This is the third day of my participation in the November Gwen Challenge. Check out the details: the last Gwen Challenge 2021

Introduction to the

Searchsploit is a command line search tool for exploitation-DB that helps us find penetration modules.

Exploit Database (github.com/offensive-s…) This is a project sponsored by Offensive Security (www.offensive-security.com/). Stored a large number of vulnerability utilization procedures, can help security researchers and penetration test engineers better security testing work, is the world’s most open vulnerability collection database, the warehouse will be updated every day, Exploitation-db provides searchsploit to search the location of offline vulnerability library files using files.csv.

Exploitation-db is a vulnerability library, a copy of which is stored in Kali Linux, and the required penetration module can be found by using the command mentioned above. It will search for all vulnerabilities and Shellcode and the vulnerability library is stored locally and can be used even without network.

The basic search method is searchsploit+ for software/systems that may contain vulnerabilities, and so on, corresponding to the vulnerabilities stored in the echo and scripts used for infiltration.

First let’s take a look at the help options for SearchSploit.

Usage: searchsploit [options] term1 [term2] ... [termN]
​
==========
 Examples
==========
  searchsploit afd windows localSearchsploit -t Oracle Windows searchsploit -p 39446 Searchsploit Linux kernel 3.2 --exclude="(PoC)|/dos/"
​
  For more examples, see the manual: https://www.exploit-db.com/searchsploit/
​
=========
 Options
=========
   -c, --case[Term] case sensitive (default is case insensitive) -e, --exact [Term] Exact match for the exploit title (default is AND) [Implies"-t"].
   -h, --help-j, --json [Term] display results in JSON format -m, --mirror [edb-id] copy exp to current working directory, add target ID -o, --overflow [Term] Exploit title is allowed to overflow its column -p, --path [edb-id] shows the full path exploited by the Exploit (and copies the path to the clipboard if possible), Followed by the vulnerability ID number -t, --title [Term] searches only for the vulnerability title (default is the title and file path) -u, --update checks and installs any exploitDB package updates (deb or git) -w, -- WWW [Term] shows Exploit-DB.com URL instead of local path (online search) -x, --examine [edb-id] use $PAGER to check (copy) Exp --colour Search results unhighlighted keywords -- ID display edb-id --nmap [file.xml] use service version to check all results in nmap XML output (e.g. : Nmap-sv-ox file.xml) uses "-v" (verbose) to try more combinations --exclude="term"Deletes the value from the result. Separate multiple values by using the "|" For example, exclude = "term1 | term2 | term3". ======= Notes ======= * You can use any number of search terms. * Search terms are not case-sensitive (by default), and ordering is irrelevant. * If you want to filter results with exact matches, use the -e argument *' - t 'Filters search results * removes false positives (especially when searching using numbers - i.e * Search terms are ignored when updated or help is displayed.Copy the code

Method of use

To do a basic search, the following command will search for everything in the title and path that contains Easy File Sharing

root@kali:~# searchsploit easy file sharing -------------------------------------------- --------------------------------- Exploit Title | Path -------------------------------------------- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- BadBlue 2.5 Easy File Sharing Remote Buff | Windows/Remote / 845 c Easy File Sharing The FTP Server 2.0 (Windows 2 | / remote / 3579. Py Easy File Sharing FTP Server 2.0 - 'PASS' R | Windows/remote / 2234. Py Easy File Sharing FTP Server 2.0 - PASS Ove | Windows/remote / 16742. The rb Easy File Sharing 3.5 remote FTP Server S | Windows/remote / 33538. Py Easy File Sharing HTTP Server 7.2 - POST Bu | Windows/remote / 42256. The rb Easy File Sharing HTTP 7.2 Remote Server | Windows/Remote / 39661. The rb Easy File Sharing Web Server 1.2 - Informat | Windows/Remote / 23222. TXT Easy File Sharing Web Server 1.25 - "| Windows/DOS / 423. Pl Easy File Sharing Web Server 1.3 x 4.5 Dir / | Multiple/DOS / 30856. TXT Easy File Sharing Web Server 3.2 - Format S | Windows/DOS / 27377. TXT Easy File Sharing Web Server 3.2 - Full Pat | Windows/remote / 27378. TXT Easy File Sharing Web Server 4 - remote Inf | Windows/remote / 2690. C Easy File 4.8 the File Sharing Web Server Dis | Windows/remote / 8155. TXT Easy File Sharing Web Server 5.8 - Multiple | Windows/remote / 17063. TXT Easy File Sharing Web Server 6.8 - Persiste | PHP/webapps / 35626. TXT Easy File Sharing Web 6.8 Remote Server S | Windows/Remote / 33352. Py Easy File Sharing Web Server 6.9 - USERID R | Windows/Remote / 37951. Py Easy File Sharing Web Server 7.2 - 'POST' R | Windows/remote / 42165. Py Easy File Sharing Web Server 7.2 - 'POST' R | Windows/remote / 42186. Py Easy File Sharing Web Server 7.2 - 'UserID' | Windows/remote / 44522. Py Easy File Sharing Web Server 7.2 - Account | Windows/local / 42267. Py Easy File Sharing Web Server 7.2 - Authenti | Windows/remote / 42159. TXT Easy File Sharing Web Server 7.2 - GET 'Pas | Windows/remote / 42261. Py Easy File Sharing Web Server 7.2 - GET' Pas | Windows/remote / 42304. Py Easy File Sharing Web Server 7.2 - GET Buff | Windows/remote / 39008. Py Easy File Sharing Web Server 7.2 - HEAD the Req | Windows/remote / 39009. Py Easy File Sharing Web Server 7.2 - remote | Windows/remote/B 38829. Py Easy File Sharing Web Server 7.2 - Remote O | Windows/Remote / 38526. Py Easy File Sharing Web Server 7.2 - Remote O | Windows/remote / 40178. Py Easy File Sharing Web Server 7.2 - Stack Bu | Windows/remote / 44485. Py Easy File Sharing Web Server 7.2 - Unrestri | Windows/webapps / 42268 p y -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --------------------------------- Shellcodes: No ResultsCopy the code

Search for the title, with the -t option to search for records that contain keywords in the title

root@kali:~# searchsploit -t linux sql -------------------------------------------- --------------------------------- Exploit Title | Path -------------------------------------------- --------------------------------- Invision Gallery 2.0.7 (Linux) - 'readfile (MySQL | PHP/webapps / 2527 c (Linux) - Database Privilege Escalati | Linux/local / 23077. Pl MySQL  (Linux) - Heap Overrun (PoC) | linux/dos/23076.pl MySQL (Linux) - Stack Buffer Overrun (PoC) | linux/dos/23075.pl MySQL 4.0.17 (Linux) - the User - Defined Functio | Linux/local / 1181 c MySQL 4 x / 5.0 (Linux) - the User - Defined Functi | linux/local/1518.c MySQL User-Defined (Linux) (x32/x86_64) - ' | linux/local/46249.py MySQL yaSSL (Linux) - SSL Hello Message Buf | Linux/remote / 16849. Rb rimbalinux AhadPOS 1.11 'alamatCustomer' | PHP/webapps / 47585. TXT -------------------------------------------- --------------------------------- Shellcodes: No ResultsCopy the code

To search by path, add the -p option to search for information containing keywords in the path

root@kali:~# searchsploit -p 3579.py
  Exploit: Easy File Sharing FTP Server 2.0 (Windows 2000 SP4) - 'PASS' Remote Overflow
      URL: https://www.exploit-db.com/exploits/3579
     Path: /usr/share/exploitdb/exploits/windows/remote/3579.py
File Type: Python script, ASCII text executable, with CRLF line terminators
Copy the code

Shows the URL of the python file’s website and the path where it is stored locally. 3579 is the vulnerability ID

When we want to search for a vulnerability in a piece of software and use one of the files for infiltration, we can use this command to find the location of the script.

Search for the Linux kernel version

Search for Microsoft vulnerabilities

Search for all Microsoft vulnerabilities in 2014, the keywords can be MS14, MS15, MS16, MS17

root@kali:/# searchsploit ms14 -------------------------------------------- --------------------------------- Exploit Title | Path -------------------------------------------- --------------------------------- Microsoft .NET Deployment Service - IE Sand | windows/local/33892.rb Microsoft Internet Explorer - CMarkup Use-A | windows/remote/32904.rb Microsoft Internet Explorer - Memory Corrup | windows/dos/34458.html Microsoft Internet Explorer - TextRange Use | windows/remote/32438.rb Microsoft Internet Explorer 10 - CMarkup Us | windows/remote/32851.html Microsoft Internet Explorer 11 - MSHTML CPa | windows/dos/40960.svg Microsoft Internet Explorer 11 - MSHTML CSp | windows/dos/40946.html Microsoft Internet Explorer 8/9/10 - 'CInpu | windows/dos/33860.html Microsoft Internet Explorer 8/9/10/11 / IIS | windows/remote/40721.html Microsoft Internet Explorer 9 - MSHTML CAtt | windows/dos/40685.html Microsoft Internet Explorer 9/10 - CFormEle | windows_x86/dos/34010.html Microsoft Internet Explorer OLE Pre-IE11 - | windows/remote/35308.html Microsoft Windows - 'NDPROXY' SYSTEM Privil | windows/local/30014.py Microsoft Windows - OLE Package Manager Cod | windows/local/35235.rb Microsoft Windows - OLE Package Manager Cod | windows/local/35236.rb Microsoft Windows - OLE Package Manager Cod | windows_x86/local/35020.rb Microsoft Windows - OLE Remote Code Executi | windows/remote/35055.py Microsoft Windows - TrackPopupMenu Win32k N | windows/local/35101.rb Microsoft Windows 7 (x64) -  'afd.sys' Dangl | windows_x86-64/local/39525.py Microsoft Windows 7 (x86) - 'afd.sys' Dangl | Windows_x86 / local / 39446. Py (x64) - Microsoft Windows 8.0/8.1 'TrackPop | windows_x86-64 / local / 37064. Py Microsoft Windows Win32 / Server 8.1 in 2012 - '| Windows/local / 46945 CPP Microsoft Windows HTA Application (HTML) - | windows/remote/37800.php Microsoft Windows Kerberos - Privilege Esca | windows/remote/35474.py Microsoft Windows Kernel - 'win32k.sys' Loc | windows/local/39666.txt Microsoft Windows Server 2003 SP2 - Local P | windows/local/35936.py Microsoft Windows Server 2003 SP2 - TCP/IP | windows/local/37755.c Microsoft Windows XP SP3 (x86) / 2003 SP2 ( | windows_x86/local/37732.c Microsoft Word - RTF Object Confusion (MS14 | windows/local/32793.rb -------------------------------------------- --------------------------------- Shellcodes: No ResultsCopy the code

For an example, see this article: Searchsploit Tool (Exploit-db.com) Use example (Linux Kernel Vulnerability Empowerment) ExploitDB

Reference Documents:

Searchsploit use

SearchSploit- Vulnerability finding tool