Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
executable file 727 lines (584 sloc) 14.4 KB
#!/bin/sh
################################################################################
# #
# sploitctl.sh - fetch, install and search exploit archives from exploit sites #
# #
# DESCRIPTION #
# Script to fetch, install, update and search exploit archives from well-known #
# sites like packetstormsecurity.org and exploit-db.com. #
# #
# AUTHORS #
# noptrix@nullsecurity.net #
# teitelmanevan@gmail.com #
# nrz@nullsecurity.net #
# kurobeats@outlook.com #
# #
################################################################################
# sploitctl.sh version
VERSION="sploitctl.sh v2.0"
# return codes
SUCCESS=0
FAILURE=1
# true / false flags
TRUE=1
FALSE=0
# verbose mode - default: quiet
VERBOSE="/dev/null"
# debug mode - default: off
DEBUG="/dev/null"
# exploit base directory
EXPLOIT_DIR="/usr/share/exploits"
# exploit subdirectories
EXPLOITDB_DIR="${EXPLOIT_DIR}/exploit-db"
PSTORM_DIR="${EXPLOIT_DIR}/packetstorm"
M00_DIR="${EXPLOIT_DIR}/m00-exploits"
LSDPL_DIR="${EXPLOIT_DIR}/lsd-pl-exploits"
# link to exploit-db's exploit archive
# EXPLOITDB_URL="http://www.exploit-db.com/archive.tar.bz2"
# default base url for packetstorm
#PSTORM_URL="http://packetstorm.foofus.com/"
#PSTORM_URL="http://packetstorm.wowhacker.com/"
PSTORM_URL="https://dl.packetstormsecurity.net/"
# link to m00 exploits archive
M00_URL="https://github.com/BlackArch/m00-exploits/raw/master/m00-exploits.tar.gz"
# link to lsd-pl exploits archive
LSDPL_URL="https://github.com/BlackArch/lsd-pl-exploits/archive/master.zip"
# clean up, delete downloaded archive files (default: on)
CLEAN=$TRUE
# user agent string for curl
USERAGENT="blackarch/${VERSION}"
# browser open url in web search option
BROWSER="xdg-open" # allow for use of user defined default browser
# default url list for web option
URL_FILE="/usr/share/sploitctl/web/url.lst"
# print error and exit
err()
{
echo "[-] ERROR: ${*}"
exit $FAILURE
}
# print warning
warn()
{
echo "[!] WARNING: ${*}"
return $SUCCESS
}
# print verbose message
vmsg()
{
echo " > ${*}"
return $SUCCESS
}
# print message
msg()
{
echo "[+] ${*}"
return $SUCCESS
}
# delete downloaded archive files
clean()
{
if [ $CLEAN -eq $TRUE ]
then
msg "deleting archive files"
# Not defined by POSIX (SC2039). Read the commit message for details.
rm -rf "${EXPLOIT_DIR}"/{*.tar,*.tgz,*.tar.gz,*.tar.bz2,*.tar.xz,*.zip}\
> ${DEBUG} 2>&1
rm -rf "${PSTORM_DIR}"/{*.tar,*.tgz,*.tar.gz,*.tar.bz2,*.tar.xz,*.zip}\
> ${DEBUG} 2>&1
fi
return $SUCCESS
}
# search exploit(s) for given search pattern in web sites
search_web()
{
name="${srch_str}"
msg "searching '${name}'"
while read -r;
do
# Where REPLY is defined?
open_browser "${REPLY}" "${name}"
done < "${URL_FILE}"
return $SUCCESS
}
# search exploit(s) using given string pattern
search_archive()
{
msg "searching exploit for '${srch_str}'"
if [ -d "${EXPLOIT_DIR}" ]
then
for i in $(grep -ri --exclude={'*htm*','files.csv'} "${srch_str}" \
"${EXPLOIT_DIR}" | cut -d ':' -f 1 | sort -u)
do
# Could we split ';' ?
printf "%-80s | " "${i}" ; grep -m 1 -i "${srch_str}" "${i}"
done | sort -u
else
err "no exploits directory found"
fi
return $SUCCESS
}
# open browser for the search
open_browser()
{
url="${1}"
name="${2}"
domain=$(printf "%s" "${url}" | sed 's|\(http://[^/]*/\).*|\1|g')
vmsg "opening '${domain}' in ${BROWSER}" > ${VERBOSE} 2>&1
"${BROWSER}" "${url}${name}"
return $SUCCESS
}
# extract lsd-pl-exploits archives and do changes if necessary
extract_lsdpl()
{
unzip master.zip > ${DEBUG} 2>&1 ||
warn "failed to extract lsd-pl-exploits ${f}"
rm -rf lsd-pl-exploits > ${DEBUG} 2>&1
mv lsd-pl-exploits-master lsd-pl-exploits > ${DEBUG} 2>&1
cd lsd-pl-exploits > ${DEBUG} 2>&1 || err "could not change to lsd-pl dir"
for zip in *.zip
do
unzip "${zip}" > ${DEBUG} 2>&1
rm -rf "${zip}" > ${DEBUG} 2>&1
done
return $SUCCESS
}
# extract m00-exploits archives and do changes if necessary
extract_m00()
{
tar xfvz m00-exploits.tar.gz > ${DEBUG} 2>&1 ||
warn "failed to extract m00-exploits ${f}"
return $SUCCESS
}
# extract packetstorm archives and do changes if necessary
extract_pstorm()
{
for f in *.tgz
do
vmsg "extracting ${f}" > ${VERBOSE} 2>&1
tar xfvz "${f}" -C "${PSTORM_DIR}/" > ${DEBUG} 2>&1 ||
warn "failed to extract packetstorm ${f}"
done
return $SUCCESS
}
# extract exploit-db archive and do changes if necessary
extract_exploitdb()
{
return $SUCCESS
}
# extract exploit archives
extract()
{
msg "extracting exploit archives"
case $site in
0)
vmsg "extracting all archives" > ${VERBOSE} 2>&1
extract_exploitdb
extract_pstorm
extract_m00
extract_lsdpl
;;
1)
vmsg "extracting exploit-db archives" > ${VERBOSE} 2>&1
extract_exploitdb
;;
2)
vmsg "extracting packetstorm archives" > ${VERBOSE} 2>&1
extract_pstorm
;;
3)
vmsg "extracting m00-exploits archives" > ${VERBOSE} 2>&1
extract_m00
;;
4)
vmsg "extracting lsd-pl-exploits archives" > ${VERBOSE} 2>&1
extract_lsdpl
;;
esac
return $SUCCESS
}
# update lsd-pl archive
# TODO
update_lsdpl()
{
return $SUCCESS
}
# update m00 archive
# TODO
update_m00()
{
return $SUCCESS
}
# update packetstorm archive
update_pstorm()
{
today=`date +%y%m`
cd ${PSTORM_DIR}
last=`find . -type d | cut -d '-' -f 1 | tr -d './' | sort -u | tail -1`
next=`expr $last + 1`
for i in `seq $next $today`
do
vmsg "downloading ${i}-exploits.tgz" > ${VERBOSE} 2>&1
curl -k -# -A "${USERAGENT}" -O \
"${PSTORM_URL}/${i}-exploits/${i}-exploits.tgz" > ${DEBUG} 2>&1 ||
err "failed to download packetstorm"
done
extract_pstorm
return $SUCCESS
}
# update exploit-db archive
update_exploitdb()
{
if [ -f "${EXPLOITDB_DIR}/files_exploits.csv" ]
then
cd "${EXPLOITDB_DIR}" || err "could not change to exploit-db dir"
#git config user.email "foo@bar"
#git config user.name "foo bar"
git stash > ${DEBUG} 2>&1
git pull > ${DEBUG} 2>&1
cd ..
fi
return $SUCCESS
}
# update existing exploit archives
update()
{
msg "updating exploit archives"
case $site in
0)
vmsg "updating all exploit archives" > ${VERBOSE} 2>&1
update_exploitdb
update_pstorm
;;
1)
vmsg "updating exploit-db archive" > ${VERBOSE} 2>&1
update_exploitdb
;;
2)
vmsg "upating packetstorm archive" > ${VERBOSE} 2>&1
update_pstorm
;;
esac
return $SUCCESS
}
# fix file permissions
fix_perms()
{
msg "fixing permissions"
find "${EXPLOIT_DIR}" -type d -exec chmod 755 {} \; > ${DEBUG} 2>&1
find "${EXPLOIT_DIR}" -type f -exec chmod 644 {} \; > ${DEBUG} 2>&1
chown -R root:root ${EXPLOIT_DIR} > ${DEBUG} 2>&1
return $SUCCESS
}
# download lsd-pl exploit archives from our github repository
fetch_lsdpl()
{
vmsg "downloading lsd-pl-exploits" > ${VERBOSE} 2>&1
curl -# -A "${USERAGENT}" -L -O "${LSDPL_URL}" > ${DEBUG} 2>&1 ||
err "failed to download lsd-pl-exploits"
return $SUCCESS
}
# download m00 exploit archives from our github repository. some greets here to
# crash-x darkeagle and my old homies :(
fetch_m00()
{
vmsg "downloading m00-exploits" > ${VERBOSE} 2>&1
curl -# -A "${USERAGENT}" -L -O "${M00_URL}" > ${DEBUG} 2>&1 ||
err "failed to download m00-exploits"
return $SUCCESS
}
# download exploit archives from packetstorm
# TODO: dirty hack here. make it better
fetch_pstorm()
{
# enough for the next 83 years ;)
cur_year=$(date +%y)
y=0
vmsg "downloading archives from packetstorm" > ${VERBOSE} 2>&1
while [ "${y}" -le "${cur_year}" ]
do
for m in {1..12}
do
if [ "${y}" -lt 10 ]
then
year="0${y}"
else
year="${y}"
fi
if [ "${m}" -lt 10 ]
then
month="0${m}"
else
month="${m}"
fi
vmsg "downloading ${year}${month}-exploits.tgz" > ${VERBOSE} 2>&1
curl -k -# -A "${USERAGENT}" -O \
"${PSTORM_URL}/${year}${month}-exploits/${year}${month}-exploits.tgz" \
> ${DEBUG} 2>&1 || err "failed to download packetstorm"
done
y=$((y+1))
done
return $SUCCESS
}
# download exploit archives from exploit-db
fetch_exploitdb()
{
vmsg "downloading archive from exploit-db" > ${VERBOSE} 2>&1
if [ ! -f "${EXPLOITDB_DIR}/files.csv" ]
then
git clone https://github.com/offensive-security/exploit-database.git \
exploit-db > ${DEBUG} 2>&1
fi
return $SUCCESS
}
# download exploit archives from chosen sites
fetch()
{
msg "downloading exploit archives"
if [ "${site}" -eq 0 ] || [ "${site}" -eq 1 ]
then
fetch_exploitdb
fi
if [ "${site}" -eq 0 ] || [ "${site}" -eq 2 ]
then
fetch_pstorm
fi
if [ "${site}" -eq 0 ] || [ "${site}" -eq 3 ]
then
fetch_m00
fi
if [ "${site}" -eq 0 ] || [ "${site}" -eq 4 ]
then
fetch_lsdpl
fi
return $SUCCESS
}
# define and create exploit dirs for each site
make_exploit_dirs()
{
if [ ! -d "${EXPLOIT_DIR}" ]
then
if ! mkdir "${EXPLOIT_DIR}" > ${DEBUG} 2>&1
then
err "failed to create ${EXPLOIT_DIR}"
fi
fi
if [ ! -d "${EXPLOITDB_DIR}" ]
then
mkdir "${EXPLOITDB_DIR}" > ${DEBUG} 2>&1 ||
err "failed to create ${EXPLOITDB_DIR}"
fi
if [ ! -d "${PSTORM_DIR}" ]
then
mkdir "${PSTORM_DIR}" > ${DEBUG} 2>&1 ||
err "failed to create ${PSTORM_DIR}"
fi
if [ ! -d "${M00_DIR}" ]
then
mkdir "${M00_DIR}" > ${DEBUG} 2>&1 ||
err "failed to create ${M00_DIR}"
fi
if [ ! -d "${LSDPL_DIR}" ]
then
mkdir "${LSDPL_DIR}" > ${DEBUG} 2>&1 ||
err "failed to create ${LSDPL_DIR}"
fi
cd "${EXPLOIT_DIR}" || return $FAILURE
return $SUCCESS
}
# checks for old exploit dir: /var/exploits
check_old_expl_dir()
{
if [ -d "/var/exploits" ]
then
warn "old directory \"/var/exploits\" exists!"
printf " > delete old directory? [y/N]: "
read answer
if [ "${answer}" = "y" ]
then
vmsg "deleting \"/var/exploits\" ..." > ${VERBOSE} 2>&1
rm -rf "/var/exploits"
else
return $SUCCESS
fi
fi
return $SUCCESS
}
# usage and help
usage()
{
echo "usage:"
echo ""
echo " sploitctl.sh -f <arg> | -u <arg> | -s <arg> | -e <arg> [options] | <misc>"
echo ""
echo "options:"
echo ""
echo " -f <num> - download and extract exploit archives from chosen sites"
echo " - ? to list sites"
echo " -u <num> - update exploit archive from chosen site - ? to list sites"
echo " -s <str> - exploit to search using <str> in ${EXPLOIT_DIR}"
echo " -w <str> - exploit to search in web exploit site"
echo " -e <dir> - exploits base directory (default: /usr/share/exploits)"
echo " -b <url> - give a new base url for packetstorm"
echo " (default: http://dl.packetstormsecurity.com/)"
echo " -l <file> - give a new base path/file for website list option"
echo " (default: /usr/share/sploitctl/web/url.lst)"
echo " -c - do not delete downloaded archive files"
echo " -v - verbose mode (default: off)"
echo " -d - debug mode (default: off)"
echo ""
echo "misc:"
echo ""
echo " -V - print version of sploitctl and exit"
echo " -H - print this help and exit"
exit $SUCCESS
}
# leet banner, very important
banner()
{
echo "--==[ sploitctl.sh by blackarch.org ]==--"
echo
return $SUCCESS
}
# check chosen website
check_site()
{
if [ "${site}" = "?" ]
then
msg "available exploit sites"
vmsg "0 - all exploit sites"
vmsg "1 - exploit-db.com"
vmsg "2 - packetstormsecurity.org"
vmsg "3 - m00-exploits"
vmsg "4 - lsd-pl-exploits"
exit $SUCCESS
elif [ "${site}" -lt 0 ] || [ "${site}" -gt 4 ]
then
err "unknown exploit site"
fi
return $SUCCESS
}
# check argument count
check_argc()
{
if [ ${#} -lt 1 ]
then
err "-H for help and usage"
fi
return $SUCCESS
}
# check if requimsg arguments were selected
check_args()
{
msg "checking arguments"
if [ -z "${job}" ]
then
err "choose -f, -u or -s"
fi
if [ "${job}" = "search_web" ] && [ ! -f "${URL_FILE}" ]
then
err "failed to get url file for web searching - try -l <file>"
fi
return $SUCCESS
}
# check to ensure the script is run as root/sudo
check_uid()
{
if [ "$(id -u)" != "0" ]
then
err "This script must be run as root. Later hater."
fi
}
# parse command line options
get_opts()
{
while getopts f:u:s:w:e:b:l:cvdVH flags
do
case "${flags}" in
f)
job="fetch"
site="${OPTARG}"
check_site
;;
u)
job="update"
site="${OPTARG}"
check_site
;;
s)
job="search_archive"
srch_str="${OPTARG}"
;;
w)
job="search_web"
srch_str="${OPTARG}"
;;
e)
EXPLOIT_DIR="${OPTARG}"
;;
b)
PSTORM_URL="${OPTARG}"
;;
l)
URL_FILE="${OPTARG}"
;;
c)
CLEAN=$FALSE
;;
v)
VERBOSE="/dev/stdout"
;;
d)
DEBUG="/dev/stdout"
;;
V)
echo "${VERSION}"
exit $SUCCESS
;;
H)
usage
;;
*)
err "WTF?! mount /dev/brain"
;;
esac
done
return $SUCCESS
}
# controller and program flow
main()
{
banner
check_argc "${@}"
get_opts "${@}"
check_args "${@}"
check_uid
case "${job}" in
"fetch")
check_old_expl_dir
make_exploit_dirs
fetch
extract
fix_perms
clean
;;
"update")
update
fix_perms
clean
;;
"search_archive")
search_archive
;;
"search_web")
search_web
;;
*)
err "WTF?! mount /dev/brain"
esac
msg "game over"
return $SUCCESS
}
# program start
main "${@}"
# EOF