Comments (6)
Sorry, it's me again.
But, you might consider making it more clear in README.md.
By default, all the three locations for Linux config.json are ignored if there is another config file in SploitScan/sploitscan.
And SploitScan/sploitscan is not always the current directory.
Thank you, this is a great tool.
from sploitscan.
But, then... I tried CVE-2007-4723...
traceback (most recent call last):
File "/opt/SploitScan/./sploitscan.py", line 6, in
cli()
File "/opt/SploitScan/sploitscan/sploitscan.py", line 1067, in cli
main(args.cve_ids, args.export, args.import_file, args.type, args.config, args.debug)
File "/opt/SploitScan/sploitscan/sploitscan.py", line 984, in main
public_exploits = fetch_and_display_public_exploits(cve_id)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/SploitScan/sploitscan/sploitscan.py", line 880, in fetch_and_display_public_exploits
display_public_exploits(github_data, vulncheck_data, exploitdb_data, packetstorm_data, nuclei_data, vulncheck_error)
File "/opt/SploitScan/sploitscan/sploitscan.py", line 365, in display_public_exploits
exploits, total = template(True)
^^^^^^^^^^^^^^^
ValueError: not enough values to unpack (expected 2, got 1)
With 0.10.2, it works...
from sploitscan.
It works now.
Thank you and best regards...
from sploitscan.
Hi @cikasole, I reckon there is an issue with your key again.
$ sploitscan.py CVE-2020-8813
███████╗██████╗ ██╗ ██████╗ ██╗████████╗███████╗ ██████╗ █████╗ ███╗ ██╗
██╔════╝██╔══██╗██║ ██╔═══██╗██║╚══██╔══╝██╔════╝██╔════╝██╔══██╗████╗ ██║
███████╗██████╔╝██║ ██║ ██║██║ ██║ ███████╗██║ ███████║██╔██╗ ██║
╚════██║██╔═══╝ ██║ ██║ ██║██║ ██║ ╚════██║██║ ██╔══██║██║╚██╗██║
███████║██║ ███████╗╚██████╔╝██║ ██║ ███████║╚██████╗██║ ██║██║ ╚████║
╚══════╝╚═╝ ╚══════╝ ╚═════╝ ╚═╝ ╚═╝ ╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═══╝
v0.10.3 / Alexander Hagenah / @xaitax / [email protected]
╔═══════════════════════╗
║ CVE ID: CVE-2020-8813 ║
╚═══════════════════════╝
┌───[ 🔍 Vulnerability information ]
|
├ Published: 2020-02-22
├ Base Score: N/A (N/A)
├ Vector: N/A
└ Description: graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell
metacharacters in a cookie, if a guest user has the graph real-time privilege.
┌───[ ♾️ Exploit Prediction Score (EPSS) ]
|
└ EPSS Score: 92.06% Probability of exploitation.
┌───[ 🛡️ CISA KEV Catalog ]
|
└ ❌ No data found.
┌───[ 💣 Public Exploits (Total: 7) ]
|
├ GitHub
│ ├ Date: 2022-09-30 - https://github.com/p0dalirius/CVE-2020-8813-Cacti-RCE-in-graph_realtime
│ ├ Date: 2021-05-29 - https://github.com/hexcowboy/CVE-2020-8813
│ └ Date: 2020-02-23 - https://github.com/mhaskar/CVE-2020-8813
│
├ VulnCheck
│ ├ Date: 2022-09-30 - https://github.com/p0dalirius/CVE-2020-8813-Cacti-RCE-in-graph_realtime
│ └ Date: 2021-05-11 - https://github.com/0xm4ud/Cacti-CVE-2020-8813
│
├ Exploit-DB
│ ├ Date: 2020-02-03 - https://www.exploit-db.com/exploits/48144
│ └ Date: 2020-02-03 - https://www.exploit-db.com/exploits/48145
│
└ Other
├ PacketStorm: https://packetstormsecurity.com/search/?q=CVE-2020-8813
└ Nuclei: https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/main/http/cves/2020/CVE-2020-8813.yaml
But on another note, if no exploit is found on one of the platforms, it will not display it anymore.
from sploitscan.
Thanks for your continuous testing and support. I fixed the issue but no release yet.
git pull
and please run again.
Issue was that I haven't considered in the code that an exploit doesn't exist :D
from sploitscan.
I will also look at how I can improve the config logic in the coming days.
from sploitscan.
Related Issues (19)
- include python3 shebang HOT 1
- Feature request: Microsoft monthly patch review HOT 1
- The import xml from openVAS is alredy work? HOT 8
- Error fetching data from VulnCheck: 401 HOT 4
- Nessus import errors HOT 1
- Error with variable vulncheck_data: 'NoneType' object has no attribute 'get' HOT 1
- docker setting config.json HOT 2
- Package for Debian HOT 1
- AI-Powered Risk Assessment Error HOT 1
- Error while exporting to html HOT 1
- API key for VulnCheck is not configured correctly HOT 20
- File location HOT 2
- API Key issues with load_config() logic and config.json issues HOT 2
- CVE numbers in title lines are missing (in html output)?
- Sometime crash with 'not enough values to unpack (expected 2, got 1)' for some CVE IDs HOT 3
- Read CVSS 2.0
- Search Exploit in ExploitDB HOT 1
- Read archive with CVEs HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sploitscan.