Skip to content
/ Can-You-EXPLOIT-It Public

The tool is a web application that displays an inventory of exploits according to the search performed by the user using different parameters.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

alvaroreinaa/Can-You-EXPLOIT-It

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
public
public
 
 
routes
routes
 
 
views
views
 
 
.gitignore
.gitignore
 
 
README.MD
README.MD
 
 
app.js
app.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 
update_database.py
update_database.py
 
 
update_searchsploit.py
update_searchsploit.py
 
 

Repository files navigation

Can You EXPLOIT It

The tool is a web application that displays an inventory of exploits according to the search performed by the user using different parameters. The main difference with exploitdb or searchsploit (the tool from which it obtains the exploits) is that, in addition to the searches that can be made in these, it also allows you to search by:

  • Vendor of the target software.
  • Link of the target software.
  • Version of the target software.
  • Where the exploit has been tested (which scenario).

This functionality has been implemented by me and is done by searching for keywords in the exploit itself. Most exploits that are currently uploaded to exploitdb follow a scheme of information from which you can retrieve all the necessary fields, but it is true that from X date of antiquity do not follow it. In these cases, or not retrieve the information, or retrieve it in a wrong way (other content that has that keyword). This accuracy will be improved.

Requisites 📋

For the correct use of the tool you will need a series of software already installed with its corresponding configuration. This section must be carried out by the user. The steps to follow are:

  • Running the tool on a supported operating system: Currently the tool is supported and tested on Linux.
  • Internet connection available: Software will be installed during setup.py.
  • Python 3.9 or higher installed: Not having this version will trigger execution problems. You can install it using the following command: sudo apt-get install python3
  • Have MySQL properly installed, configured (listed below), and running as a service: Depending on the version of your operating system, you will have to install MySQL in one way or another. After that, you have to create a user in which the database of the tool will be created and the information will be stored in it. The steps to follow are:
    • Log as MySQL root: mysql -u root -p
    • Create the user: CREATE USER 'user'@'localhost' IDENTIFIED BY 'password';
    • Grant privileges: GRANT ALL privileges ON *.* TO user@localhost identified by 'password';
    • Flush privileges: FLUSH PRIVILEGES;
  • Install the necessary python dependencies: In order to run the setup.py and the rest of the code, you need to install the dependencies found in requirements.txt. To do this, run the following command where the file is located: pip install -r requirements.txt

Setup 🛠️

Once the above has been done, you can run the setup.py file. This file will install the dependencies and additional software that the tool needs to work:

  • Searchsploit tool.
  • Nodejs and npm.
  • Node modules.

Run the following command where the file is located:

python3 setup.py

During installation, you will be requested for the corresponding MySQL user and password previously created, in order to initialize the database with the exploits available in the version of Searchsploit just installed.

Finally, in the main.routes.js file (located in the routes folder) in the top of the file, the user and password const should be changed to the previously created one. In this way, you will not be asked for this information again while using the tool.

Execution ⚙️

Important: Always check that the mysql service is started before using the tool. You can do that with the following command: mysql service status. If it is off or stopped, execute the following command: service mysql start

To run the tool, execute the following command in the root folder:

node app.js

And browse to: http://localhost:3000/

How the tool works 🔎

Once we access the above URL, we will see the following:

The main page will be displayed. Here we can enter the data we want in the different parameters to perform the search that best suits our objective:

When the search is performed, all the exploits matching the search will be displayed in a scrollable table, with all their respective associated data.

To update the Searchsploit tool and our database with its new exploits, just click on the "Update Database" button. As we will see on the screen, we will have to look at the shell in which we have executed the command to start the server. This is because we will probably be asked for the computer's password to be able to update Searchsploit to the latest version.

Authors ✒️

Álvaro Reina Abascal

About

The tool is a web application that displays an inventory of exploits according to the search performed by the user using different parameters.

Topics

nodejs javascript python website sql frontend exploit scss hacking cibersecurity explotation

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages