200多本网络安全系列电子书
网络安全标准题库资料
项目源码
网络安全基础入门、Linux、web安全、攻防方面的视频
网络安全学习路线图
简介
searchsploit
是一个用于Exploit-DB
的命令行搜索工具,可以帮助我们查找渗透模块。
Exploit Database(github.com/offensive-s…)这是Offensive Security(www.offensive-security.com/)赞助的一个项目。存储了大量的漏洞利用程序,可以帮助安全研究者和渗透测试工程师更好的进行安全测试工作,目前是世界上公开收集漏洞最全的数据库,该仓库每天都会更新,exploit-db提供searchsploit利用files.csv进行搜索离线漏洞库文件的位置。
Exploit-DB是一个漏洞库,Kali Linux中保存了一个该漏洞库的拷贝,利用上面提到的命令就可以查找需要的渗透模块,它将搜索所有的漏洞和shellcode而且该漏洞库是保存在本地的,在没有网络的情况下也可以使用。
基本搜索方法就是searchsploit+可能包含漏洞的软件/系统等等,对应回显存在的漏洞和用于渗透的脚本。
首先我们先来看一下searchsploit的帮助选项。
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"
For more examples, see the manual: https://www.exploit-db.com/searchsploit/
=========
Options
=========
-c, --case [Term] 区分大小写(默认不区分大小写)
-e, --exact [Term] 对exploit标题进行EXACT匹配 (默认为 AND) [Implies "-t"].
-h, --help 显示帮助
-j, --json [Term] 以JSON格式显示结果
-m, --mirror [EDB-ID] 把一个exp拷贝到当前工作目录,参数后加目标id
-o, --overflow [Term] Exploit标题被允许溢出其列
-p, --path [EDB-ID] 显示漏洞利用的完整路径(如果可能,还将路径复制到剪贴板),后面跟漏洞ID号
-t, --title [Term] 仅仅搜索漏洞标题(默认是标题和文件的路径)
-u, --update 检查并安装任何exploitdb软件包更新(deb或git)
-w, --www [Term] 显示Exploit-DB.com的URL而不是本地路径(在线搜索)
-x, --examine [EDB-ID] 使用$ PAGER检查(副本)Exp
--colour 搜索结果不高亮显示关键词
--id 显示EDB-ID
--nmap [file.xml] 使用服务版本检查Nmap XML输出中的所有结果(例如:nmap -sV -oX file.xml)
使用“-v”(详细)来尝试更多的组合
--exclude="term" 从结果中删除值。通过使用“|”分隔多个值
例如--exclude=“term1 | term2 | term3”。
=======
Notes
=======
* 你可以使用任意数量的搜索词。
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* 搜索术语不区分大小写(默认情况下),而排序则无关紧要。
* 如果你想用精确的匹配来过滤结果,请使用用 -e 参数
* 使用' - t '将文件的路径排除,以过滤搜索结果
* 删除误报(特别是在搜索使用数字时 - i.e. 版本).
* 当更新或显示帮助时,搜索项将被忽略。
使用方法
进行基础的搜索,下面命令可以搜索到 标题和路径中包含 easy file sharing
的所有内容
root@kali:~# searchsploit easy file sharing
-------------------------------------------- ---------------------------------
Exploit Title | Path
-------------------------------------------- ---------------------------------
BadBlue 2.5 - Easy File Sharing Remote Buff | windows/remote/845.c
Easy File Sharing FTP Server 2.0 (Windows 2 | windows/remote/3579.py
Easy File Sharing FTP Server 2.0 - 'PASS' R | windows/remote/2234.py
Easy File Sharing FTP Server 2.0 - PASS Ove | windows/remote/16742.rb
Easy File Sharing FTP Server 3.5 - Remote S | windows/remote/33538.py
Easy File Sharing HTTP Server 7.2 - POST Bu | windows/remote/42256.rb
Easy File Sharing HTTP Server 7.2 - Remote | windows/remote/39661.rb
Easy File Sharing Web Server 1.2 - Informat | windows/remote/23222.txt
Easy File Sharing Web Server 1.25 - Denial | windows/dos/423.pl
Easy File Sharing Web Server 1.3x/4.5 - Dir | multiple/dos/30856.txt
Easy File Sharing Web Server 3.2 - Format S | windows/dos/27377.txt
Easy File Sharing Web Server 3.2 - Full Pat | windows/remote/27378.txt
Easy File Sharing Web Server 4 - Remote Inf | windows/remote/2690.c
Easy File Sharing Web Server 4.8 - File Dis | windows/remote/8155.txt
Easy File Sharing Web Server 5.8 - Multiple | windows/remote/17063.txt
Easy File Sharing Web Server 6.8 - Persiste | php/webapps/35626.txt
Easy File Sharing Web Server 6.8 - Remote S | windows/remote/33352.py
Easy File Sharing Web Server 6.9 - USERID R | windows/remote/37951.py
Easy File Sharing Web Server 7.2 - 'POST' R | windows/remote/42165.py
Easy File Sharing Web Server 7.2 - 'POST' R | windows/remote/42186.py
Easy File Sharing Web Server 7.2 - 'UserID' | windows/remote/44522.py
Easy File Sharing Web Server 7.2 - Account | windows/local/42267.py
Easy File Sharing Web Server 7.2 - Authenti | windows/remote/42159.txt
Easy File Sharing Web Server 7.2 - GET 'Pas | windows/remote/42261.py
Easy File Sharing Web Server 7.2 - GET 'Pas | windows/remote/42304.py
Easy File Sharing Web Server 7.2 - GET Buff | windows/remote/39008.py
Easy File Sharing Web Server 7.2 - HEAD Req | windows/remote/39009.py
Easy File Sharing Web Server 7.2 - Remote B | windows/remote/38829.py
Easy File Sharing Web Server 7.2 - Remote O | windows/remote/38526.py
Easy File Sharing Web Server 7.2 - Remote O | windows/remote/40178.py
Easy File Sharing Web Server 7.2 - Stack Bu | windows/remote/44485.py
Easy File Sharing Web Server 7.2 - Unrestri | windows/webapps/42268.py
-------------------------------------------- ---------------------------------
Shellcodes: No Results
搜索标题,加上-t
选项之后就可以搜索标题中包含关键字的记录
root@kali:~# searchsploit -t linux sql
-------------------------------------------- ---------------------------------
Exploit Title | Path
-------------------------------------------- ---------------------------------
Invision Gallery 2.0.7 (Linux) - 'readfile( | php/webapps/2527.c
MySQL (Linux) - Database Privilege Escalati | linux/local/23077.pl
MySQL (Linux) - Heap Overrun (PoC) | linux/dos/23076.pl
MySQL (Linux) - Stack Buffer Overrun (PoC) | linux/dos/23075.pl
MySQL 4.0.17 (Linux) - User-Defined Functio | linux/local/1181.c
MySQL 4.x/5.0 (Linux) - User-Defined Functi | linux/local/1518.c
MySQL User-Defined (Linux) (x32/x86_64) - ' | linux/local/46249.py
MySQL yaSSL (Linux) - SSL Hello Message Buf | linux/remote/16849.rb
rimbalinux AhadPOS 1.11 - 'alamatCustomer' | php/webapps/47585.txt
-------------------------------------------- ---------------------------------
Shellcodes: No Results
按照路径搜索,加上-p
选项之后就可以搜索路径中包含关键字的信息
root@kali:~# searchsploit -p 3579.py
Exploit: Easy File Sharing FTP Server 2.0 (Windows 2000 SP4) - 'PASS' Remote Overflow
URL: https://www.exploit-db.com/exploits/3579
Path: /usr/share/exploitdb/exploits/windows/remote/3579.py
File Type: Python script, ASCII text executable, with CRLF line terminators
显示了该python文件所在网站的URL和本地储存的路径,3579
是该漏洞的ID号
当我们要搜索某个软件的漏洞时,要用其中的一个文件用于渗透,就可以用该命令找到该脚本所在位置。
搜索Linux内核版本
搜索微软漏洞
搜索微软2014年的所有漏洞,关键字可以ms14,ms15,ms16,ms17
root@kali:/# searchsploit ms14
-------------------------------------------- ---------------------------------
Exploit Title | Path
-------------------------------------------- ---------------------------------
Microsoft .NET Deployment Service - IE Sand | windows/local/33892.rb
Microsoft Internet Explorer - CMarkup Use-A | windows/remote/32904.rb
Microsoft Internet Explorer - Memory Corrup | windows/dos/34458.html
Microsoft Internet Explorer - TextRange Use | windows/remote/32438.rb
Microsoft Internet Explorer 10 - CMarkup Us | windows/remote/32851.html
Microsoft Internet Explorer 11 - MSHTML CPa | windows/dos/40960.svg
Microsoft Internet Explorer 11 - MSHTML CSp | windows/dos/40946.html
Microsoft Internet Explorer 8/9/10 - 'CInpu | windows/dos/33860.html
Microsoft Internet Explorer 8/9/10/11 / IIS | windows/remote/40721.html
Microsoft Internet Explorer 9 - MSHTML CAtt | windows/dos/40685.html
Microsoft Internet Explorer 9/10 - CFormEle | windows_x86/dos/34010.html
Microsoft Internet Explorer OLE Pre-IE11 - | windows/remote/35308.html
Microsoft Windows - 'NDPROXY' SYSTEM Privil | windows/local/30014.py
Microsoft Windows - OLE Package Manager Cod | windows/local/35235.rb
Microsoft Windows - OLE Package Manager Cod | windows/local/35236.rb
Microsoft Windows - OLE Package Manager Cod | windows_x86/local/35020.rb
Microsoft Windows - OLE Remote Code Executi | windows/remote/35055.py
Microsoft Windows - TrackPopupMenu Win32k N | windows/local/35101.rb
Microsoft Windows 7 (x64) - 'afd.sys' Dangl | windows_x86-64/local/39525.py
Microsoft Windows 7 (x86) - 'afd.sys' Dangl | windows_x86/local/39446.py
Microsoft Windows 8.0/8.1 (x64) - 'TrackPop | windows_x86-64/local/37064.py
Microsoft Windows 8.1/ Server 2012 - 'Win32 | windows/local/46945.cpp
Microsoft Windows HTA (HTML Application) - | windows/remote/37800.php
Microsoft Windows Kerberos - Privilege Esca | windows/remote/35474.py
Microsoft Windows Kernel - 'win32k.sys' Loc | windows/local/39666.txt
Microsoft Windows Server 2003 SP2 - Local P | windows/local/35936.py
Microsoft Windows Server 2003 SP2 - TCP/IP | windows/local/37755.c
Microsoft Windows XP SP3 (x86) / 2003 SP2 ( | windows_x86/local/37732.c
Microsoft Word - RTF Object Confusion (MS14 | windows/local/32793.rb
-------------------------------------------- ---------------------------------
Shellcodes: No Results