Inguma/CLI/Modules:Exploits/Exploitdb

From aldeid
Jump to navigation Jump to search
You are here:
exploit-db

Description

This section explains how to update the exploits database, select an exploit and use it against a target.

Tutorial

Update database

The first step consists in updating the local database. First start exploitdb:

inguma> exploitdb
Exploits from exploit-db not yet downloaded

Then type "help" to see the basic commands. Notice that you will have more commands once the local database will be updated.

LOCXPL> help

Inguma's Exploit-DB Help
------------------------

fetch                        Download exploits from exploit-db
help                         Show this help
exit                         Exit DDBB

Update your local database with exploits from exploit-db.

LOCXPL> fetch
Dir:  /pentest/exploits/inguma/data/exploits/
exploit-db already downloaded, checking for updates
Downloading  http://www.exploit-db.com/archive.tar.bz2
Extracting files...
Exploits successfully downloaded on Sun Jan 23 18:54:59 2011
Operation Complete

Loading exploits...
Exploits loaded: 15216

Issue "help" again and notice that you have more options:

LOCXPL> help

Inguma's Exploit-DB Help
------------------------

fetch                        Download exploits from exploit-db

Manage Exploit-DB commands
--------------------------

list                         Show list of local exploits. VERY VERBOSE
search <string>              Search exploits containing the string
                             Example: to search for postgre exploits
                             'search Postgre'
rport <port>                 Show exploits afecting a remote port
                             Define the port using command 'rport 22'
                             Port must be numeric: 22 intead of SSH
correlate                    Search the DDBB for all exploits matching rport
                             for all the ports of a scanned machine. Specify
                             target machine with 'target 192.168.0.1'
                             Be sure to scan the machine before!
show                         Show selected exploit source code
                             Select exploit using xplpath command:
                             'xplpath path/to/exploit'
help                         Show this help
exit                         Exit DDBB

Search for exploits

See following issue: http://code.google.com/p/inguma/issues/detail?id=13