Home

Awesome

hsploit. An advanced command-line search engine for Exploit-DB

.__                   .__         .__  __
|  |__   ____________ |  |   ____ |__|/  |_              __    
|  |  \ /  ___/\____ \|  |  /  _ \|  \   __\ (\,--------'()'--o
|   Y  \___ \ |  |_> >  |_(  <_> )  ||  |    (_    ___    /~" 
|___|  /____  >|   __/|____/\____/|__||__|     (_)_)  (_)_)    
     \/     \/ |__|                         

Author: Nicolas Carolo nicolascarolo.dev@gmail.com

Copyright: © 2020, Nicolas Carolo.

Date: 2020-05-16

Version: 2.1.0

PURPOSE

hsploit is an advanced command-line search engine for Exploit-DB developed in Python, born with the aim of showing the user the most accurate search results.

Features

Demo

Effective version number filtering examples

nicolas@carolo:~$ hsploit -s "wordpress core 2.1.0"

11 exploits and 0 shellcodes found.

EXPLOITS:

+-------+--------------------------------------------------------------------------------------------+
|    ID | DESCRIPTION                                                                                |
+=======+============================================================================================+
| 35414 | WORDPRESS CORE < 4.0.1 - Denial of Service                                                 |
+-------+--------------------------------------------------------------------------------------------+
| 47800 | WORDPRESS CORE < 5.3.x - 'xmlrpc.php' Denial of Service                                    |
+-------+--------------------------------------------------------------------------------------------+
|     6 | WORDPRESS CORE 2.1.0 - 'cache' Remote Shell Injection                                      |
+-------+--------------------------------------------------------------------------------------------+
|  4397 | WORDPRESS CORE 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities                                  |
+-------+--------------------------------------------------------------------------------------------+
| 10088 | WORDPRESS CORE 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass              |
+-------+--------------------------------------------------------------------------------------------+
| 10089 | WORDPRESS CORE < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution |
+-------+--------------------------------------------------------------------------------------------+
| 29754 | WORDPRESS CORE < 2.1.2 - 'PHP_Self' Cross-Site Scripting                                   |
+-------+--------------------------------------------------------------------------------------------+
| 41497 | WORDPRESS CORE < 4.7.1 - Username Enumeration                                              |
+-------+--------------------------------------------------------------------------------------------+
| 41963 | WORDPRESS CORE < 4.7.4 - Unauthorized Password Reset                                       |
+-------+--------------------------------------------------------------------------------------------+
| 44949 | WORDPRESS CORE < 4.9.6 - (Authenticated) Arbitrary File Deletion                           |
+-------+--------------------------------------------------------------------------------------------+
| 47690 | WORDPRESS CORE < 5.2.3 - Viewing Unauthenticated/Password/Private Posts                    |
+-------+--------------------------------------------------------------------------------------------+
Example II
nicolas@carolo:~$ hsploit -s "linux kernel 4.4.1"

14 exploits and 0 shellcodes found.

EXPLOITS:

+-------+--------------------------------------------------------------------------------------------------+
|    ID | DESCRIPTION                                                                                      |
+=======+==================================================================================================+
| 42136 | LINUX KERNEL < 4.10.13 - 'keyctl_set_reqkey_keyring' Local Denial of Service                     |
+-------+--------------------------------------------------------------------------------------------------+
| 42762 | LINUX KERNEL < 4.13.1 - BlueTooth Buffer Overflow (PoC)                                          |
+-------+--------------------------------------------------------------------------------------------------+
| 42932 | LINUX KERNEL < 4.14.rc3 - Local Denial of Service                                                |
+-------+--------------------------------------------------------------------------------------------------+
| 44301 | LINUX KERNEL < 4.5.1 - Off-By-One (PoC)                                                          |
+-------+--------------------------------------------------------------------------------------------------+
| 44579 | LINUX KERNEL < 4.17-rc1 - 'AF_LLC' Double Free                                                   |
+-------+--------------------------------------------------------------------------------------------------+
| 44832 | LINUX KERNEL < 4.16.11 - 'ext4_read_inline_data()' Memory Corruption                             |
+-------+--------------------------------------------------------------------------------------------------+
| 39277 | LINUX KERNEL 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (1) |
+-------+--------------------------------------------------------------------------------------------------+
| 40003 | LINUX KERNEL 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (2) |
+-------+--------------------------------------------------------------------------------------------------+
| 39772 | LINUX KERNEL 4.4.x (Ubuntu 16.04) - 'double-fdput()' bpf(BPF_PROG_LOAD) Privilege Escalation     |
+-------+--------------------------------------------------------------------------------------------------+
| 41995 | LINUX KERNEL 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' / 'SO_RCVBUFFORCE' Local Privilege Escalation       |
+-------+--------------------------------------------------------------------------------------------------+
| 43345 | LINUX KERNEL < 4.10.15 - Race Condition Privilege Escalation                                     |
+-------+--------------------------------------------------------------------------------------------------+
| 44325 | LINUX KERNEL < 4.15.4 - 'show_floppy' KASLR Address Leak                                         |
+-------+--------------------------------------------------------------------------------------------------+
| 45010 | LINUX KERNEL < 4.13.9 (Ubuntu 16.04 / Fedora 27) - Local Privilege Escalation                    |
+-------+--------------------------------------------------------------------------------------------------+
| 45553 | LINUX KERNEL < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation                |
+-------+--------------------------------------------------------------------------------------------------+

Advanced filtering

Using the advanced search (-sad option) you can use the following filters for filtering search results:

Advanced Search

Search suggestions

You can choose to show a particular suggestion for a given searched string. For each case you can also decide to use automatic replacement or not. It is possible to add new suggestions and delete the existing suggestions.

Example of default suggestion:

Default search suggestions

Example of autoreplacement

Search autoreplacement

MINIMUM REQUIREMENTS

Supported OS

Interpreter and tools

INSTALLATION

Linux (not-root user) [recommended]

We can install hsploit simply by doing:

$ git clone https://github.com/nicolas-carolo/hsploit
$ cd hsploit
$ ./install_db_linux.sh
$ pip install -r requirements.txt
$ python setup.py install

Now you can remove the repository of hsploit you have downloaded, because this repository has been cloned in ~/.HoundSploit/hsploit for supporting automatic updates. If you have already installed the version 2.3.0 of HoundSploit or you never installed HoundSploit, you can check if there is the directory ~/HoundSploit and then you can delete it.

Linux (root user)

We can install hsploit simply by doing:

$ git clone https://github.com/nicolas-carolo/hsploit
$ cd hsploit
$ mkdir /root/.HoundSploit
$ touch /root/.HoundSploit/enable_root.cfg
$ ./install_db_linux.sh
$ pip install -r requirements.txt
$ python setup.py install

Now you can remove the repository of hsploit you have downloaded, because this repository has been cloned in ~/.HoundSploit/hsploit for supporting automatic updates. If you have already installed the version 2.3.0 of HoundSploit or you never installed HoundSploit, you can check if there is the directory ~/HoundSploit and then you can delete it.

macOS

We can install hsploit simply by doing:

$ git clone https://github.com/nicolas-carolo/hsploit
$ cd hsploit
$ ./install_db_darwin.sh
$ pip install -r requirements.txt
$ python setup.py install

Now you can remove the repository of hsploit you have downloaded, because this repository has been cloned in ~/.HoundSploit/hsploit for supporting automatic updates. If you have already installed the version 2.3.0 of HoundSploit or you never installed HoundSploit, you can check if there is the directory ~/HoundSploit and then you can delete it.

Troubleshooting

If you encounter problems during the installation phase, please run:

$ rm -fr ~/.HoundSploit

and then repeat the installation phase.

USAGE

Search

Advanced search

Show information about exploits/shellcodes

Exploit/Shellcode file management

Suggestions

hsploit: updates, information and guide

Notes

For a better view of the search results when the description of the exploits is too long to be displayed on a single line, it is recommended to use the less-RS command as in the following example:

$ hsploit -s "windows" | less -SR

This feature is not supported using the -sad option.

COPYRIGHT

Copyright © 2020, Nicolas Carolo. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code must retain the above copyright notice, this list of conditions, and the following disclaimer.

  2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution.

  3. Neither the name of the author of this software nor the names of contributors to this software may be used to endorse or promote products derived from this software without specific prior written consent.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.