mdeous / exploitdb Goto Github PK
View Code? Open in Web Editor NEWShell-style script to search exploit-db.com exploits.
Home Page: http://mdeous.github.io/exploitdb/
License: Other
Shell-style script to search exploit-db.com exploits.
Home Page: http://mdeous.github.io/exploitdb/
License: Other
The format of the exploits archive provided by exploit-db has changed and is now a ZIP.
As the script assumes it is a BZIP file, extraction fails with an error:
tarfile.ReadError: not a bzip2 file
It would be useful to be able to see the content of a sploit by referencing them either by id or by path. Searching for a sploit and then having to escape exploitdb.py to view it is counterproductive.
Run ./exploitdb.py
I try to run the application and I have an error
./exploitdb.py
Traceback (most recent call last):
File "./exploitdb.py", line 272, in <module>
main()
File "./exploitdb.py", line 262, in main
es = ExploitSearch()
File "./exploitdb.py", line 61, in __init__
self.load_csv()
File "./exploitdb.py", line 121, in load_csv
for index, entry in enumerate(reader):
File "/usr/lib/python3.5/encodings/ascii.py", line 26, in decode
return codecs.ascii_decode(input, self.errors)[0]
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 2712: ordinal not in range(128)
When passing multiple patterns for a single field name to the search
command (for example: search description:zabbix description:"2."
), behavior is not the expected one. This kind of search should "accumulate" patterns and act like an "AND" search, instead of this, it currently acts as a "OR" search, which is far less convenient.
It would be nice if the application could check at startup if an updated exploits archive exists, and notify the user if so. This would also be useful when using the updatedb
command as it would prevent the script to download the whole archive even if it was not updated.
Currently, the search
command uses substring matching to find given patterns, it could be useful if it could also match using regular expressions. There could be a different syntax to differenciate between regex and substring matching, for example, regex patterns could be quoted and prefixed by "r" (search description:r"zabbix 1\.[0-2]"
).
It would be nice if users could also store their own exploits and have it searchable by the application.
This is currently impossible because exploits folder is overwritten each time exploits are updated.
When installing exploitdb and running it, it will store the exploits in the folder from which it was ran. The script should check if it was installed or not, and then store the files either in $HOME/exploits, or in the script's folder
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.