pyExploitDb 0.2.41__tar.gz → 0.2.53__tar.gz

{pyExploitDb-0.2.41 → pyExploitDb-0.2.53}/PKG-INFO

@@ -1,10 +1,10 @@
 Metadata-Version: 2.1
 Name: pyExploitDb
-Version: 0.2.41
-Summary: An optimized Python3 library to fetch the most recent exploit-database, create searchable indexes for CVE->EDBID and EDBID -> CVE, and provide methods to perform searches.
-Home-page: https://github.com/GoVanguard/pyExploitDb
+Version: 0.2.53
+Summary: An optimized Python3 library to fetch the most recent exploit-database,
+Home-page: https://github.com/Hackman238/pyExploitDb
 Author: Shane William Scott
-Author-email: sscott@gotham-security.com
+Author-email: gs@shanewilliamscott.com
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Intended Audience :: Developers
 Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
@@ -18,12 +18,17 @@ Classifier: Operating System :: OS Independent
 Description-Content-Type: text/markdown
 License-File: LICENSE
 
-pyExploitDb (https://gotham-security.com)
-==
+## NOTICE
+
+This is the new home of "pyExploidDb".
 
-[![Build Status](https://travis-ci.com/GoVanguard/pyExploitDb.svg?branch=master)](https://travis-ci.com/GoVanguard/pyExploitDb)
-[![Known Vulnerabilities](https://snyk.io/test/github/GoVanguard/pyExploitDb/badge.svg?targetFile=requirements.txt)](https://snyk.io/test/github/GoVanguard/pyExploitDb?targetFile=requirements.txt)
-[![Maintainability](https://api.codeclimate.com/v1/badges/c718eabcdd4b815698db/maintainability)](https://codeclimate.com/github/GoVanguard/pyExploitDb/maintainability)
+##
+
+pyExploitDb (https://shanewilliamscott.com)
+==
+[![Python package](https://github.com/Hackman238/pyExploitDb/actions/workflows/master.yml/badge.svg)](https://github.com/Hackman238/pyExploitDb/actions/workflows/master.yml)
+[![Known Vulnerabilities](https://snyk.io/test/github/Hackman238/pyExploitDb/badge.svg?targetFile=requirements.txt)](https://snyk.io/test/github/Hackman238/pyExploitDb?targetFile=requirements.txt)
+[![Maintainability](https://api.codeclimate.com/v1/badges/a11151ec3314f93a777f/maintainability)](https://codeclimate.com/github/Hackman238/pyExploitDb/maintainability)
 
 
 ## Authors:
@@ -62,4 +67,5 @@ Port: 80
 {'edbid': '45447', 'exploit': './exploit-database/exploits/php/webapps/45447.txt', 'date': '2018-09-24', 'author': 'Haboob Team', 'platform': 'webapps', 'type': 'php', 'port': '80'}
 
 ## Credits
+Based on fork from https://github.com/GoVanguard/pyExploitDb by Shane Scott.
 Originally based on fork of cve_searchsploit by Andrea Fioraldi.

{pyExploitDb-0.2.41 → pyExploitDb-0.2.53}/README.md

@@ -1,9 +1,14 @@
-pyExploitDb (https://gotham-security.com)
-==
+## NOTICE
+
+This is the new home of "pyExploidDb".
 
-[![Build Status](https://travis-ci.com/GoVanguard/pyExploitDb.svg?branch=master)](https://travis-ci.com/GoVanguard/pyExploitDb)
-[![Known Vulnerabilities](https://snyk.io/test/github/GoVanguard/pyExploitDb/badge.svg?targetFile=requirements.txt)](https://snyk.io/test/github/GoVanguard/pyExploitDb?targetFile=requirements.txt)
-[![Maintainability](https://api.codeclimate.com/v1/badges/c718eabcdd4b815698db/maintainability)](https://codeclimate.com/github/GoVanguard/pyExploitDb/maintainability)
+##
+
+pyExploitDb (https://shanewilliamscott.com)
+==
+[![Python package](https://github.com/Hackman238/pyExploitDb/actions/workflows/master.yml/badge.svg)](https://github.com/Hackman238/pyExploitDb/actions/workflows/master.yml)
+[![Known Vulnerabilities](https://snyk.io/test/github/Hackman238/pyExploitDb/badge.svg?targetFile=requirements.txt)](https://snyk.io/test/github/Hackman238/pyExploitDb?targetFile=requirements.txt)
+[![Maintainability](https://api.codeclimate.com/v1/badges/a11151ec3314f93a777f/maintainability)](https://codeclimate.com/github/Hackman238/pyExploitDb/maintainability)
 
 
 ## Authors:
@@ -42,4 +47,5 @@ Port: 80
 {'edbid': '45447', 'exploit': './exploit-database/exploits/php/webapps/45447.txt', 'date': '2018-09-24', 'author': 'Haboob Team', 'platform': 'webapps', 'type': 'php', 'port': '80'}
 
 ## Credits
+Based on fork from https://github.com/GoVanguard/pyExploitDb by Shane Scott.
 Originally based on fork of cve_searchsploit by Andrea Fioraldi.

pyExploitDb-0.2.53/pyExploitDb/__init__.py

@@ -0,0 +1,153 @@
+import os
+import json
+import csv
+import requests
+import time
+import git
+import re
+
+class PyExploitDb:
+    EXPLOIT_DB_REPO = "https://gitlab.com/exploit-database/exploitdb.git"
+    USER_AGENT = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) Chrome/39.0 Safari/537.36'}
+    
+    def __init__(self):
+        self.cveToExploitMap = {}
+        self.currentPath = os.path.dirname(os.path.abspath(__file__))
+        self.edbidToCveFile = os.path.join(self.currentPath, "edbidToCve.json")
+        self.cveToEdbidFile = os.path.join(self.currentPath, "cveToEdbid.json")
+        self.exploitDbPath = os.path.join(self.currentPath, "exploit-database")
+        self.requestCoolOffTime = 1
+        self.debug = False
+
+    def logDebug(self, message):
+        if self.debug:
+            print(message)
+
+    def cloneOrUpdateRepo(self):
+        if not os.path.isdir(self.exploitDbPath):
+            self.logDebug("Cloning exploit-database repository")
+            git.Repo.clone_from(self.EXPLOIT_DB_REPO, self.exploitDbPath)
+        else:
+            self.pullLatestUpdates()
+
+    def pullLatestUpdates(self):
+        try:
+            self.logDebug("Pulling exploit-database updates...")
+            git.Git(self.exploitDbPath).pull('origin', 'main')
+        except git.exc.GitCommandError:
+            self.logDebug("Repo broken, re-cloning...")
+            self.deleteAndRecloneRepo()
+
+    def deleteAndRecloneRepo(self):
+        os.rmdir(self.exploitDbPath)
+        git.Repo.clone_from(self.EXPLOIT_DB_REPO, self.exploitDbPath)
+
+    def openFile(self, exploitMap="cveToEdbid.json", encoding="utf-8"):
+        self.cloneOrUpdateRepo()
+        with open(os.path.join(self.currentPath, exploitMap), encoding=encoding) as fileData:
+            self.cveToExploitMap = json.load(fileData)
+            self.logDebug(self.cveToExploitMap)
+
+    def getCveDetails(self, cveSearch):
+        with open(os.path.join(self.exploitDbPath, "files_exploits.csv"), encoding="utf-8") as file:
+            reader = csv.reader(file)
+            next(reader)
+            for row in reader:
+                if row[0] in self.cveToExploitMap.get(cveSearch, []):
+                    return self.extractCveDetails(row)
+        self.logDebug("ERROR - No EDB Id found")
+        return {}
+
+    def extractCveDetails(self, row):
+        details = {
+            'id': row[0],
+            'file': row[1],
+            'description': row[2],
+            'date': row[3],
+            'author': row[4],
+            'type': row[5],
+            'platform': row[6],
+            'port': row[7],
+            'date_updated': row[9],
+            'verified': row[10],
+            'codes': row[11],
+            'tags': row[12],
+            'aliases': row[13],
+            'app_url': row[14],
+            'src_url': row[15],
+        }
+        self.logDebug(f"CVE Details: {details}")
+        return details
+
+    def searchCve(self, cveSearch):
+        if not cveSearch:
+            return []
+        cveSearch = cveSearch.upper()
+        self.logDebug(f"Searching for CVE: {cveSearch}")
+        if cveSearch in self.cveToExploitMap:
+            return self.getCveDetails(cveSearch)
+        return []
+
+    def updateDb(self):
+        data = self.loadExistingData(self.edbidToCveFile)
+        exploits = self.loadExploitCsv()
+        
+        for i, row in enumerate(exploits):
+            edb_id = row[0]
+            if edb_id not in data:
+                data[edb_id] = self.fetchCvesForExploit(edb_id)
+
+        self.writeJson(self.edbidToCveFile, data)
+        self.createCveToExploitMap(data)
+        self.writeJson(self.cveToEdbidFile, self.cveToExploitMap)
+
+    def loadExistingData(self, file_path):
+        if os.path.exists(file_path):
+            with open(file_path, encoding="utf-8") as fileData:
+                try:
+                    return json.load(fileData)
+                except json.JSONDecodeError:
+                    self.logDebug(f"Corrupt file detected at {file_path}, recreating...")
+        return {}
+
+    def loadExploitCsv(self):
+        with open(os.path.join(self.exploitDbPath, "files_exploits.csv"), encoding="utf-8") as file:
+            reader = csv.reader(file)
+            next(reader)
+            return list(reader)
+
+    def fetchCvesForExploit(self, edb_id):
+        requestUri = f"https://www.exploit-db.com/exploits/{edb_id}"
+        self.logDebug(f"Requesting {requestUri}")
+        while True:
+            try:
+                response = requests.get(requestUri, headers=self.USER_AGENT, timeout=10)
+                return self.parseCvesFromContent(response.content)
+            except requests.RequestException as e:
+                self.logDebug(f"Request error: {e}, retrying after cool-off")
+                time.sleep(self.requestCoolOffTime)
+
+    def parseCvesFromContent(self, content):
+        indexes = [m.start() for m in re.finditer('https://nvd.nist.gov/vuln/detail/CVE-', content)]
+        return {content[pos + 33: pos + 47].decode("ISO-8859-1").strip() for pos in indexes}
+
+    def writeJson(self, file_path, data):
+        with open(file_path, "w", encoding="utf-8") as fileData:
+            json.dump(data, fileData, indent=2)
+
+    def createCveToExploitMap(self, data):
+        for edb_id, cves in data.items():
+            for cve in cves:
+                if cve not in self.cveToExploitMap:
+                    self.cveToExploitMap[cve] = []
+                self.cveToExploitMap[cve].append(edb_id)
+
+def test():
+    pEdb = PyExploitDb()
+    pEdb.debug = False
+    pEdb.openFile()
+    results = pEdb.searchCve("CVE-2018-14592")
+    print('PASS' if results else 'FAIL')
+
+if __name__ == "__main__":
+    test()

{pyExploitDb-0.2.41 → pyExploitDb-0.2.53}/pyExploitDb.egg-info/PKG-INFO

@@ -1,10 +1,10 @@
 Metadata-Version: 2.1
 Name: pyExploitDb
-Version: 0.2.41
-Summary: An optimized Python3 library to fetch the most recent exploit-database, create searchable indexes for CVE->EDBID and EDBID -> CVE, and provide methods to perform searches.
-Home-page: https://github.com/GoVanguard/pyExploitDb
+Version: 0.2.53
+Summary: An optimized Python3 library to fetch the most recent exploit-database,
+Home-page: https://github.com/Hackman238/pyExploitDb
 Author: Shane William Scott
-Author-email: sscott@gotham-security.com
+Author-email: gs@shanewilliamscott.com
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Intended Audience :: Developers
 Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
@@ -18,12 +18,17 @@ Classifier: Operating System :: OS Independent
 Description-Content-Type: text/markdown
 License-File: LICENSE
 
-pyExploitDb (https://gotham-security.com)
-==
+## NOTICE
+
+This is the new home of "pyExploidDb".
 
-[![Build Status](https://travis-ci.com/GoVanguard/pyExploitDb.svg?branch=master)](https://travis-ci.com/GoVanguard/pyExploitDb)
-[![Known Vulnerabilities](https://snyk.io/test/github/GoVanguard/pyExploitDb/badge.svg?targetFile=requirements.txt)](https://snyk.io/test/github/GoVanguard/pyExploitDb?targetFile=requirements.txt)
-[![Maintainability](https://api.codeclimate.com/v1/badges/c718eabcdd4b815698db/maintainability)](https://codeclimate.com/github/GoVanguard/pyExploitDb/maintainability)
+##
+
+pyExploitDb (https://shanewilliamscott.com)
+==
+[![Python package](https://github.com/Hackman238/pyExploitDb/actions/workflows/master.yml/badge.svg)](https://github.com/Hackman238/pyExploitDb/actions/workflows/master.yml)
+[![Known Vulnerabilities](https://snyk.io/test/github/Hackman238/pyExploitDb/badge.svg?targetFile=requirements.txt)](https://snyk.io/test/github/Hackman238/pyExploitDb?targetFile=requirements.txt)
+[![Maintainability](https://api.codeclimate.com/v1/badges/a11151ec3314f93a777f/maintainability)](https://codeclimate.com/github/Hackman238/pyExploitDb/maintainability)
 
 
 ## Authors:
@@ -62,4 +67,5 @@ Port: 80
 {'edbid': '45447', 'exploit': './exploit-database/exploits/php/webapps/45447.txt', 'date': '2018-09-24', 'author': 'Haboob Team', 'platform': 'webapps', 'type': 'php', 'port': '80'}
 
 ## Credits
+Based on fork from https://github.com/GoVanguard/pyExploitDb by Shane Scott.
 Originally based on fork of cve_searchsploit by Andrea Fioraldi.

{pyExploitDb-0.2.41 → pyExploitDb-0.2.53}/setup.py

@@ -5,13 +5,15 @@ with open("README.md", "r") as fh:
 
 setuptools.setup(
     name="pyExploitDb",
-    version="0.2.41",
+    version="0.2.53",
     author="Shane William Scott",
-    author_email="sscott@gotham-security.com",
-    description="An optimized Python3 library to fetch the most recent exploit-database, create searchable indexes for CVE->EDBID and EDBID -> CVE, and provide methods to perform searches.",
+    author_email="gs@shanewilliamscott.com",
+    description="""An optimized Python3 library to fetch the most recent exploit-database,
+                   create searchable indexes for CVE->EDBID and EDBID -> CVE, and provide
+                   methods to perform searches.""",
     long_description=long_description,
     long_description_content_type="text/markdown",
-    url="https://github.com/GoVanguard/pyExploitDb",
+    url="https://github.com/Hackman238/pyExploitDb",
     packages=['pyExploitDb'],
     package_data={'pyExploitDb': ['cveToEdbid.json', 'edbidToCve.json', 'pyExploitDb/*.json']},
     install_requires=['GitPython', 'requests'],

pyExploitDb-0.2.41/pyExploitDb/__init__.py

@@ -1,201 +0,0 @@
-import os
-import json
-import csv
-import requests
-import time
-import sys
-import git
-
-class PyExploitDb:
-    def __init__(self):
-        self.cveToExploitMap = {}
-        self.currentPath = os.path.dirname(os.path.abspath(__file__))
-        self.edbidToCveFile = self.currentPath + "/edbidToCve.json"
-        self.cveToEdbidFile = self.currentPath + "/cveToEdbid.json"
-        self.exploitDbPath = self.currentPath + "/exploit-database"
-        self.requestCoolOffTime = 1
-        self.debug = False
-        self.autoUpdate = True
-        pass
-
-
-    def openFile(self, exploitMap = "cveToEdbid.json", encoding="utf-8"):
-        if not os.path.isdir(self.exploitDbPath):
-            print("Cloning exploit-database repository")
-            git.Repo.clone_from("https://gitlab.com/exploit-database/exploitdb.git", self.exploitDbPath)
-            print("Updating db...")
-            self.updateDb()
-        else:
-            if self.autoUpdate == True:
-                try:
-                    print("Pulling exploit-database updates...")
-                    git.Git(self.exploitDbPath).pull('origin', 'main')
-                except git.exc.GitCommandError as e:
-                    print("Broken or obsoleted exploit-database clone found. Deleting and re-cloning...")
-                    print("Deleting " + self.currentPath + "/exploit-database/...")
-                    os.system("rm -Rf " + self.currentPath + "/exploit-database/")
-                    print("Cloning exploit-database repository")
-                    git.Repo.clone_from("https://gitlab.com/exploit-database/exploitdb.git", self.exploitDbPath)
-                print("Updating db...")
-                self.updateDb()
-            print("Loading database...")
-            with open(self.currentPath + "/" + exploitMap, encoding="utf-8") as fileData:
-                cveToExploitMap = json.load(fileData)
-                self.cveToExploitMap = cveToExploitMap
-                if self.debug == True:
-                    print(self.cveToExploitMap)
-
-
-    def getCveDetails(self, cveSearch):
-        files = open(self.currentPath + "/exploit-database/files_exploits.csv", encoding="utf-8")
-        reader = csv.reader(files)
-        next(reader)
-        result = {}
-        found = False
-        for row in reader:
-            id, file, description, date, author, type, platform, port, _, date_updated, verified, codes, tags, aliases, _, app_url, src_url = tuple(row)
-            if id in self.cveToExploitMap[cveSearch]:
-                found = True
-                result['id'] = id
-                result['file'] = file
-                result['description'] = description
-                result['date'] = date
-                result['author'] = author
-                result['type'] = type
-                result['platform'] = platform
-                result['port'] = port
-                result['date_updated'] = date_updated
-                result['verified'] = verified
-                result['codes'] = codes
-                result['tags'] = tags
-                result['aliases'] = aliases
-                result['app_url'] = app_url
-                result['src_url'] = src_url
-
-                if self.debug == True:
-                    print("Exploit DB Id: {0}".format(id))
-                    print("File: {0}".format(self.exploitDbPath + "/" + file))
-                    print("Date: {0}".format(date))
-                    print("Author: {0}".format(author))
-                    print("Platform: {0}".format(platform))
-                    print("Type: {0}".format(type))
-                    print("Description: {0}".format(description))
-                    print("App URL: {0}".format(app_url))
-                    print("Source URL: {0}".format(src_url))
-                    
-                if port != "0":
-                    result['port'] = port
-                    if self.debug == True:
-                        print("Port: {0}".format(port))
-        if not found:
-            if self.debug == True:
-                print("ERROR - No EDB Id found")
-        files.close()
-        return result
-
-
-    def searchCve(self, cveSearch):
-        if not cveSearch:
-            return []
-        cveSearch = cveSearch.upper()
-        print(cveSearch)
-        if cveSearch in self.cveToExploitMap:
-            if self.debug == True:
-                print("Found")
-            cveData = self.getCveDetails(cveSearch)
-            if cveData:
-                return cveData
-            else:
-                return cveSearch
-        return []
-
-
-    def updateDb(self):
-        data = {}
-        if not os.path.exists(self.edbidToCveFile):
-            os.system("touch {0}".format(self.edbidToCveFile))
-            data = {}
-        else:
-            with open(self.edbidToCveFile, encoding="utf-8") as fileData:
-                try:
-                    data = json.load(fileData)
-                except:
-                    print("Possibly corrupt or empty: {0}".format(self.edbidToCveFile))
-                    os.system("rm -f {0}".format(self.edbidToCveFile))
-                    os.system("touch {0}".format(self.edbidToCveFile))
-                    data = {}
-        files = open(self.exploitDbPath + "/files_exploits.csv", encoding="utf-8")
-        reader = csv.reader(files)
-        next(reader)
-        reader = list(reader)
-        edbCount = len(reader)
-        headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
-        def locations_of_substring(string, substring):
-           import re
-           results = [m.start() for m in re.finditer(substring, string)]
-           return results
-        print("Refreshing EDBID-CVE mapping. This may take a long time.")
-        for i in range(edbCount):
-            percentDone = (i / edbCount) * 100
-            if self.debug == True:
-                print("Processing...{0}%".format(str(percentDone)))
-            edb = tuple(reader[i])[0]
-            if edb in data:
-                if self.debug == True:
-                    print("Skipping {0}".format(str(edb)))
-                pass
-            else:
-                content = ""
-                while True:
-                    try:
-                        requestUri = "https://www.exploit-db.com/exploits/{0}".format(str(edb))
-                        if self.debug == True:
-                            print("Requesting {0}".format(requestUri))
-                        r = requests.get(requestUri, headers = headers, timeout=10)
-                        content = r.content.decode("ISO-8859-1")
-                    except Exception as e:
-                        if self.debug == True:
-                            print("Error {0}".format(e))
-                        time.sleep(self.requestCoolOffTime)
-                        continue
-                    finally:
-                        break
-                indexes = locations_of_substring(content, 'https://nvd.nist.gov/vuln/detail/CVE-')
-                used = []
-                for pos in indexes:
-                      cve = r.content[pos + 33: pos + 33 + 14]
-                      if type(cve) == type(bytes()):
-                          cve = cve.decode("ISO-8859-1")
-                      cve = cve.replace('\"', '')
-                      cve = cve.replace('\r', '')
-                      cve = cve.replace('\n', '')
-                      if cve in used:
-                          continue
-                      used.append(cve)
-                data[edb] = used
-        with open(self.edbidToCveFile, "w", encoding="utf-8") as fileData:
-            json.dump(data, fileData, indent = 2)
-        self.cveToExploitMap = {}
-        for k, v in data.items():
-            for e in v:
-                self.cveToExploitMap[e] = self.cveToExploitMap.get(e, [])
-                self.cveToExploitMap[e].append(k)
-        with open(self.cveToEdbidFile, "w", encoding="utf-8") as fileData:
-            json.dump(self.cveToExploitMap, fileData, indent = 2)
-
-
-def test():
-    pEdb = PyExploitDb()
-    pEdb.debug = False
-    pEdb.openFile()
-    results = pEdb.searchCve("CVE-2018-14592")
-    if results:
-        print(results)
-        print('PASS')
-    else:
-        print('FAIL')
-        sys.exit(1)
-
-
-if __name__ == "__main__":
-    test()