.__ .__ .__ __
| |__ ____________ | | ____ |__|/ |_ __
| | \ / ___/\____ \| | / _ \| \ __\ (\,--------'()'--o
| Y \___ \ | |_> > |_( <_> ) || | (_ ___ /~"
|___| /____ >| __/|____/\____/|__||__| (_)_) (_)_)
\/ \/ |__|
Author: Nicolas Carolo nicolascarolo.dev@gmail.com
Copyright: © 2020, Nicolas Carolo.
Date: 2020-05-16
Version: 2.1.0
hsploit is an advanced command-line search engine for Exploit-DB developed in Python, born with the aim of showing the user the most accurate search results.
- Effective version number filtering
- Advanced filtering
- Fast search
- View search results in a table with keywords highlighting
- View search results in a table without keywords highlighting
- View search results without a table
- Save search results into a text file
- Search suggestions with customization
- Open the source code of exploits and shellcodes using vim
- View information about the characteristics of exploits and shellcodes
- Copy an exploit or a shellcode file into a directory specified by the user
- Automatic check for database update and for hsploit updates
nicolas@carolo:~$ hsploit -s "wordpress core 2.1.0"
11 exploits and 0 shellcodes found.
EXPLOITS:
+-------+--------------------------------------------------------------------------------------------+
| ID | DESCRIPTION |
+=======+============================================================================================+
| 35414 | WORDPRESS CORE < 4.0.1 - Denial of Service |
+-------+--------------------------------------------------------------------------------------------+
| 47800 | WORDPRESS CORE < 5.3.x - 'xmlrpc.php' Denial of Service |
+-------+--------------------------------------------------------------------------------------------+
| 6 | WORDPRESS CORE 2.1.0 - 'cache' Remote Shell Injection |
+-------+--------------------------------------------------------------------------------------------+
| 4397 | WORDPRESS CORE 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities |
+-------+--------------------------------------------------------------------------------------------+
| 10088 | WORDPRESS CORE 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass |
+-------+--------------------------------------------------------------------------------------------+
| 10089 | WORDPRESS CORE < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution |
+-------+--------------------------------------------------------------------------------------------+
| 29754 | WORDPRESS CORE < 2.1.2 - 'PHP_Self' Cross-Site Scripting |
+-------+--------------------------------------------------------------------------------------------+
| 41497 | WORDPRESS CORE < 4.7.1 - Username Enumeration |
+-------+--------------------------------------------------------------------------------------------+
| 41963 | WORDPRESS CORE < 4.7.4 - Unauthorized Password Reset |
+-------+--------------------------------------------------------------------------------------------+
| 44949 | WORDPRESS CORE < 4.9.6 - (Authenticated) Arbitrary File Deletion |
+-------+--------------------------------------------------------------------------------------------+
| 47690 | WORDPRESS CORE < 5.2.3 - Viewing Unauthenticated/Password/Private Posts |
+-------+--------------------------------------------------------------------------------------------+
nicolas@carolo:~$ hsploit -s "linux kernel 4.4.1"
14 exploits and 0 shellcodes found.
EXPLOITS:
+-------+--------------------------------------------------------------------------------------------------+
| ID | DESCRIPTION |
+=======+==================================================================================================+
| 42136 | LINUX KERNEL < 4.10.13 - 'keyctl_set_reqkey_keyring' Local Denial of Service |
+-------+--------------------------------------------------------------------------------------------------+
| 42762 | LINUX KERNEL < 4.13.1 - BlueTooth Buffer Overflow (PoC) |
+-------+--------------------------------------------------------------------------------------------------+
| 42932 | LINUX KERNEL < 4.14.rc3 - Local Denial of Service |
+-------+--------------------------------------------------------------------------------------------------+
| 44301 | LINUX KERNEL < 4.5.1 - Off-By-One (PoC) |
+-------+--------------------------------------------------------------------------------------------------+
| 44579 | LINUX KERNEL < 4.17-rc1 - 'AF_LLC' Double Free |
+-------+--------------------------------------------------------------------------------------------------+
| 44832 | LINUX KERNEL < 4.16.11 - 'ext4_read_inline_data()' Memory Corruption |
+-------+--------------------------------------------------------------------------------------------------+
| 39277 | LINUX KERNEL 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (1) |
+-------+--------------------------------------------------------------------------------------------------+
| 40003 | LINUX KERNEL 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (2) |
+-------+--------------------------------------------------------------------------------------------------+
| 39772 | LINUX KERNEL 4.4.x (Ubuntu 16.04) - 'double-fdput()' bpf(BPF_PROG_LOAD) Privilege Escalation |
+-------+--------------------------------------------------------------------------------------------------+
| 41995 | LINUX KERNEL 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' / 'SO_RCVBUFFORCE' Local Privilege Escalation |
+-------+--------------------------------------------------------------------------------------------------+
| 43345 | LINUX KERNEL < 4.10.15 - Race Condition Privilege Escalation |
+-------+--------------------------------------------------------------------------------------------------+
| 44325 | LINUX KERNEL < 4.15.4 - 'show_floppy' KASLR Address Leak |
+-------+--------------------------------------------------------------------------------------------------+
| 45010 | LINUX KERNEL < 4.13.9 (Ubuntu 16.04 / Fedora 27) - Local Privilege Escalation |
+-------+--------------------------------------------------------------------------------------------------+
| 45553 | LINUX KERNEL < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation |
+-------+--------------------------------------------------------------------------------------------------+
Using the advanced search (-sad option) you can use the following filters for filtering search
results:
- Search operator:
ANDorOR - Author
- Type
- Platform
- Port
- Date interval
You can choose to show a particular suggestion for a given searched string. For each case you can also decide to use automatic replacement or not. It is possible to add new suggestions and delete the existing suggestions.
- Linux
- macOS
- Python 3
- SQLite 3
- vim
- git
We can install hsploit simply by doing:
$ git clone https://github.com/nicolas-carolo/hsploit
$ cd hsploit
$ ./install_db_linux.sh
$ pip install -r requirements.txt
$ python setup.py installNow you can remove the repository of hsploit you have downloaded, because this repository has been cloned in ~/.HoundSploit/hsploit for supporting automatic updates.
If you have already installed the version 2.3.0 of HoundSploit or you never installed HoundSploit, you can check if there is the directory ~/HoundSploit and then you can delete it.
We can install hsploit simply by doing:
$ git clone https://github.com/nicolas-carolo/hsploit
$ cd hsploit
$ mkdir /root/.HoundSploit
$ touch /root/.HoundSploit/enable_root.cfg
$ ./install_db_linux.sh
$ pip install -r requirements.txt
$ python setup.py installNow you can remove the repository of hsploit you have downloaded, because this repository has been cloned in ~/.HoundSploit/hsploit for supporting automatic updates.
If you have already installed the version 2.3.0 of HoundSploit or you never installed HoundSploit, you can check if there is the directory ~/HoundSploit and then you can delete it.
We can install hsploit simply by doing:
$ git clone https://github.com/nicolas-carolo/hsploit
$ cd hsploit
$ ./install_db_darwin.sh
$ pip install -r requirements.txt
$ python setup.py installNow you can remove the repository of hsploit you have downloaded, because this repository has been cloned in ~/.HoundSploit/hsploit for supporting automatic updates.
If you have already installed the version 2.3.0 of HoundSploit or you never installed HoundSploit, you can check if there is the directory ~/HoundSploit and then you can delete it.
If you encounter problems during the installation phase, please run:
$ rm -fr ~/.HoundSploitand then repeat the installation phase.
- Perform a search:
$ hsploit -s "[search text]" - Perform a search without keywords highlighting:
$ hsploit -s --nokeywords "[search text]" - Perform a search showing results without a table:
$ hsploit -s --notable "[search text]" - Perform a search saving the output into a file:
$ hsploit -s --file [filename] "[search text]"
- Perform an advanced search:
$ hsploit -sad "[search text]" - Perform an advanced search without keywords highlighting:
$ hsploit -sad --nokeywords "[search text]" - Perform an advanced search showing results without a table:
$ hsploit -sad --notable "[search text]" - Perform an advanced search saving the output into a file:
$ hsploit -sad --file [filename] "[search text]"
- Show info about the exploit:
$ hsploit -ie [exploit's id] - Show info about the shellcode:
$ hsploit -is [shellcode's id] - Open the exploit's source code with vim:
$ hsploit -oe [exploit's id] - Open the shellcode's source code with vim:
$ hsploit -os [shellcode's id]
- Copy the exploit's file into a chosen file or directory:
$ hsploit -cpe [exploit's id] [file or directory] - Copy the shellcode's file into a chosen file or directory:
$ hsploit -cps [shellcode's id] [file or directory]
- List suggestions:
$ hsploit -ls
- Add or edit a suggestion:
$ hsploit -as "[keyword(s)]" - Remove a suggestion:
$ hsploit -rs "[keyword(s)]"
- Show software information:
$ hsploit -v
- Check for software and database updates:
$ hsploit -u
- Show help:
$ hsploit -h
For a better view of the search results when the description of the exploits is too long to be displayed on a single line, it is recommended to use the less-RS command as in the following example:
$ hsploit -s "windows" | less -SRThis feature is not supported using the -sad option.
Copyright © 2020, Nicolas Carolo. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
-
Redistributions of source code must retain the above copyright notice, this list of conditions, and the following disclaimer.
-
Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution.
-
Neither the name of the author of this software nor the names of contributors to this software may be used to endorse or promote products derived from this software without specific prior written consent.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.