search

vulsio / go-exploitdb

Tool for searching Exploits from Exploit Databases, etc.
MIT License
249 stars 56 forks source link

feat(fetch): delete --deep option #51

Closed MaineK00n closed 3 years ago

MaineK00n commented 3 years ago

What did you implement:

The --deep option was to look for CVE information in offensive-security/exploitdb. However, it is an implementation that executes a lot of REST APIs, and it took 22m53s for the whole fetch with --deep option. (Without the --deep option, it was 38s, so the deep option was too slow.

Basically, I believe that the information I want can be obtained from the following two CSVs. These information can be inserted without using the deep option.

Refs #7

Fixed a bug that prevented the opening of links shown in the inserted data.

Type of change

How Has This Been Tested?

delete --deep option

// PR
go-exploitdb fetch exploitdb --deep
unknown flag: --deep

fix link

// PR
sqlite> SELECT * FROM documents WHERE exploit_unique_id = 3219;
offensive_security_id|exploit_unique_id|document_url|description|author|type|platform|port
1|3219|https://github.com/offensive-security/exploitdb/blob/master/exploits/osx/local/3219.rb|Apple Mac OSX 10.4.8 (8L2127) - 'crashdump' Local Privilege Escalation|MoAB|local|osx|

$ curl -D - -s -o /dev/null https://github.com/offensive-security/exploitdb/blob/master/exploits/osx/local/3219.rb
HTTP/2 200

// upstream/master
sqlite> SELECT * FROM documents WHERE exploit_unique_id = 3219;
offensive_security_id|exploit_unique_id|document_url|description|author|type|platform|port
2911|3219|https://github.com/offensive-security/exploitdb/exploits/osx/local/3219.rb|Apple Mac OSX 10.4.8 (8L2127) - 'crashdump' Local Privilege Escalation|MoAB|local|osx|

$ curl -D - -s -o /dev/null https://github.com/offensive-security/exploitdb/exploits/osx/local/3219.rb
HTTP/2 404

Checklist:

You don't have to satisfy all of the following.

Is this ready for review?: NO

Reference

kotakanbe commented 3 years ago

LGTM