Ever run into a test where you port scan and you just cannot
remember what those ports are or if there is any vulnerabilities connected to
them? Normally, I would just take the port do a search on Exploit-db.com. However,
I found myself doing that a lot on this last test there were lots of weird
ports. I started by writing a page
scraper for Exploit-DB, that took just a list of ports, it was a little slow. I
added functionality to search the Exploit-DB CSV file that is in Backtrack or
if you have the file just point the script at it. I quickly became annoyed with
having to take the ports from my Nmap results and put them into a text file and
then run my script. I then found out
there is an API for Exploit-DB so back to the drawing board at the end of the day
the Gather Sploits script was born.
The script simply parses an Nmap xml file grabs the host,
ports and OS and runs them through either the Exploit-DB online search or
locally if specified. There are some requirements though, you will need a
Shodan API key you can get the instructions at http://docs.shodanhq.com/. You
will also need the Shodan python libraries which you can get at https://github.com/achillean/shodan-python.
Finally, you will need the code at the end of this article and python 2.7.
If the Nmap XML has the operating system (OS) detection in
it the script will limit the port findings based on that OS along with the
exploits that are for multiple OS’s. You can specify an OS or force all
results. This script produces a lot of data, you have been warned.
Usage is simple
Results are plenty
Code below:
No comments:
Post a Comment