Thursday, February 28, 2013

Gather Sploits: Necessity is the mother of Invention


Ever run into a test where you port scan and you just cannot remember what those ports are or if there is any vulnerabilities connected to them? Normally, I would just take the port do a search on Exploit-db.com. However, I found myself doing that a lot on this last test there were lots of weird ports.   I started by writing a page scraper for Exploit-DB, that took just a list of ports, it was a little slow. I added functionality to search the Exploit-DB CSV file that is in Backtrack or if you have the file just point the script at it. I quickly became annoyed with having to take the ports from my Nmap results and put them into a text file and then run my script.  I then found out there is an API for Exploit-DB so back to the drawing board at the end of the day the Gather Sploits script was born. 

The script simply parses an Nmap xml file grabs the host, ports and OS and runs them through either the Exploit-DB online search or locally if specified. There are some requirements though, you will need a Shodan API key you can get the instructions at http://docs.shodanhq.com/. You will also need the Shodan python libraries which you can get at https://github.com/achillean/shodan-python. Finally, you will need the code at the end of this article and python 2.7.

If the Nmap XML has the operating system (OS) detection in it the script will limit the port findings based on that OS along with the exploits that are for multiple OS’s. You can specify an OS or force all results. This script produces a lot of data, you have been warned. 

Usage is simple


Results are plenty

Code below:

No comments:

Post a Comment