Shulou(Shulou.com)06/03 Report--

Introduction to using searchsploit

In the process of lifting rights, we need to search for the loopholes in the system and software through the information we have, and obtain the poc that we use. After compiling, we can implement the rights promotion.

Introduction to 1.1searchsploit

Exploit Database (https://github.com/offensive-security/exploit-database) this is a project sponsored by OffensiveSecurity (https://www.offensive-security.com/). A large number of vulnerability exploitation programs are stored, which can help security researchers and test engineers to better carry out security testing. It is currently the most vulnerable database publicly collected in the world. The warehouse is updated every day. Exploit-db provides the location where searchsploit uses files.csv to search for offline vulnerability database files.

Download, install and update 1.2searchsploit

1. download

Https://codeload.github.com/offensive-security/exploit-database/zip/master

Git current directory:

Gitclone https://github.com/offensive-security/exploit-database.git

Git to / opt/exploit-database

Gitclone https://github.com/offensive-security/exploit-database.git/opt/exploit-database

two。 Installation

(1) centos installation: yuminstall exploitdb

(2) MacOS installation: brew update & & brew install exploitdb

(3) kali installation: apt update&& apt-y install exploitdb

Use the command to associate the searchsploit:

Ln-sf / opt/exploit-database/searchsploit / usr/local/bin/searchsploit

3. Update

Searchsploit-u

1.3searchsploit syntax

1. Usage

Searchsploit [line selection] term1 [term2]... [termN]

Options:

-c,-- case [Term] performs a case-sensitive search, which is case-insensitive by default.

-h,-- help displays help on the screen

-j,-- json [Term] displays the results in JSON format

-m,-- mirror [EDB-ID] mirrors (copies) a vulnerability to the current working directory, followed by a vulnerability ID number

-o,-- overflow [Term] Exploit header is allowed to overflow its column

-p,-- path [EDB-ID] shows the full path of the exploit (and, if possible, copy it to the clipboard), followed by the vulnerability ID number

-t,-- title [Term] only searches for vulnerability titles (default is title and file path)

-u,-- update checks and installs any exploitdb package updates (deb or git)

-w,-- www [Term] shows the URL of Exploit-DB.com instead of the local path (online search)

-x,-- examine [EDB-ID] uses $PAGER to check (copy) vulnerability exploitation

-- colour disables color highlighting in search results.

-- id displays EDB-ID values instead of local paths

-- nmap [file.xml] uses the service version to check all the results in the Nmap XML output (for example: nmap-sV-oX file.xml).

Use "- v" (detailed) to try more combinations

-- exclude= "term" removes the value from the result. Separate multiple values by using "|", for example-- exclude= "term1 | term2 | term3".

two。 Use an example

(1) View help

Searchsploit-h

(2) search for local Windows exploits of the vulnerability keyword afd

Searchsploit afd windows local

(3) search for vulnerabilities that contain oracle windows in the title

Searchsploit-t oracle windows

(4) search for loopholes with leak number 39446

Searchsploit-p 39446

(5) eliminate the vulnerability of dos and PoC values including linuxkernel 3.2

Searchsploit linux kernel 3.2 Mushroom = "(PoC) | / dos/"

(6) find the loopholes in mssql

Searchsploit mssql

(7) find vulnerabilities related to window XP

Searchsploit / xp

(8) find vulnerabilities in apple

Searchsploit apple

1.4 skills

1. The query keyword adopts AND operation.

SearchSploit uses the AND operator instead of the OR operator. The more terms are used, the more results are filtered.

two。 Try to use the full name when searching by name

3. Use the "- t" option

By default, searchsploit checks the title of the exploit and the path. Depending on the search criteria, this can lead to false positives (especially when searching for terms that match the platform and version number), using the "- t" option to remove excess data. For example, searchsploit-t oracle windows displays seven rows of data while searchsploit oracle windows | wc-l displays 90 rows of data.

4. Online search for keyword vulnerabilities in exploit-db.com

Searchsploit WarFTP 1.65-w

5. Search for Microsoft vulnerabilities

Search for all Microsoft vulnerabilities in 2014, the keyword can be ms14,ms15,ms16,ms17

Searchsploit MS14

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.