An optimized Python3 library to fetch the most recent exploit-database, create searchable indexes for CVE->EDBID and EDBID -> CVE, and provide methods to perform searches.
License: GNU General Public License v3.0
How do you obtain 'date': '2018-09-24' if, in file_exploits.csv (from the repo "https://github.com/offensive-security/exploitdb.git"), all dates are set to 1970-01-01? It looks like this issue has been going on for a while now. Is there any workaround to get the precise date?
Hi Guys, faced 2 issues when using this.
edb, fileName, description, date, author, platform, exploitType, port = tuple(row)This is due to breaking changes on exploitdb end, where they shifted their github repo to gitlab and also renamed their files_exploits.csv headers
I have came up with some temporary fix (below) so that this package can still be used, but a more permanent fix will require breaking changes in the codebase.
The easiest method would be to download a working commit and save the files in pyExploitDB/exploit-database folder.
In this way, you would not face problem 2.
In the __init__.py file, I have commented out the git clone and update function.
def openFile(self, exploitMap = "cveToEdbid.json", encoding="utf-8"):
if not os.path.isdir(self.exploitDbPath):
print("Cloning exploit-database repository")
git.Repo.clone_from("https://github.com/offensive-security/exploit-database.git", self.exploitDbPath)
print("Updating db...")
self.updateDb()
else:
if self.autoUpdate == True:
print("Pulling exploit-database updates...")
git.Git(self.exploitDbPath).pull('origin', 'master')
print("Updating db...")
self.updateDb()
print("Loading database...")
with open(self.currentPath + "/" + exploitMap, encoding="utf-8") as fileData:
cveToExploitMap = json.load(fileData)
self.cveToExploitMap = cveToExploitMap
if self.debug == True:
print(self.cveToExploitMap)
def openFile(self, exploitMap = "cveToEdbid.json", encoding="utf-8"):
if not os.path.isdir(self.exploitDbPath):
print("Cloning exploit-database repository")
git.Repo.clone_from("https://gitlab.com/exploit-database/exploitdb.git", self.exploitDbPath)
#git.Repo.clone_from("https://github.com/offensive-security/exploit-database.git", self.exploitDbPath)
print("Updating db...")
self.updateDb()
else:
if self.autoUpdate == True:
print("Pulling exploit-database updates...")
#git.Git(self.exploitDbPath).pull('origin', 'master')
print("Updating db...")
#self.updateDb()
print("Loading database...")
with open(self.currentPath + "/" + exploitMap, encoding="utf-8") as fileData:
cveToExploitMap = json.load(fileData)
self.cveToExploitMap = cveToExploitMap
if self.debug == True:
print(self.cveToExploitMap)
By doing the above changes, we will be faced with the second problem as the tuples in line 50 of init.py (see below) does not match the headers in the new files_exploits.csv.
for row in reader:
edb, fileName, description, date, author, platform, exploitType, port = tuple(row)
if edb in self.cveToExploitMap[cveSearch]:
found = True
result['edbid'] = edb
result['exploit'] = self.exploitDbPath + "/" + fileName
result['date'] = date
result['author'] = author
result['platform'] = platform
result['type'] = exploitType
if self.debug == True:
print("Exploit DB Id: {0}".format(edb))
print("File: {0}".format(self.exploitDbPath + "/" + fileName))
print("Date: {0}".format(date))
print("Author: {0}".format(author))
print("Platform: {0}".format(platform))
print("Type: {0}".format(exploitType))
if port != "0":
result['port'] = port
if self.debug == True:
print("Port: {0}".format(port))
As such, my suggestion for a quick fix would be to simply replace the new files_exploits.csv with an old one similar to how we just simply download the old database. It would be a tad too tedious to change the tuples.
Hope my suggestion helps!
To the maintainers, thanks for creating such an useful package! It is truly helpful! Looking forward to your updates!
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.