Nmap Development mailing list archives
[NSE] Shodan exploits database library (and demo script)
From: Gutek <ange.gutek () gmail com>
Date: Fri, 12 Nov 2010 12:17:26 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A few days ago Shodan has released some libraries (Perl, Python and Ruby) to help developpers acces their exploits database [1]. While some functionalities like starting from a given exploit and listing vulnerable hosts are useless for Nmap, one of them seemed usefull to me: from a given service, listing the know available exploits. For example, I've seen a vulscan nse script around which could use it. I've written a little lib, exploitdb.lua. It takes a string as an argument, for example a service name and any accuracy infos and returns a number of known exploits and a table with the list of published exploits with their associated triggering platform. The Shodan API also allows to download the found exploits but for security reasons I don't have implemented this feature. An API key is mandatory to use this service, so one is hardcoded. The usage policy states that if a lot of traffic could be generated from a given key, then the developper has to notify Shodan (done, waiting for the answer). That's why, while obviously anyone can modify the lib with his own key, I've hardcoded a (I hope !) allowed one. Attached is a simple demo script, a tiny kind-of vulnerability scanner. - From a -sV scan, it searches the Shodan database for each identified service. Sample output : - -- @output - -- PORT STATE SERVICE REASON VERSION - -- 21/tcp open ftp syn-ack ProFTPD - -- | demo: Found 16 existing exploits - -- | On linux, ProFTPd Local pr_ctrls_connect Vuln - ftpdctl - -- | On multiple, ProFTPd with mod_mysql Authentication Bypass Vulnerability - -- | (snip) - -- |_On unix, ProFTPd 1.3.0 mod_ctrls Local Stack Overflow (opensuse) - -- 80/tcp open http syn-ack Apache httpd - -- | demo: Found 2 existing exploits - -- | On multiple, Apache HTTPd Arbitrary Long HTTP Headers DoS - -- |_On linux, Apache HTTPd Arbitrary Long HTTP Headers DoS (c version) - -- Service Info: OS: Unix Regards, A.G. [1] http://docs.shodanhq.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkzdIkYACgkQ3aDTTO0ha7iHfgCdG5QtMqc3l4KfEJTtiMF2G4bL Pw4An3X5Ql0d2bediLNZ1+hcqIhnxJPO =m+tB -----END PGP SIGNATURE-----
Attachment:
demo.nse
Description:
Attachment:
exploitdb.lua
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Shodan exploits database library (and demo script) Gutek (Nov 12)
- Re: [NSE] Shodan exploits database library (and demo script) David Fifield (Nov 22)
- Re: [NSE] Shodan exploits database library (and demo script) Gutek (Nov 22)
- Re: [NSE] Shodan exploits database library (and demo script) David Fifield (Nov 29)
- Re: [NSE] Shodan exploits database library (and demo script) Gutek (Nov 30)
- Re: [NSE] Shodan exploits database library (and demo script) Gutek (Dec 12)
- Re: [NSE] Shodan exploits database library (and demo script) Fyodor (Dec 12)
- Re: [NSE] Shodan exploits database library (and demo script) Gutek (Dec 12)
- RE: [NSE] Shodan exploits database library (and demo script) Rob Nicholls (Dec 13)
- Re: [NSE] Shodan exploits database library (and demo script) Fyodor (Dec 13)
- Re: [NSE] Shodan exploits database library (and demo script) Gutek (Nov 22)
- Re: [NSE] Shodan exploits database library (and demo script) David Fifield (Nov 22)