Hello All
Kali ini saya akan share software hacking , yaitu SearchSploit-The offline Exploit Database Archive
Apa itu SearchSploit?
Termasuk dalam repositori Exploit Database kami di GitHub adalah "searchsploit", alat pencarian baris perintah untuk Exploit-DB yang juga memungkinkan Anda untuk mengambil salinan Exploit Database dengan Anda, ke mana pun Anda pergi. SearchSploit memberi Anda kekuatan untuk melakukan pencarian off-line yang terperinci melalui salinan repositori Anda yang diperiksa secara lokal. Kemampuan ini sangat berguna untuk penilaian keamanan pada jaringan segregated atau air-gapped tanpa akses Internet.
Banyak eksploitasi berisi tautan ke file biner yang tidak termasuk dalam repositori standar tetapi dapat ditemukan di kami Exploit Database Binary Exploits repository instead. Jika Anda mengantisipasi Anda akan tanpa akses internet pada penilaian, pastikan Anda memeriksa kedua repositori untuk set data yang paling lengkap.
Panduan ini adalah untuk versi 4 dari SearchSploit.
Catatan, Nama utilitas ini adalah SearchSploit dan sesuai namanya, ia akan mencari semua exploit dan shellcode. Ini tidak akan menyertakan hasil apa pun Google Hacking Database, Papers jika dikonfigurasi (dengan benar!).
Install on Kali Linux
apt update && apt -y install exploitdb (Install SearchSploit)
searchsploit -h (See SearchSploit help menu)
Install on Linux
sudo git clone https://github.com/offensive-security/exploit-database.git /opt/exploit-database
sudo ln -sf /opt/exploit-database/searchsploit /usr/local/bin/searchsploit
sed 's|path_array+=(.*)|path_array+=("/opt/exploit-database")|g' /opt/exploit-database/.searchsploit_rc > ~/.searchsploit_rc
Bagaimana cara memperbarui?
In orther Linux: sudo searchsploit -u
In Kali Linux: apt update && apt full-upgrade
Menggunakan SearchSploit
Layar Bantuan: Dengan menggunakan searchsploit -h, Anda dapat melihat semua fitur dan opsi yang tersedia untuk Anda:
root@GitHackTools:~# searchsploit -h Usage: searchsploit [options] term1 [term2] ... [termN] ========== Examples ========== searchsploit afd windows local searchsploit -t oracle windows searchsploit -p 39446 searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/" For more examples, see the manual: https://www.exploit-db.com/searchsploit/ ========= Options ========= -c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe). -e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"]. -h, --help Show this help screen. -j, --json [Term] Show result in JSON format. -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory. -o, --overflow [Term] Exploit titles are allowed to overflow their columns. -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible). -t, --title [Term] Search JUST the exploit title (Default is title AND the file's path). -u, --update Check for and install any exploitdb package updates (deb or git). -w, --www [Term] Show URLs to Exploit-DB.com rather than the local path. -x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER. --colour Disable colour highlighting in search results. --id Display the EDB-ID value rather than local path. --nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml). Use "-v" (verbose) to try even more combinations --exclude="term" Remove values from results. By using "|" to separated you can chain multiple values. e.g. --exclude="term1|term2|term3". ======= Notes ======= * You can use any number of search terms. * Search terms are not case-sensitive (by default), and ordering is irrelevant. * Use '-c' if you wish to reduce results by case-sensitive searching. * And/Or '-e' if you wish to filter results by using an exact match. * Use '-t' to exclude the file's path to filter the search results. * Remove false positives (especially when searching using numbers - i.e. versions). * When updating or displaying help, search terms will be ignored.
Example: Search for remote Oracleexploits for Windows:
root@kali:~# searchsploit oracle windows remote
Description Path
----------------------------------------------------------------------------- ----------------------------------
Oracle XDB FTP Service UNLOCK Buffer Overflow Exploit | /windows/remote/80.c
Oracle 9.2.0.1 Universal XDB HTTP Pass Overflow Exploit | /windows/remote/1365.pm
Oracle 9i/10g ACTIVATE_SUBSCRIPTION SQL Injection Exploit | /windows/remote/3364.pl
Oracle WebLogic IIS connector JSESSIONID Remote Overflow Exploit | /windows/remote/8336.pl
Oracle Secure Backup Server 10.3.0.1.0 Auth Bypass/RCI Exploit | /windows/remote/9652.sh
Credit: The following people made this possible:
* Offensive Security
* Unix-Ninja
* g0tmi1k
Source :
GitHackTools
[ Semoga Bermanfaat ]
[ Don't Forget For Share ]
[ ]
Posting Komentar