searchsploit-rb

#!/usr/bin/env ruby
#
# Searchsploit Ruby Edition
# By: Hood3dRob1n
#
# Exploit-db now on Github: 
# git clone https://github.com/offensive-security/exploit-database.git
#
# The original bash searchsploit script is too simple sometimes (and a little outdated)
# Plus, who doesn't like logging and a little color to mix things up ;p
#

######## Exploit-DB Files.csv Path ########
CSV='/home/clue/fun/exploit-db/files.csv' #
###########################################

###### STD GEMS ######
require 'optparse'   #
require 'fileutils'  #
#### NON-STD GEMS ####
require 'rubygems'   #
require 'colorize'   #
######################

# Catch System Interupts
trap("SIGINT") {
  puts "\n\nWARNING".light_red + "!".white + " CTRL".light_red + "+".white + "C Detected".light_red + ",".white + " Shutting things down".light_red + "....\n\n".white
  exit 666;
}

# 0x1337 Banner
def banner
  puts
  puts "Searchsploit-rb".light_red + ": An Exploit-DB Search Tool".white
end

# Clear
def cls
  if RUBY_PLATFORM =~ /win32|win64|\.NET|windows|W0W64/i
    system('cls')
  else
    system('clear')
  end
end

# Update to latest and greatest
# Leverages the new Github format
# Much better than older HTTP downloads!
def git_update(dir=nil)
  if dir.nil?
    directory = "#{CSV.split("/")[0..-2].join("/")}/"
  else
    directory = dir
  end
  Dir.chdir(directory) do 
    system('git pull')
  end
end

# Fetch fresh copy of exploit-db
# Git clones to local dir
# renames: exploit-db
def git_get(dir=nil)
  if dir.nil?
    directory = Dir.pwd
  else
    directory = dir
  end
  Dir.chdir(directory) do 
    system('git clone https://github.com/offensive-security/exploit-database.git exploit-db')
  end
end

# Search based on initial full CSV results set against platform
# This initializes our array to perform further searchs
# We wind down narrowing results as we go
# Due to poor CSV consistency this is the best I could come up with
def search_platform(query)
  platform_results=[]
  IO.foreach(CSV) do |line|
    line = line.unpack('C*').pack('U*') if !line.valid_encoding? # Thanks Stackoverflow :)
    if line =~ /(\".+,.+\")/ # Deal with annoying commans within quotes as they shouldn't be used to split on (ahrg)
      crappy_csv_line = $1
      not_as_crappy_csv_line = crappy_csv_line.sub(",", "")
      workable_csv_line = line.sub!("#{crappy_csv_line}","#{not_as_crappy_csv_line}").split(",")
    else
      workable_csv_line = line.split(",")
    end
    foo = workable_csv_line - workable_csv_line.slice(0,5)
    foobar = foo - workable_csv_line.slice(-1, 1) - workable_csv_line.slice(-2, 1)
    if query == 'nil'
      platform_results << line
    else
      platform_results << line if "#{foobar.join(",")}" =~ /#{query}/i
    end
  end
  return platform_results
end

# Search based on TYPE
# Returns an array with the results
def search_type(exploits_array, query)
  search_results=[]
  exploits_array.each do |line|
    line = line.unpack('C*').pack('U*') if !line.valid_encoding?
    if line =~ /(\".+,.+\")/ 
      crappy_csv_line = $1
      not_as_crappy_csv_line = crappy_csv_line.sub(",", "")
      workable_csv_line = line.sub!("#{crappy_csv_line}","#{not_as_crappy_csv_line}").split(",")
    else
      workable_csv_line = line.split(",")
    end
    foo = workable_csv_line - workable_csv_line.slice(0,5)
    foobar = foo - workable_csv_line.slice(-1, 1) - workable_csv_line.slice(-2, 1)
    if query == 'nil'
      search_results << line
    else
      if not workable_csv_line[-2].nil?
        search_results << line if "#{workable_csv_line[-2].downcase}" =~ /#{query}/i
      end
    end
  end
  return search_results
end

# Search based on Author
# Returns an array with the results
def search_author(exploits_array, query)
  search_results=[]
  exploits_array.each do |line|
    line = line.unpack('C*').pack('U*') if !line.valid_encoding?
    if line =~ /(\".+,.+\")/ 
      crappy_csv_line = $1
      not_as_crappy_csv_line = crappy_csv_line.sub(",", "")
      workable_csv_line = line.sub!("#{crappy_csv_line}","#{not_as_crappy_csv_line}").split(",")
    else
      workable_csv_line = line.split(",")
    end
    foo = workable_csv_line - workable_csv_line.slice(0,5)
    foobar = foo - workable_csv_line.slice(-1, 1) - workable_csv_line.slice(-2, 1)
    if query == 'nil'
      search_results << line
    else
      if not workable_csv_line[4].nil?
        search_results << line if "#{workable_csv_line[4].downcase}" =~ /#{query}/i
      end
    end
  end
  return search_results
end

# Search based on PORT
# Returns an array with the results
def search_port(exploits_array, query)
  search_results=[]
  exploits_array.each do |line|
    line = line.unpack('C*').pack('U*') if !line.valid_encoding?
    if line =~ /(\".+,.+\")/ 
      crappy_csv_line = $1
      not_as_crappy_csv_line = crappy_csv_line.sub(",", "")
      workable_csv_line = line.sub!("#{crappy_csv_line}","#{not_as_crappy_csv_line}").split(",")
    else
      workable_csv_line = line.split(",")
    end
    foo = workable_csv_line - workable_csv_line.slice(0,5)
    foobar = foo - workable_csv_line.slice(-1, 1) - workable_csv_line.slice(-2, 1)
    if query == 'nil'
      search_results << line
    else
      if not workable_csv_line[-1].nil?
        search_results << line if "#{workable_csv_line[-1].downcase}" =~ /#{query}/i
      end
    end
  end
  return search_results
end

# Search based on SEARCH Term
# Returns an array with the results
def search_search(exploits_array, query)
  search_results=[]
  exploits_array.each do |line|
    line = line.unpack('C*').pack('U*') if !line.valid_encoding?
    if query == 'nil'
      search_results << line
    else
      search_results << line if line =~ /#{query}/i
    end
  end
  return search_results
end

# Parse remaining exploits in array
# Print out the search results for user
# log to file as well if requested
def display_results(remaining_exploits)
  rezsize = remaining_exploits.size
  puts "[".light_green + "*".white + "] ".light_green + "Saved #{rezsize} Result(s) to: #{@out}".white if @log
  puts "[".light_green + "*".white + "] ".light_green + "Displaying Result(s):".white if @verbose and @log
  puts "[".light_green + "*".white + "] ".light_green + "Found #{rezsize} Result(s):".white if @verbose and not @log
  remaining_exploits.each do |line|
    if line =~ /(\".+,.+\")/
      crappy_csv_line = $1
      not_as_crappy_csv_line = crappy_csv_line.sub(",", "")
      workable_csv_line = line.sub!("#{crappy_csv_line}","#{not_as_crappy_csv_line}").split(",")
    else
      workable_csv_line = line.split(",")
    end
    foo = workable_csv_line - workable_csv_line.slice(0,5)
    foobar = foo - workable_csv_line.slice(-1, 1) - workable_csv_line.slice(-2, 1)
    if @log
      f = File.open("#{@out}", 'a+')
      f.puts "Description: #{workable_csv_line[2]}"
      f.puts "Location: #{CSV.split("/")[0..-2].join("/")}/#{workable_csv_line[1]}"
      f.puts "Exploit ID: #{workable_csv_line[0]}"
      f.puts "Platform: #{foobar.join(",")}"
      f.puts "Type: #{workable_csv_line[-2]}"
      if not "#{workable_csv_line[-1].chomp}".to_i == 0
        f.puts "Port: #{workable_csv_line[-1].chomp}"
      end
      f.puts "Author: #{workable_csv_line[4]}"
      f.puts "Submit: #{workable_csv_line[3]}"
      f.puts
      f.close
    end
    if @verbose
      puts "[".light_green + "*".white + "] ".light_green + "Description: ".light_red + "#{workable_csv_line[2]}".white
      puts "[".light_green + "*".white + "] ".light_green + "Location: ".light_red + "#{CSV.split("/")[0..-2].join("/")}/#{workable_csv_line[1]}".white
      puts "[".light_green + "*".white + "] ".light_green + "Exploit ID: ".light_red + "#{workable_csv_line [0]}".white
      puts "[".light_green + "*".white + "] ".light_green + "Platform: ".light_red + "#{foobar.join(",")}".white
      puts "[".light_green + "*".white + "] ".light_green + "Type: ".light_red + "#{workable_csv_line[-2]}".white
      if not "#{workable_csv_line[-1].chomp}".to_i == 0
        "[".light_green + "*".white + "] ".light_green + "Port: ".light_red + "#{workable_csv_line[-1].chomp}".white
      end
      puts "[".light_green + "*".white + "] ".light_green + "Author: ".light_red + "#{workable_csv_line[4]}".white
      puts "[".light_green + "*".white + "] ".light_green + "Submit: ".light_red + "#{workable_csv_line[3]}\n".white
    end
  end
  puts "[".light_blue + "*".white + "] ".light_blue + "Search Complete!".white
  puts "[".light_blue + "*".white + "] ".light_blue + "Hope you found what you needed....".white
  puts "[".light_blue + "*".white + "] ".light_blue + "Good Bye!".white
end



### MAIN ###
options = {}
optparse = OptionParser.new do |opts| 
  opts.banner = "Usage:".light_green + " #{$0} ".white + "[".light_green + "OPTIONS".white + "]".light_green
  opts.separator ""
  opts.separator "EX:".light_green + " #{$0} --update".white
  opts.separator "EX:".light_green + " #{$0} -t webapps -s vBulletin".white
  opts.separator "EX:".light_green + " #{$0} --search=\"Linux Kernel 2.6\"".white
  opts.separator "EX:".light_green + " #{$0} -a \"JoinSe7en\" -s \"MyBB\"".white
  opts.separator "EX:".light_green + " #{$0} -t remote -s \"SQL Injection\"".white
  opts.separator "EX:".light_green + " #{$0} -p linux -t local -s UDEV -o search_results.txt".white
  opts.separator ""
  opts.separator "Options: ".light_green
  opts.on('-u', '--update', "\n\tUpdate Exploit-DB Working Archive to Latest & Greatest".white) do |host|
    options[:method] = 0
  end
  opts.on('-p', '--platform <PLATFORM>', "\n\tSystem Platform Type, options include:
sco, bsdi/x86, openbsd, lin/amd64, plan9, bsd/x86, openbsd/x86, hardware, bsd, unix, lin/x86-64, netbsd/x86, linux, solaris, ultrix, arm, php, solaris/sparc, osX, os-x/ppc, cfm, generator, freebsd/x86, bsd/ppc, minix, unixware, freebsd/x86-64, cgi, hp-ux, multiple, win64, tru64, jsp, novell, linux/mips, solaris/x86, aix, windows, linux/ppc, irix, QNX, lin/x86, win32, linux/sparc, freebsd, asp, sco/x86".white) do |platform|
    options[:platform] = platform.downcase.chomp
    options[:method] = 1
  end
  opts.on('-t', '--type <TYPE>', "\n\tType of Exploit, options include:\n\tDoS, Remote, Local, WebApps, Papers or Shellcode".white) do |type|
    options[:type] =  type.downcase.chomp
    options[:method] = 1
  end
  opts.on('-a', '--author <NAME>', "\n\tRun Lookup based on Author Username".white) do |author|
    options[:author] = author.downcase.chomp
    options[:method] = 1
  end
  opts.on('-s', '--search <SEARCH_TERM>', "\n\tSearch Term to look for in Exploit-DB Working Archive".white) do |search|
    options[:search] = search.downcase.chomp
    options[:method] = 1
  end
  opts.on('-o', '--output <OUTPUT_FILE>', "\n\tOutput File to Write Search Results to".white) do |output|
    @out = output.strip.chomp
    options[:log] = true
  end
  opts.on('-q', '--quiet', "\n\tSilence Output to Terminal for Search Results (when logging output)".white) do |output|
    options[:q] = true
  end
  opts.on('-h', '--help', "\n\tHelp Menu".white) do 
    banner
    puts
    puts opts
    puts
    exit 69;
  end
end
begin
  foo = ARGV[0] || ARGV[0] = "--help"
  optparse.parse!
  mandatory = [:method]
  missing = mandatory.select{ |param| options[param].nil? }
  if not missing.empty?
    cls
    banner
    puts
    puts "Missing options: ".light_red + " #{missing.join(', ')}".white  
    puts optparse
    exit 666;
  end
rescue OptionParser::InvalidOption, OptionParser::MissingArgument, OptionParser::AmbiguousOption
  cls
  banner
  puts
  puts $!.to_s.light_red
  puts
  puts optparse
  puts
  exit 666;   
end
#Make we have search values or set wildcards
options[:platform] = '' if not options[:platform]
options[:type]     = '' if not options[:type]
options[:author]   = '' if not options[:author]
options[:port]     = '' if not options[:port]
options[:search]   = '' if not options[:search]
if options[:log]
  @log=true
else
  @log=false
end
if options[:q]
  @verbose=false
else
  @verbose=true
end
cls
banner
puts
if File.exists?(CSV) and File.directory?("#{CSV.split("/")[0..-2].join("/")}/platforms")
  if options[:method].to_i == 0
    # Update
    puts "[".light_green + "*".white + "] ".light_green + "Found existing archive file: #{CSV}".white
    puts "[".light_green + "*".white + "] ".light_green + "Running update to get latest and greatest....".white
    git_update
  else
    puts "[".light_green + "*".white + "] ".light_green + "Found archive file: #{CSV}".white
    plresults = search_platform(options[:platform]) unless options[:platform].nil?
    tresults = search_type(plresults, options[:type]) unless options[:type].nil?
    aresults = search_author(tresults, options[:author]) unless options[:author].nil?
    presults = search_port(aresults, options[:port]) unless options[:port].nil?
    results = search_search(presults, options[:search]) unless options[:search].nil?
    display_results(results)
  end
else
  # Not finding fi.es.csv and ./platforms/
  puts "[".light_red + "X".white + "] ".light_red + "Problem locating archive file: #{CSV}!".white unless File.exists?(CSV)
  puts "[".light_red + "X".white + "] ".light_red + "Problem locating archives platforms dir: #{CSV.split("/")[0..-2].join("/")}/platforms!".white unless File.directory?("#{CSV.split("/")[0..-2].join("/")}/platforms")
  puts "[".light_red + "X".white + "] ".light_red + "Can't run searches without it...".white
  print "(".light_red + "Do You want to Git CLone it ".white + "(".light_yellow + "Y".white + "/".light_yellow + "N".white + ")".light_yellow + "?".white + ")> ".light_red
  answer = gets.chomp
  if answer.upcase == 'Y' or answer.upcase == 'YES'
    puts "[".light_blue + "*".white + "] ".light_blue + "Trying to git clone the exploit-db repo...".white
    if File.directory?("#{CSV.split("/")[0..-2].join("/")}/") and "#{CSV.split("/")[0..-2].join("/")}/" != '/'
      git_get("#{CSV.split("/")[0..-2].join("/")}/")
    else
      git_get
    end
    puts "[".light_blue + "*".white + "] ".light_blue + "Hopefully things went well with git clone installation...".white
    puts "[".light_blue + "*".white + "] ".light_blue + "Try editing source code to point to the new setup and run again...".white
  else
    puts "[".light_red + "X".white + "] ".light_red + "OK, try again when you get things figured out then.....".white
  end
end
puts "\n\n"
#EOF