Codebase list python-faraday / debian/2.0.0-0kali1 bin / getExploits.py
debian/2.0.0-0kali1

Tree @debian/2.0.0-0kali1 (Download .tar.gz)

getExploits.py @debian/2.0.0-0kali1raw · history · blame 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
#!/usr/bin/env python
# -*- coding: utf-8 -*-

"""
Faraday Penetration Test IDE
Copyright (C) 2016  Infobyte LLC (http://www.infobytesec.com/)
See the file 'doc/LICENSE' for the license information

Autor: Ezequiel Tavella

This script get all CVEs of vulns in the active workspace and search
for exploits in the vFeed database.
Support : Exploit-db, Metasploit, Milworm, D2, Saint

Thanks ToolsWatch!!!
www.toolswatch.org
"""

import sqlite3
import os

DB_PATH = "./data/vfeed.db"
URL_DB = "http://www.toolswatch.org/vfeed/vfeed.db.tgz"

def getExploits(cve_id, cursor):

    result = {
    'exploit-db' : [],
    'metasploit' : [],
    'milworm' : [],
    'd2' : [],
    'saint' : []
    }

    value = (cve_id.upper(), )

    #D2 exploits
    consult = cursor.execute(
    "SELECT d2_script_file FROM map_cve_d2 WHERE cveid = ?",
    value
    )

    for row in consult:
        for i in row:
            result['d2'].append(i)

    #Exploit-db exploits
    consult = cursor.execute(
    "SELECT exploitdbscript FROM map_cve_exploitdb WHERE cveid = ?",
    value
    )

    for row in consult:
        for i in row:
            result['exploit-db'].append(i)

    #Metasploit exploits
    consult = cursor.execute(
    "SELECT msf_script_file FROM map_cve_msf WHERE cveid = ?",
    value
    )

    for row in consult:
        for i in row:
            result['metasploit'].append(i)

    #Milworm exploits
    consult = cursor.execute(
    "SELECT milw0rmid FROM map_cve_milw0rm WHERE cveid = ?",
    value
    )

    for row in consult:
        for i in row:
            result['milworm'].append(i)

    #Saint exploits
    consult = cursor.execute(
    "SELECT saintexploitlink FROM map_cve_saint WHERE cveid =  ?",
    value
    )

    for row in consult:
        for i in row:
            result['saint'].append(i)

    return result

def printExploits(vuln, references, cursor):

    global getExploits

    for ref in references:
        if ref.startswith('CVE') or ref.startswith('cve'):

            ret = getExploits(ref, cursor)
            if ret :
                print '[Exploits ' + vuln + ' ' + ref + ']\n'

            for tool, info in ret.iteritems():

                if not info:
                    continue
                print '[Tool] ' + tool

                for path in info:
                    print path
                print '\n'



print '\n[*]Checking DB...'

if not os.path.isfile(DB_PATH):

    print '[!]DB not found: please download the DB from: ' + URL_DB
    print '[!]Extract this to $FARADAY/data/ and try again!'
    raise('DB not found','Check if DB exists')

print '[*]DB Found!'
print '[*]Searching exploits...\n'

connection = sqlite3.connect(DB_PATH)
cursor = connection.cursor()

for host in api.__model_controller.getAllHosts():
    for v in host.getVulns():

        print '[' + host.name +  '] ' + v._name
        printExploits(v._name, v.getRefs(), cursor)

    for i in host.getAllInterfaces():
        for s in i.getAllServices():
            for v in s.getVulns():

                print '[' + host.name +  '] ' + v._name
                printExploits(v._name, v.getRefs(), cursor)