mdeous / exploitdb Goto Github PK

The format of the exploits archive provided by exploit-db has changed and is now a ZIP.
As the script assumes it is a BZIP file, extraction fails with an error:

tarfile.ReadError: not a bzip2 file

It would be useful to be able to see the content of a sploit by referencing them either by id or by path. Searching for a sploit and then having to escape exploitdb.py to view it is counterproductive.

• exploitdb version: the version from github
• Python version: 3.5.2
• Operating System: blackarch Linux

Description

Run ./exploitdb.py
I try to run the application and I have an error

What I Did

./exploitdb.py   
Traceback (most recent call last):
  File "./exploitdb.py", line 272, in <module>
    main()
  File "./exploitdb.py", line 262, in main
    es = ExploitSearch()
  File "./exploitdb.py", line 61, in __init__
    self.load_csv()
  File "./exploitdb.py", line 121, in load_csv
    for index, entry in enumerate(reader):
  File "/usr/lib/python3.5/encodings/ascii.py", line 26, in decode
    return codecs.ascii_decode(input, self.errors)[0]
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 2712: ordinal not in range(128)

When passing multiple patterns for a single field name to the search command (for example: search description:zabbix description:"2."), behavior is not the expected one. This kind of search should "accumulate" patterns and act like an "AND" search, instead of this, it currently acts as a "OR" search, which is far less convenient.

It would be nice if the application could check at startup if an updated exploits archive exists, and notify the user if so. This would also be useful when using the updatedb command as it would prevent the script to download the whole archive even if it was not updated.

Currently, the search command uses substring matching to find given patterns, it could be useful if it could also match using regular expressions. There could be a different syntax to differenciate between regex and substring matching, for example, regex patterns could be quoted and prefixed by "r" (search description:r"zabbix 1\.[0-2]").

It would be nice if users could also store their own exploits and have it searchable by the application.
This is currently impossible because exploits folder is overwritten each time exploits are updated.

When installing exploitdb and running it, it will store the exploits in the folder from which it was ran. The script should check if it was installed or not, and then store the files either in $HOME/exploits, or in the script's folder