cve_searchsploit icon indicating copy to clipboard operation
cve_searchsploit copied to clipboard

Published 20 hours ago verified publisher icon andreafioraldi

Doesn't use existing exploitdb database in /opt/exploitdb

Open FalcoGer opened this issue 3 years ago • 6 comments

when running cve_searchsploit it downloads the whole exploitdb database all over again, despite there being a perfectly good copy in /opt/searchsploit

FalcoGer avatar Dec 29 '21 12:12 FalcoGer

Workaround: Clone repository

git clone --depth=1 --recursive [email protected]:andreafioraldi/cve_searchsploit.git
cd cve_searchsploit

Create python environment with

virtualenv env
source env/bin/activate

install package

python3 setup.py install

don't run it yet, make a soft link to the database in /opt/exploitdb (pulled by searchsploit)

cd env/lib/python3.8/site-packages/cve_searchsploit-1.6-py3.8.egg/cve_searchsploit
ln -s /opt/exploitdb ./exploit-database

then update the mapping

cve_searchsploit -u

if you want a convenient way to call cve_searchsploit you can use this script or something similar to it in $PATH, for example in ~/.local/bin/

#!/bin/bash

# turn list of arguments into string to pass them as they are
ARGS=$(echo "$@")
WD='/path/to/repository/of/cve_searchsploit/'

# activate virtualenv
CMD='source env/bin/activate'
# append command
CMD="$CMD"' && cve_searchsploit '"$ARGS"

# change WD
OLD_PWD=$(pwd)
cd $WD

# execute in own bash instance
# this prevents the virtualenv from persisting in current session
echo running \""$CMD"\" in $(pwd)
echo ---------------start---------------
/bin/bash -c "$CMD"
echo ----------------end----------------

# return to previous directory
cd $OLD_PWD

FalcoGer avatar Dec 29 '21 13:12 FalcoGer

I don't get this issue. Maybe /opt/searchsploit is a thing in your system, why should I care about the cloned repos in your system?

andreafioraldi avatar Dec 29 '21 15:12 andreafioraldi

because searchsploit automatically clones the repository to /opt/exploitdb if run with the update flag. And because that's 340MB.

FalcoGer avatar Dec 29 '21 16:12 FalcoGer

Again, you are assuming thait searchsploit is installed. In addition, i don't think that a script dowloads things in /opt as you need root.

andreafioraldi avatar Dec 29 '21 16:12 andreafioraldi

well it asks you for root. and why would you install cve_searchsploit without using searchsploit?

FalcoGer avatar Dec 30 '21 14:12 FalcoGer

maybe the real "issue" is to check for presence of the db in the default kali location first before it attempts to download another copy?

ghost-ng avatar Dec 30 '21 14:12 ghost-ng

searchsploit now can search by CVE on it's own. this project is no longer needed.

FalcoGer avatar Nov 16 '22 17:11 FalcoGer