Ok,
I just cleaned up the code a bit and made some very minor changes now all links will link to the v2 version of the script. Too see the changes click the link provided below.
http://pentest-labs.org/downloads/exploit_db_search_v2.py
Have fun.. Happy Hacking!
-bostonlink
So, if you read my post below on my script that searches the exploit-db.com database for exploits for anything, there was a problem installing the shodan module in BT4 R2. With a late night and a few beers in hand I went at this problem and got the shodan python module working. I believe that it is due to the versions of python in BT4 R2 they are 2.4 and 2.5, where 2.5 is the default interpreter that is executed when running a script or just the IDE, python 2.6 does not have this issue at least on my macbook pro. Below are the steps I took to get the shodan module sucessfully working on BT 4 R2.
first we install the ‘python-simplejson’ module that the sodan api.py is dependent on and download the shodan module’s source
[code]
apt-get install python-simplejson
wget http://pypi.python.org/packages/source/s/shodan/shodan-0.2.tar.gz
gzip -d shodan-0.2.tar.gz
tar xvf shodan-0.2.tar
cd shodan-0.2/shodan
nano api.py
[/code]
Now if we try to run the ‘setup.py install’ the module will error out and not install, so we have to edit the api.py file and change a couple of lines for it to install. the first line we need to edit is the first line of the file where it states ‘ from json import dumps,loads’ to ‘import simplejson as json’ then we go down to line 59 of the file and where it says ‘data = loads(data)’ change this too ‘data = json.loads(data)’ now save and exit the api.py file, and run the following commands:
[code]
cd ..
python setup.py install
[/code]
Now it successfully installs with no errors, and we have the shodan python api working.
-bostonlink
I just coded a nice little script while messing around with the shodan python library. It allows you to search for a string, list all exploits that were found, show a specific exploit (code), download a specific exploit, and change the search string. This is version 1 I just coded in a couple of hours to make sure everything works fine before posting to my blog. If you have any requests to add feel free to email me or add them yourself =). I hope people find this useful I sure will. I did code it on my Macbook pro due to the easy_install method of the shdan library returned errors in BT R2, not sure exactly why and didn’t bother looking further into it yet. Just a heads up you will need to signup at http://www.shodanhq.com/ to get the API key which is needed to run this script. The script is as follows, you can also download it from:
http://pentest-labs.org/downloads/exploit_db_search_v2.py
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 | #!/usr/bin/python """Searches exploit-db exploit database""" # coded by: bostonlink @ pentest-labs.org # thanks to shodanhq and exploit-db # usage: ./exploit_db_search.py import sys,shodan,urllib2 usage = '''\nexploit_db_search.py coded by: bostonlink @ pentest-labs.org usage: ./exploit_db_search.py [search_string] example: ./exploit_db_search.py php ''' SHODAN_API_KEY = 'Enter Your Shodan API key here' api = shodan.WebAPI(SHODAN_API_KEY) if len(sys.argv) < 2 or len(sys.argv) > 3: print(usage) sys.exit(0) # initial exploit-db search search search_query = sys.argv[1] results = api.exploitdb.search(search_query) if len(results) > 0: print("Searching................\n") print("Search Executed Successfully") print("There are %s Exploits Found that relate to %s" % (results['total'],search_query)) print("See Menu below for options") # menu options def menu(): print('\nMenu Options\n') print('1 - list all exploits found') print('2 - select the type of exploits to display') print('3 - select a exploit to view') print('4 - write exploit to a file in the CWD') print('5 - change search string') print('6 - exit') global selection selection = raw_input('\nSelect an option from above: ') menu() # menu options end # if statements while True: if selection == '1': print('\nexploit id: description\n') for exploit in results['matches']: print('%s: %s' % (exploit['id'],exploit['description'])) if selection == '2': print('exploit types : remote, webapps, dos, local, shellcode') exploit_type = raw_input('enter the type of exploit: ') print('\ndisplaying %s exploits\n' % exploit_type) for exploit in results['matches']: if exploit_type == exploit['type']: print('%s: %s' % (exploit['id'],exploit['description'])) if selection == '3': exploit_id = raw_input('\nenter the exploit id to be displayed: ') for exploit in results['matches']: if exploit_id == str(exploit['id']): exploit_file = api.exploitdb.download(exploit['id']) print 'Filename: %s' % exploit_file['filename'] print 'Content-type: %s' % exploit_file['content-type'] print exploit_file['data'] if selection == '4': exploit_id = raw_input('\nenter exploit id: ') for exploit in results['matches']: if exploit_id == str(exploit['id']): exploit_dl = api.exploitdb.download(exploit['id']) output = open(exploit_dl['filename'], 'w') output.write(exploit_dl['data']) output.close() if selection == '5': new_search = raw_input('enter new search string: ') results = api.exploitdb.search(new_search) print("Searching................\n") print("Search Executed Successfully") print("There are %s Exploits Found that relate to %s" % (results['total'],new_search)) print("See Menu below for options") if selection == '6': print('Happy Hacking!') sys.exit(0) menu() |
if you are going to use this code use the link above and wget, this is because of the wordwrap within my blog posts.
-bostonlink