Compreihensive Guide on SerachSploit

at 9:45 PM Friday, October 26, 2018
Hello friends!! Several times you might have read our articles on CTF challenges and other, where we have used searchsploit to find out an exploit if available in its Database. Today in this article we are going to discuss SerachSploit in detail.

Table of Content
Introduction to serachsploit
Title Searching
Advance Title Searching
Copy To Clipboard
Copy To Directory
Examine an Exploit
Examining Nmap result
Exploit-DB Online
Eliminate Unwanted Results
Case Sensitive

Introduction to SerachSploit

Included in the Exploit Database repository on GitHub is “searchsploit”, a command line search tool for Exploit-DB that also allows you to take a copy of Exploit Database with you, everywhere you go. SearchSploit gives you the power to perform detailed off-line searches through your locally checked-out copy of the repository. This capability is particularly useful for security assessments on segregated or air-gapped networks without Internet access.

Since we are using GNOME build of Kali Linux therefore the “exploitdb” package is already included by default, all we need to do, open the terminal and just type “searchsploit” and press Enter. You will welcome by its help screen.

Searchsploit options

-c --case               [Term]                  carry out a case-sensitive search
 -e --exact           [Term]                  carry out an EXACT match on exploit title [Implies "-t"].
 -j --json               [Term]                  give result in JSON format.
 -m --mirror        [EDB-ID]               Mirror (aka copies) an exploit to the current working directory.
 -o --overflow    [Term]                  Exploit titles are allowed to overflow their columns.
 -p, --path            [EDB-ID]               Show the full path to an exploit.
 -t --title               [Term]                  Search JUST the exploit title.
 -u --update                                        Check for and install any exploitdb package updates.
 -w --www          [Term]                  Show URLs to Exploit-DB.com rather than the local path.
 -x --examine     [EDB-ID]               Examine the exploit using $PAGER.
 --colour                               Disable color highlighting in search results.
 --id                                                        Display the EDB-ID value rather than local path.
 --nmap                                                [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml)
Use "-v" (verbose) to try even more combinations
--exclude="term"       Remove values from results.
e.g. --exclude="term1|term2|term3".

Source: https://www.exploit-db.com/searchsploit/
Title Searching

Using –t option enables “title” parameter to search an exploit with specific title. Because by default, searchsploit will try both the title of the exploit as well as the path. Searching an exploit with specific title gives quick and sorted results. 



Advance Title Searching
Even you can use –t option, to get more fine result in finding the exploit of any particular platform. For example, if you want to find out java exploit for windows platform, then you can consider the following command.
searchsploit –t java windows

Now you can compare the current output result from the previous result.



Copy to Clipboard
Using –p options, enables “copy to clipboard parameter” as this option provides more information related to the exploit, as well as copy the whole path to the exploit to the clipboard, all you need press Ctrlv to paste.

searchsploit 39166
searchsploit -p 39166


In the following image we have shown the default result varies when we use –p option along it.



Copy to Directory

using –m options, enables “copy to directory/folder parameter” as this option provides same information as above related to the exploit, as well as copy the exploit in your current working directory.

searchsploit 39166
searchsploit -m 39166

In the following image we have shown the default result varies when we use –m option along it.




Examine an Exploit
Using –examine option, enables examine parameter to read the functionality of that exploit with the help of $PAGER.
searchsploit 39166 –examine



The above command will open the text file of the exploit to review its functionality, code and other information.



Examining Nmap result
As we all known, Nmap has very remarkable feature that let you save its output result in .xml format and we can identify each exploit associated with nmap xml file.
 
nmap –sv 192.168.1.102 –oX result.xml
With the help of above command we have saved the scanning result of nmap in an xml file, so that we can search the exploit related to scanned port/services.




Using –x option enables the examine parameter as well as  --nmap option Checks all results in Nmap's XML output with service version to find out related exploit with it.
searchsploit –x --nmap result.xml
Here you can observe that, it is using verbose mode for examine xml file and had shown all possible exploit of running services.




Continue reading…




Exploit-DB Online
Using –w option, enables website URL because on its website you will get more detailed information such CVE-ID, setup files, tags, and vulnerability mappings which is not included in searchsploit.

searchsploit ubuntu 14.04 –w
The above command will show all available Exploit DB website links for the exploit related to ubuntu 14.04.




Eliminate Unwanted Results
using –exclude option, it enables exclude parameter to remove unwanted result from inside the list of exploit. You can also remove multiple terms by separating the terms with a “|” (pipe). This can be considered in the following:
serachploit ubuntu 14.04
searchploit –exclude=”Privilege Escalation”

In the following image we have shown the default result varies when we use --exclude option along it. Even you can eliminate more terms with the help of “|” (pipe)

searchsploit –exclude=”Privilege Escalation” | (Poc)




Moreover we can use the universal Grep command to remove unwanted result from its output result. This can be considered in the following:
serachploit ubuntu14.04
searchploit ubuntu 14.04 | grep “Buffer Overflow”
The above command will only look for all available exploit of ubuntu 14.04 on Buffer Overflow and dump the result.




Case Sensitive
Using –c option, enables the “case-sensitive search” parameter to find out exploit related to specific character mention in the command, by default it makes insensitive search. You can consider the following example:
serachsploit xss
serachsploit –c XSS

As you can observe by default it has show all available exploit related to xss/XSS but in the next command it has shown the result only for XSS.


Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)