#!/usr/bin/python

"""Searches exploit-db exploit database"""
# coded by: bostonlink @ pentest-labs.org
# thanks to shodanhq and exploit-db
# usage: ./exploit_db_search.py search_string

import sys,shodan

usage = '''\nexploit_db_search.py coded by: bostonlink @ pentest-labs.org
     usage: ./exploit_db_search.py [search_string]
          example: ./exploit_db_search.py ftp
      example2: ./exploit_db_search.py \'Windows XP\'
'''

SHODAN_API_KEY = 'Enter API Key Here'
api = shodan.WebAPI(SHODAN_API_KEY)

if len(sys.argv) != 2:
    print(usage)
    sys.exit(0)

if len(SHODAN_API_KEY) < 32:
    print('\nPlease Enter Your Shodan API key to use this script')
    print('If you have not obtained an API key sign up @ shodanhq.com')
    print(usage)
    sys.exit(0)

# initial exploit-db search search

search_query = sys.argv[1]
results = api.exploitdb.search(search_query)

if len(results) > 0:
    print("Searching................\n")
    print("Search Executed Successfully")
    print("There are %s Exploits Found that relate to %s" % (results['total'],search_query))
    print("See Menu below for options")

# menu options

def menu():
    print('\nMenu Options\n')
    print('1 - list all exploits found')
    print('2 - select the type of exploits to display')
    print('3 - select a exploit to view')
    print('4 - write exploit to a file in the CWD')
    print('5 - change search string')
    print('6 - exit')
    global selection
    selection = raw_input('\nSelect an option from above: ')

menu()

# menu options end

# if statements

while True:

    if selection == '1':
        print('*' * 60)
        print('\nexploit id: description\n')
        print('*' * 60)
        for exploit in results['matches']:
            print('%s: %s' % (exploit['id'],exploit['description']))

    if selection == '2':
        print('exploit types : remote, webapps, dos, local, shellcode')
        exploit_type = raw_input('enter the type of exploit: ')
        print('\ndisplaying %s exploits\n' % exploit_type)
        for exploit in results['matches']:
            if exploit_type == exploit['type']:
                print('%s: %s' % (exploit['id'],exploit['description']))

    if selection == '3':
        exploit_id = raw_input('\nenter the exploit id to be displayed: ')
        for exploit in results['matches']:
            if exploit_id == str(exploit['id']):
                exploit_file = api.exploitdb.download(exploit['id'])
                print 'Filename: %s' % exploit_file['filename']
                print 'Content-type: %s' % exploit_file['content-type']
                print exploit_file['data']

    if selection == '4':
        exploit_id = raw_input('\nenter exploit id: ')
        for exploit in results['matches']:
            if exploit_id == str(exploit['id']):
                exploit_dl = api.exploitdb.download(exploit['id'])
                output = open(exploit_dl['filename'], 'w')
                output.write(exploit_dl['data'])
                output.close()
                print('%s successfully written to file in CWD' % exploit_dl['filename'])

    if selection == '5':
        new_search = raw_input('enter new search string: ')
        results = api.exploitdb.search(new_search)
        print("\nSearching................\n")
        print("Search Executed Successfully")
        print("There are %s Exploits Found that relate to %s" % (results['total'],new_search))
        print("See Menu below for options")

    if selection == '6':
        print('Happy Hacking!')
        sys.exit(0)

    menu()