Hi Guys, faced 2 issues when using this.
- Unable to clone and update the database
- ValueError: too many values to unpack (expected 8) faced for this line of code
edb, fileName, description, date, author, platform, exploitType, port = tuple(row)
This is due to breaking changes on exploitdb end, where they shifted their github repo to gitlab and also renamed their files_exploits.csv
headers
Shifting from github to gitlab
![image](https://user-images.githubusercontent.com/88809233/203831068-a84386cf-6f80-4ac1-bf79-0679f136d106.png)
renaming of files_exploits.csv header
New Header
![image](https://user-images.githubusercontent.com/88809233/203832384-f1e13fb5-1b48-4a0a-990e-2043901dc9f7.png)
Old Header
![image](https://user-images.githubusercontent.com/88809233/203832452-a24f3e31-b51a-4964-b699-fffbd98ab359.png)
I have came up with some temporary fix (below) so that this package can still be used, but a more permanent fix will require breaking changes in the codebase.
Temp Fix Method 1
The easiest method would be to download a working commit and save the files in pyExploitDB/exploit-database
folder.
In this way, you would not face problem 2.
Temp Fix Method 2
In the __init__.py
file, I have commented out the git clone and update function.
original code
def openFile(self, exploitMap = "cveToEdbid.json", encoding="utf-8"):
if not os.path.isdir(self.exploitDbPath):
print("Cloning exploit-database repository")
git.Repo.clone_from("https://github.com/offensive-security/exploit-database.git", self.exploitDbPath)
print("Updating db...")
self.updateDb()
else:
if self.autoUpdate == True:
print("Pulling exploit-database updates...")
git.Git(self.exploitDbPath).pull('origin', 'master')
print("Updating db...")
self.updateDb()
print("Loading database...")
with open(self.currentPath + "/" + exploitMap, encoding="utf-8") as fileData:
cveToExploitMap = json.load(fileData)
self.cveToExploitMap = cveToExploitMap
if self.debug == True:
print(self.cveToExploitMap)
temp fix code
def openFile(self, exploitMap = "cveToEdbid.json", encoding="utf-8"):
if not os.path.isdir(self.exploitDbPath):
print("Cloning exploit-database repository")
git.Repo.clone_from("https://gitlab.com/exploit-database/exploitdb.git", self.exploitDbPath)
#git.Repo.clone_from("https://github.com/offensive-security/exploit-database.git", self.exploitDbPath)
print("Updating db...")
self.updateDb()
else:
if self.autoUpdate == True:
print("Pulling exploit-database updates...")
#git.Git(self.exploitDbPath).pull('origin', 'master')
print("Updating db...")
#self.updateDb()
print("Loading database...")
with open(self.currentPath + "/" + exploitMap, encoding="utf-8") as fileData:
cveToExploitMap = json.load(fileData)
self.cveToExploitMap = cveToExploitMap
if self.debug == True:
print(self.cveToExploitMap)
By doing the above changes, we will be faced with the second problem as the tuples in line 50 of init.py (see below) does not match the headers in the new files_exploits.csv
.
Problematic Code
for row in reader:
edb, fileName, description, date, author, platform, exploitType, port = tuple(row)
if edb in self.cveToExploitMap[cveSearch]:
found = True
result['edbid'] = edb
result['exploit'] = self.exploitDbPath + "/" + fileName
result['date'] = date
result['author'] = author
result['platform'] = platform
result['type'] = exploitType
if self.debug == True:
print("Exploit DB Id: {0}".format(edb))
print("File: {0}".format(self.exploitDbPath + "/" + fileName))
print("Date: {0}".format(date))
print("Author: {0}".format(author))
print("Platform: {0}".format(platform))
print("Type: {0}".format(exploitType))
if port != "0":
result['port'] = port
if self.debug == True:
print("Port: {0}".format(port))
As such, my suggestion for a quick fix would be to simply replace the new files_exploits.csv
with an old one similar to how we just simply download the old database. It would be a tad too tedious to change the tuples.
Hope my suggestion helps!
![image](https://user-images.githubusercontent.com/88809233/203834008-7162f5a5-bf5c-43fb-b0fa-beb68cd861a7.png)
To the maintainers, thanks for creating such an useful package! It is truly helpful! Looking forward to your updates!