Gather Vulns: Necessity is the mother of Invention

Friday, March 01, 2013

f8lerror

71d85bb5d111973cb65dfee3d2a7e6c9

Ever run into a test where you port scan and you just cannot remember what those ports are or if there is any vulnerabilities connected to them? Normally, I would just take the port do a search on Exploit-db.com. However, I found myself doing that a lot on this last test there were lots of weird ports.   I started by writing a page scraper for Exploit-DB, that took just a list of ports, it was a little slow. I added functionality to search the Exploit-DB CSV file that is in Backtrack or if you have the file just point the script at it. I quickly became annoyed with having to take the ports from my Nmap results and put them into a text file and then run my script.  I then found out there is an API for Exploit-DB so back to the drawing board at the end of the day the Gather Vulns script was born.

The script simply parses an Nmap xml file grabs the host, ports and OS and runs them through either the Exploit-DB online search or locally if specified. There are some requirements though, you will need a Shodan API key you can get the instructions at http://docs.shodanhq.com/. You will also need the Shodan python libraries which you can get at https://github.com/achillean/shodan-python. Finally, you will need the code at the end of this article and python 2.7.

If the Nmap XML has the operating system (OS) detection in it the script will limit the port findings based on that OS along with the exploits that are for multiple OS’s. You can specify an OS or force all results. This script produces a lot of data, you have been warned.

image

image

Code can be found at http://blog.infosecsee.com/2013/03/gather-vulns-necessity-is-mother-of.html or http://pastebin.com/ASzTMFtB

Cross Posted from: http://blog.infosecsee.com

Possibly Related Articles:
15357
Vulnerabilities
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.