search

andreafioraldi / cve_searchsploit

Search an exploit in the local exploitdb database by its CVE
MIT License
166 stars 52 forks source link

Doesn't use existing exploitdb database in /opt/exploitdb #8

Closed FalcoGer closed 1 year ago

FalcoGer commented 2 years ago

when running cve_searchsploit it downloads the whole exploitdb database all over again, despite there being a perfectly good copy in /opt/searchsploit

FalcoGer commented 2 years ago

Workaround: Clone repository

git clone --depth=1 --recursive git@github.com:andreafioraldi/cve_searchsploit.git
cd cve_searchsploit

Create python environment with

virtualenv env
source env/bin/activate

install package

python3 setup.py install

don't run it yet, make a soft link to the database in /opt/exploitdb (pulled by searchsploit)

cd env/lib/python3.8/site-packages/cve_searchsploit-1.6-py3.8.egg/cve_searchsploit
ln -s /opt/exploitdb ./exploit-database

then update the mapping

cve_searchsploit -u

if you want a convenient way to call cve_searchsploit you can use this script or something similar to it in $PATH, for example in ~/.local/bin/

#!/bin/bash

# turn list of arguments into string to pass them as they are
ARGS=$(echo "$@")
WD='/path/to/repository/of/cve_searchsploit/'

# activate virtualenv
CMD='source env/bin/activate'
# append command
CMD="$CMD"' && cve_searchsploit '"$ARGS"

# change WD
OLD_PWD=$(pwd)
cd $WD

# execute in own bash instance
# this prevents the virtualenv from persisting in current session
echo running \""$CMD"\" in $(pwd)
echo ---------------start---------------
/bin/bash -c "$CMD"
echo ----------------end----------------

# return to previous directory
cd $OLD_PWD
andreafioraldi commented 2 years ago

I don't get this issue. Maybe /opt/searchsploit is a thing in your system, why should I care about the cloned repos in your system?

FalcoGer commented 2 years ago

because searchsploit automatically clones the repository to /opt/exploitdb if run with the update flag. And because that's 340MB.

andreafioraldi commented 2 years ago

Again, you are assuming thait searchsploit is installed. In addition, i don't think that a script dowloads things in /opt as you need root.

FalcoGer commented 2 years ago

well it asks you for root. and why would you install cve_searchsploit without using searchsploit?

ghost-ng commented 2 years ago

maybe the real "issue" is to check for presence of the db in the default kali location first before it attempts to download another copy?

FalcoGer commented 1 year ago

searchsploit now can search by CVE on it's own. this project is no longer needed.