auto_searchsploit.py

1. #!/usr/bin/env python
2. import subprocess
3. import argparse
4. import os
5. import sys
6.  
7. # Python 2 and 3 compatibility
8. try:
9. input = raw_input
10. except NameError:
11. pass
12.  
13. parser = argparse.ArgumentParser(description='Process some integers.')
14. parser.add_argument('kernel_version',
15. metavar='kernel_version',
16. type=str,
17. help='Kernel Version')
18.  
19. args = parser.parse_args()
20. kern_ver = args.kernel_version
21.  
22. # You can tellThis search is very specific to Linux Local Privelege Escalation
23. SEARCH = "searchsploit linux %s | grep local | grep -i privilege" % kern_ver
24. try:
25. search_results = subprocess.check_output(SEARCH, shell=True)
26. except subprocess.CalledProcessError as grepexc:
27. print("[-] No potential exploit found. Aborting...")
28. exit(1)
29.  
30. base_dir = "/usr/share/exploitdb/platforms/linux/local"
31. dir_location = "%s/linux_%s/" % (os.environ['PWD'], kern_ver)
32.  
33. print("[*]Potential Exploit :")
34.  
35. print(search_results.decode())
36.  
37. search_results = search_results.strip().split(b"\n")
38.  
39. # try to copy to local directory first
40. file_list = [result.split(b"/")[-1] for result in search_results]
41.  
42. print("[*] File destination directory name: %s/linux_%s" %
43. (os.environ["PWD"], kern_ver))
44.  
45. download_ans = input("[*] Do you want to download exploit file to "
46. "directory described above? [y/n]")
47. if download_ans.lower() == "y":
48. new_dir = "mkdir %s" % (dir_location)
49. # Make dir if not exist
50. if not (os.path.isdir(dir_location)):
51. subprocess.call(new_dir, shell=True)
52. for _file in file_list:
53. DOWNLOAD = "cp %s/%s %s" % (base_dir, _file, dir_location)
54. subprocess.call(DOWNLOAD, shell=True)
55. print("[+] All file downloaded in", dir_location)
56. else:
57. print("[-] Exiting...")
58. sys.exit(0)
59.  
60. # Now try to compile them if it is C
61. if 'c' in [file.split(b".")[1].lower() for file in file_list]:
62. print("[*] C script found")
63. print("[*] Compile format: gcc C_SCRIPT -o C_SCRIPT.exe")
64. compile_ans = input(
65. "[*] Do you want to compile the downloaded C script?"
66. "(No Gurantee Success) [y/n]")
67. if compile_ans.lower() == "y":
68. success_exe = 0
69. c_file_count = 0
70. for _file in file_list:
71. file_extension = _file.split(b".")[1]
72. if file_extension == "c":
73. c_file_count += 1
74. # noinspection PyUnboundLocalVariable
75. COMPILE = ("gcc %s%s -o %s%s.exe 2>/dev/null" %
76. (dir_location, _file, dir_location, _file))
77. try:
78. subprocess.check_call(COMPILE, shell=True)
79. success_exe += 1
80. except:
81. continue
82.  
83. print("[+] Among %d C file[s], successfully compiled %d file[s]" %
84. (c_file_count, success_exe))
85. print("[+] Compiled file placed inside %s" % dir_location)
86. else:
87. print("[-] Exiting...")
88. sys.exit(0)
89.  
90. # TODO!!! Make tar ball, too tired now
91. # print("[*] In order to transfer the script conveniently to target box")
92. # tar_answer = input("[*] Do you want to make a tar ball of the file? [y/n]")
93. # if tar_answer.lower() == "y":
94. # TAR = 'tar -cvf %s.tar %s' % (dir_location, dir_location)
95. # subprocess.call(TAR, shell=True)