Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- # Gather Sploits by f8lerror
- import csv
- import argparse
- from shodan import WebAPI
- from xml.dom import minidom
- SHODAN_API_KEY = ""#Your SHODAN API key HERE!!!!!!!!!!!
- api = WebAPI(SHODAN_API_KEY)
- parser = argparse.ArgumentParser(description='Gather Sploits by Port')
- parser.add_argument('-x', '--xml', help='Nmap results in XML format', required=True)
- parser.add_argument('-l','--local', help='Data gathered from /pentest/exploits/exploitdb/files.csv', action='store_true', required=False)
- parser.add_argument('-o','--output', help='Outputs to File gsploits.txt', action='store_true', required=False)
- parser.add_argument('-f','--force', help='Force OS search. ex. windows, linux, osX',required=False)
- parser.add_argument('-a','--all', help='All os search', action='store_true', required=False)
- args = parser.parse_args()
- def outfile(host,op2,args):
- ofile = open('gsploits.txt', 'a')
- ofile.write(host+' | '+op2+'\n')
- def onlinesearch(host, port, osd, args):
- results = api.exploitdb.search('port:'+str(port))
- if osd != "all":
- print '\nResults for: ' + host +':'+ port +' OS='+osd
- for exploit in results['matches']:
- if exploit['platform'] == osd or exploit['platform'] == 'multiple':
- op1 = str(exploit['port']),' | ', exploit['platform'],' | ',exploit['date'],' | ','http://www.exploit-db.com/exploits/'+str(exploit['id']),' | ',exploit['description']
- op1 = ''.join(op1)
- print op1
- if args.output:
- outfile(host, op1, args)
- else:
- print '\nResults for: ' + host +':'+ port +' OS='+osd
- for exploit in results['matches']:
- op1 = str(exploit['port']),' | ', exploit['platform'],' | ',exploit['date'],' | ','http://www.exploit-db.com/exploits/'+str(exploit['id']),' | ',exploit['description']
- op1 = ''.join(op1)
- print op1
- if args.output:
- outfile(host, op1,args)
- def localsearch(host, port, osd, args):
- try:
- myfilepath = file("/pentest/exploits/exploitdb/files.csv", "r")#change this if you need too.
- mycsv = csv.reader(myfilepath)
- except:
- print 'Cannot find CSV file try an online search using the -o or -h for help'
- exit(0)
- if osd != "all":
- print '\nResults for: ' + host +':'+ port +' OS='+osd
- print 'found os'
- for row in mycsv:
- if row[7] == port:
- if row[5] == osd:
- op1 = row[7],' | ',row[5],' | ',row[3],' | ', row[1],' | ', row[2]
- op1 = ''.join(op1)
- print op1
- if args.output:
- outfile(host, op1, args)
- else:
- print '\nDisplaying results for: ' + host +':'+ port +' OS='+osd
- print
- for row in mycsv:
- if row[7] == port:
- op1 = row[7],' | ',row[5],' | ',row[3],' | ', row[1],' | ', row[2]
- op1 = ''.join(op1)
- print op1
- if args.output:
- outfile(host, op1,args)
- def parsit():
- xmldoc = minidom.parse(args.xml)
- blah = xmldoc.getElementsByTagName('host')
- for dhost in blah:
- host = dhost.getElementsByTagName('address')[0].getAttributeNode('addr').value
- osd = None
- try:
- for osid in dhost.getElementsByTagName('osclass'):
- osd = osid.attributes['osfamily'].value
- osd = osd.lower()
- if args.all:
- osd = "all"
- elif args.force:
- osd = args.force
- except:
- osd = "all"
- if args.force:
- osd = args.force
- else:
- osd = "all"
- for dportid in dhost.getElementsByTagName('port'):
- port = dportid.getAttributeNode('portid').value
- if osd == None:
- osd = "all"
- if args.force:
- osd = args.force
- if args.local:
- localsearch(host, port, osd, args)
- else:
- onlinesearch(host, port, osd, args)
- else:
- if args.force:
- osd = args.force
- if args.local:
- localsearch(host, port, osd, args)
- else:
- onlinesearch(host, port, osd, args)
- parsit()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement