vulnerscom / getsploit Goto Github PK
View Code? Open in Web Editor NEWCommand line utility for searching and downloading exploits
License: GNU Lesser General Public License v3.0
Command line utility for searching and downloading exploits
License: GNU Lesser General Public License v3.0
After I downloaded some exploits for wordpress how would I use them?
First Thanks for this package!
using: python 3.5.0 on anaconda continuum
I had an issue UnicodeEncodeError: 'charmap' codec can't encode character
I couldn't debug it.
~\Documents\GitHub\getsploit [master ≡]> python getsploit.py django
Total found exploits: 41
Web-search URL: https://vulners.com/search?query=bulletinFamily%3Aexploit+AND+django
Traceback (most recent call last):
File "getsploit.py", line 673, in <module>
main()
File "getsploit.py", line 670, in main
print(outputTable.draw())
File "C:\Users\Jeffrey\Miniconda3\lib\encodings\cp437.py", line 19, in encode
return codecs.charmap_encode(input,self.errors,encoding_map)[0]
UnicodeEncodeError: 'charmap' codec can't encode character '\uff09' in position 598: character maps to <undefined>
When I add a return (out[:-1]).encode('utf-8')
into line 313 the output is not well formatted.
I cannot download database using "getsploit --update", the download hangs before 25% (sometimes before 4% !).
I tried from different devices, internet sources...
Any ideas ?
Regards,
python script on mac , full text search sqlite database, tips:Your SQLite3 library does not support FTS4., recompile sqlite, command "pragma compile_options" shows ENABLED_ FTS4,but python script still shows not support FTS4. Any solution?
system & program version
macos Sierra develop beta3
python 2.7.13
sqlite3 3.19.3
After I enter my API key, this error message always shows up
Traceback (most recent call last): File "$HOME/Library/Python/2.7/bin/getsploit", line 8, in <module> sys.exit(main()) File "$HOME/Library/Python/2.7/lib/python/site-packages/getsploit/getsploit.py", line 189, in main vulners_lib = sploitVulners(api_key=api_key) File "$HOME/Library/Python/2.7/lib/python/site-packages/vulners/api.py", line 120, in __init__ max_retries=retries)
Hi,
I get the following when issuing the following command: getsploit -u:
is this an error handling routine issue?
Downloading getsploit database archive. Please wait, it may take time. Usually around 5-10 minutes.
39084032/336659441 [11.61%]Traceback (most recent call last):
File "/usr/local/bin/getsploit", line 11, in
sys.exit(main())
File "/usr/local/lib/python2.7/dist-packages/getsploit/getsploit.py", line 731, in main
downloadVulnersGetsploitDB(DBPATH)
File "/usr/local/lib/python2.7/dist-packages/getsploit/getsploit.py", line 636, in downloadVulnersGetsploitDB
downloadFile(vulnersURL['updateAPI'], archiveFileName, progress_callback=progress_callback_simple)
File "/usr/local/lib/python2.7/dist-packages/getsploit/getsploit.py", line 608, in downloadFile
_download_helper(response,out_file,file_size)
File "/usr/local/lib/python2.7/dist-packages/getsploit/getsploit.py", line 590, in _download_helper
buffer = response.read(block_size)
File "/usr/lib/python2.7/socket.py", line 384, in read
data = self._sock.recv(left)
File "/usr/lib/python2.7/httplib.py", line 597, in read
s = self.fp.read(amt)
File "/usr/lib/python2.7/socket.py", line 384, in read
data = self._sock.recv(left)
File "/usr/lib/python2.7/ssl.py", line 772, in recv
return self.read(buflen)
File "/usr/lib/python2.7/ssl.py", line 659, in read
v = self._sslobj.read(len)
socket.error: [Errno 104] Connection reset by peer
Was just random typing. Works fine if I search for Kernel 4.0
Total found exploits: 6
Web-search URL: https://vulners.com/search?query=bulletinFamily%3Aexploit+AND+kernel+4.0.2
Traceback (most recent call last):
File "./getsploit.py", line 807, in
main()
File "./getsploit.py", line 801, in main
print(outputTable.draw().decode('ascii', 'ignore'))
UnicodeEncodeError: 'ascii' codec can't encode characters in position 2613-2620: ordinal not in range(128)
la-la-2:getsploit none$ getsploit --update
Downloading getsploit database archive. Please wait, it may take time. Usually around 5-10 minutes.
[################################] 276048/427041 - 00:01:35
Unpacking database.
Traceback (most recent call last):
File "/Users/none/.pyenv/versions/3.6.5/bin/getsploit", line 11, in
load_entry_point('getsploit==0.3.3', 'console_scripts', 'getsploit')()
File "/Users/none/.pyenv/versions/3.6.5/lib/python3.6/site-packages/getsploit-0.3.3-py3.6.egg/getsploit/getsploit.py", line 204, in main
vulners_lib.downloadGetsploitDb(os.path.join(DBPATH, "getsplit.db.zip"))
File "/Users/none/.pyenv/versions/3.6.5/lib/python3.6/site-packages/getsploit-0.3.3-py3.6.egg/getsploit/getsploit.py", line 93, in downloadGetsploitDb
zip_ref = zipfile.ZipFile(full_path, 'r')
File "/Users/none/.pyenv/versions/3.6.5/lib/python3.6/zipfile.py", line 1108, in init
self._RealGetContents()
File "/Users/none/.pyenv/versions/3.6.5/lib/python3.6/zipfile.py", line 1175, in _RealGetContents
raise BadZipFile("File is not a zip file")
zipfile.BadZipFile: File is not a zip file
Breaks on line 664. Not sure what the problem is, whether the weird way you call print()
or (more likely) something wrong with pathname2urlHandler(finalQuery)
.
Win7 Pro 64-bit, Python 2.7.6, sample output:
python getploit.py smb
Total found exploits: 850
Traceback (most recent call last):
File "getsploit.py", line 672, in <module>
main()
File "getsploit.py", line 664, in main
print("Web-search URL: %s" % 'https://vulners.com/search?query=%s' % pathname2urlHandler(finalQuery))
File "C:\Python\lib\nturl2path.py", line 58, in pathname2url
raise IOError, error
IOError: Bad path: bulletinFamily:exploit AND smb
Hello,
return exploits for the specific CVE BUT ALSO for other exploits (example return exploit about EURLEROS_SA-2018-1001 that talks about CVE-2018-5715 and not CVE-2018-1001) :-(
Any ideas ?
Regards
Hello,
Could you provide a real offline mode ?
Because to date, getsploit
still needs an Internet connection even with the offline database, as one of the first actions in the script is to call this function which performs a check of the authenticity of the key.
Cheers.
My environment is as follows.
Ubuntu : 16.04.3
Python : 2.7.12
./getsploit.py -u
Downloading getsploit database archive. Please wait, it may take time. Usually around 5-10 minutes.
Traceback (most recent call last):
File "./getsploit.py", line 802, in <module>
main()
File "./getsploit.py", line 743, in main
downloadVulnersGetsploitDB(DBPATH)
File "./getsploit.py", line 648, in downloadVulnersGetsploitDB
downloadFile(vulnersURL['updateAPI'], archiveFileName, progress_callback=progress_callback_simple)
File "./getsploit.py", line 619, in downloadFile
file_size = int(meta.getheaders("Content-Length")[0])
IndexError: list index out of range
Hi,
When I tried to update getsploit database, I got this error:
/usr/local/lib/venvs/getsploit/lib/python3.9/site-packages/vulners/vulners.py:439: DeprecationWarning: Vulners is deprecated and will be removed in future release. Use VulnersApi instead.
warnings.warn(
Traceback (most recent call last):
File "/usr/local/bin/getsploit", line 8, in <module>
sys.exit(main())
File "/usr/local/lib/venvs/getsploit/lib/python3.9/site-packages/getsploit/getsploit.py", line 195, in main
vulners_lib._Vulners__opener.headers.update({'User-Agent': 'Vulners Getsploit %s' % __version__})
AttributeError: 'sploitVulners' object has no attribute '_Vulners__opener'
Any idea ?
Hello,
Is it plan to support local database with 'cvelist' argument ?
Regards,
UpdateAPI https://vulners.com/api/v3/archive/getsploit/ is returning an empty sqlite database, can you take a look at it?
I'm expecting a ~900M zip file.
Hello there,
In its pip package getsploit
informs that Python 2 is supported to run it.
But in Python 2 os.makedirs
does not have an exist_ok
option so it does not work:
New in version 3.2: The exist_ok parameter.
Cheers.
Hello,
We don't have same result when trying to get exploits using following commands:
getsploit -j cvelist:CVE-2019-5521
--> exploit not found. OK
getsploit -j cvelist:CVE-2019-5684
--> exploit not found. OK
but, getsploit -j cvelist:CVE-2019-5521,CVE-2019-5684
--> several exploits found but there is no link between result and CVE Ids given in input.
Any Idea ?
Regards,
Hi,
can you please push the missing git tags like 0.3.1 - 0.3.3? It would be great to always have a matching tag available.
This would make it easier to potentially package this tool in a distro. thank you very much 🐈
When you first launch latest version of getsploit and enter the API key you can by chance entering spaces and see this output:
linxon@cirno-chan ~/.getsploit $ getsploit
To use getsploit you need to obtain Vulners API key at https://vulners.com
Please, enter API key: asd
Traceback (most recent call last):
File "/usr/lib/python-exec/python3.6/getsploit", line 11, in <module>
load_entry_point('getsploit==0.3.2', 'console_scripts', 'getsploit')()
File "/usr/lib64/python3.6/site-packages/getsploit/getsploit.py", line 145, in main
vulners_lib = sploitVulners(api_key=api_key)
File "/usr/lib64/python3.6/site-packages/vulners/api.py", line 102, in __init__
if api_key and not self.__validKey(api_key):
File "/usr/lib64/python3.6/site-packages/vulners/api.py", line 199, in __validKey
return self.vulners_post_request('apiKey', {'keyID':api_key}).get('valid')
AttributeError: 'bytes' object has no attribute 'get'
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.