Skip to content

Instantly share code, notes, and snippets.

@chrisjsimpson
Created August 27, 2012 16:46
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save chrisjsimpson/3490250 to your computer and use it in GitHub Desktop.
php cli exploit-db.com search via command line
<?php
/* Terminal sript for fast searching of the exploit-db.com/search page
*
* Requires: php5, curl, php-cli, w3m (use sudo apt-get install programName)
*
* For defaults just leave questions blank & press enter.
*
* Notes for improvement:
* > No pagination support (only shows page one of results)
* > Writes search result to a file- this is messy, must be better way
*
*/
//Initialise search parameters to default values
$searchTerms = array(); //Search parameters as associative array
$searchTerms['action'] = 'search';
$searchTerms['filter_page'] = 1;
$searchTerms['filter_description'] = '';
$searchTerms['filter_exploit_text'] = '';
$searchTerms['filter_author'] = '';
$searchTerms['filter_platform'] = 0;
$searchTerms['filter_type'] = 0;
$searchTerms['filter_lang_id'] = 0;
$searchTerms['filter_port'] = '';
$searchTerms['filter_osvdb'] = '';
$searchTerms['filter_cve'] = '';
//Get description
echo "\nEnter exploit description (e.g. 'mysql'): ";
fscanf(STDIN, "%s", $searchTerms['filter_description']);
echo "\nOK [{$searchTerms['filter_description']}]\n";
//Get exploit text
echo "\nEnter free text search (e.g. 'the' also finds 'Thesis'): ";
fscanf(STDIN, "%s", $searchTerms['filter_exploit_text']);
print "OK [{$searchTerms['filter_exploit_text']}]\n";
//Get author
echo "\nAuthor name: ";
fscanf(STDIN, "%s", $searchTerms['filter_author']);
echo "OK [{$searchTerms['filter_author']}]\n";
//Get platform
echo "\nPlatform: ";
fscanf(STDIN, "%s", $searchTerms['filter_platform']);
echo "\nOK [{$searchTerms['filter_platform']}]\n";
//Get type (dos, local, papers, remote, shellcode, webapps)
echo "\nType: ";
fscanf(STDIN, "%s", $searchTerms['filter_type']);
echo "\nOK [{$searchTerms['filter_type']}]\n";
//Get language
echo "\nLanguage: ";
fscanf(STDIN, "%s", $searchTerms['filter_lang_id']);
echo "\nOK [{$searchTerms['filter_lang_id']}]\n";
//Get port
echo "\nPort: ";
fscanf(STDIN, "%s", $searchTerms['filter_port']);
echo "OK [{$searchTerms['filter_port']}]\n";
//Get osvdb
echo "\nOsvdb: ";
fscanf(STDIN, "%s", $searchTerms['filter_osvdb']);
echo "\nOK [{$searchTerms['filter_osvdb']}]\n";
//Get cve
echo "\nCVE (eg: 2010-2204): ";
fscanf(STDIN, "%s", $searchTerms['filter_cve']);
echo "\nOK [{$searchTerms['filter_cve']}]\n";
###########
########## echo all search terms for confirmation:
############
echo "#######################\n";
echo " Search terms chosen: ";
echo "\n#####################\n";
foreach($searchTerms as $term=>$value)
{
echo "---> $term = $value \n";
}
//Build query url
$url = 'http://www.exploit-db.com/search/?action=search&filter_page=1&';
$url .= "filter_description={$searchTerms['filter_description']}";
$url .= '&filter_exploit_text=' . $searchTerms['filter_exploit_text'];
$url .= '&filter_author=' . $searchTerms['filter_author'];
$url .= '&filter_platform=' . $searchTerms['filter_platform'];
$url .= '&filter_type=' . $searchTerms['filter_type'];
$url .= '&filter_lang_id=' . $searchTerms['filter_lang_id'];
$url .= '&filter_port=' . $searchTerms['filter_port'];
$url .= '&filter_osvdb='. $searchTerms['filter_osvdb'];
$url .= '&filter_cve=' . $searchTerms['filter_cve'];
//echo URL
echo "\n\n$url\n\n";
echo "#########################\n######## Please wait while result is fetched ###########\n #######################\n";
//Pull search page 1 search result using curl
$curl = curl_init($url);
//Tell curl to fail on error:
curl_setopt($curl, CURLOPT_FAILONERROR, 1);
//Allow for redirects:
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
//Assign returned data to a variable:
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
//Set a timeout:
curl_setopt($curl, CURLOPT_TIMEOUT, 20);
//Execute the trasaction:
$result = curl_exec($curl);
//Close the connection:
curl_close($curl);
//Use phpDOM to get only the table from the webpage.
$dom = new DOMDocument;
$dom->loadHTML($result);
//Strip out only the results <table> tag
$resultsTable = $dom->getElementsByTagName('table')->item(0);
//Get results table out of the DOMDocument object
$data = $dom->saveHTML($resultsTable);
//Prepare file to write results to
$file = 'test.txt';
$fh = fopen($file, 'w') or die("can't create file");
//Write results table to $file
fwrite($fh, $data);
fclose($fh);
//Pass html results table to w3m (a terminal web browser) this formats the html table nicely.
system('w3m -T text/html test.txt'); //- system() strips the links from w3ms output :(
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment