[09-30|15:05:57] Starting HTTP Server...
INFO[09-30|15:05:57] Listening...                             URL=127.0.0.1:1326

通过 cURL 获取针对 CVE 的搜索漏洞利用(例如 CVE-2006-2896)

$ curl http://127.0.0.1:1326/cves/CVE-2006-2896 | jq

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:100   666  100   666    0     0  39340      0 --:--:-- --:--:-- --:--:-- 41625
[
  {
    "ID": 325173,
    "exploit_type": "OffensiveSecurity",
    "exploit_unique_id": "1875",
    "url": "https://www.exploit-db.com/exploits/1875",
    "description": "FunkBoard CF0.71 - 'profile.php' Remote User Pass Change",
    "cve_id": "CVE-2006-2896",
    "offensive_security": {
      "ID": 325173,
      "ExploitID": 325173,
      "exploit_unique_id": "1875",
      "document": {
        "OffensiveSecurityID": 325173,
        "exploit_unique_id": "1875",
        "document_url": "https://github.com/offensive-security/exploitdb/exploits/php/webapps/1875.html",
        "description": "FunkBoard CF0.71 - 'profile.php' Remote User Pass Change",
        "date": "0001-01-01T00:00:00Z",
        "author": "ajann",
        "type": "webapps",
        "platform": "php",
        "port": ""
      },
      "shell_code": null,
    }
  }
]
go-exploitdb 从多个漏洞利用数据库中搜索漏洞利用工具

按唯一 ID 搜索exploit(例如利用唯一 ID:10180)

$ curl http://127.0.0.1:1326/id/10180 | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:100  1936  100  1936    0     0  52643      0 --:--:-- --:--:-- --:--:-- 53777
[
  {
    "ID": 334917,
    "exploit_type": "OffensiveSecurity",
    "exploit_unique_id": "10180",
    "url": "https://www.exploit-db.com/exploits/10180",
    "description": "Simplog 0.9.3.2 - Multiple Vulnerabilities",
    "cve_id": "CVE-2009-4091",
    "offensive_security": {
      "ID": 334917,
      "ExploitID": 334917,
      "exploit_unique_id": "10180",
      "document": {
        "OffensiveSecurityID": 334917,
        "exploit_unique_id": "10180",
        "document_url": "https://github.com/offensive-security/exploitdb/exploits/php/webapps/10180.txt",
        "description": "Simplog 0.9.3.2 - Multiple Vulnerabilities",
        "date": "0001-01-01T00:00:00Z",
        "author": "Amol Naik",
        "type": "webapps",
        "platform": "php",
        "port": ""
      },
      "shell_code": null,
    }
  },
  {
    "ID": 334918,
    "exploit_type": "OffensiveSecurity",
    "exploit_unique_id": "10180",
    "url": "https://www.exploit-db.com/exploits/10180",
    "description": "Simplog 0.9.3.2 - Multiple Vulnerabilities",
    "cve_id": "CVE-2009-4092",
    "offensive_security": {
      "ID": 334917,
      "ExploitID": 334917,
      "exploit_unique_id": "10180",
      "document": {
        "OffensiveSecurityID": 334917,
        "exploit_unique_id": "10180",
        "document_url": "https://github.com/offensive-security/exploitdb/exploits/php/webapps/10180.txt",
        "description": "Simplog 0.9.3.2 - Multiple Vulnerabilities",
        "date": "0001-01-01T00:00:00Z",
        "author": "Amol Naik",
        "type": "webapps",
        "platform": "php",
        "port": ""
      },
      "shell_code": null,
    }
  },
  {
    "ID": 334919,
    "exploit_type": "OffensiveSecurity",
    "exploit_unique_id": "10180",
    "url": "https://www.exploit-db.com/exploits/10180",
    "description": "Simplog 0.9.3.2 - Multiple Vulnerabilities",
    "cve_id": "CVE-2009-4093",
    "offensive_security": {
      "ID": 334917,
      "ExploitID": 334917,
      "exploit_unique_id": "10180",
      "document": {
        "OffensiveSecurityID": 334917,
        "exploit_unique_id": "10180",
        "document_url": "https://github.com/offensive-security/exploitdb/exploits/php/webapps/10180.txt",
        "description": "Simplog 0.9.3.2 - Multiple Vulnerabilities",
        "date": "0001-01-01T00:00:00Z",
        "author": "Amol Naik",
        "type": "webapps",
        "platform": "php",
        "port": ""
      },
      "shell_code": null,
    }
  }
]

go-exploitdb下载地址

GitHub:

go-exploitdb_0.4.1_linux_amd64.tar.gz

云中转网盘:

https://yzzpan.com/#sharefile=h6GQ2vaY_20733
解压密码:www.ddosi.org

注意事项:

新版本部分命令可能有所改动,

比如-type 改为 -stype
-param改为 -sparam

项目地址

GitHub

转载请注明出处及链接

Leave a Reply

您的电子邮箱地址不会被公开。