PDA

View Full Version : 2PL017, a tool for efficiently finding the exploit you need



antlarac
2017-12-07, 23:09
Hi guys,

This is to introduce a tool I have developed to improve the task of searching for exploits, especially linux kernel exploits.

I have always found a bit awkward the process of searching for exploits with searchsploit or the online exploit database search application or google. With the latter, there are captchas, sometimes hard to solve (those street sign pictures...) or it is easy to repeat the same exploits, especially Linux Kernel exploits for privesc. Another problem is that, with the nomenclature they use in the exploit database, sometimes it is very easy to overlook exploits that are the right ones, but in their name the kernel version is not very specific. With searchsploit, it is also awkward to have to use (at least that's the fastest I could find) locate, cat and grep, and to chain several greps, to find what you need.

I have written a python GUI program that is very simple to use, and (in my opinion) a much better alternative to the existing ones, overcoming the limitations that they have. It only searches the Exploit database, since it runs local (no packet storm, etc), but for most cases we just use Exploit DB, right ?

Here is the source file: https://github.com/antlarac/2PL017

Hope you guyz find it helpful, I know I do!

There is a couple of minor additions I will make soon to this program.

Thanks, hope it helps!!

bigbiz
2018-07-22, 07:08
Hi guys,

This is to introduce a tool I have developed to improve the task of searching for exploits, especially linux kernel exploits.

I have always found a bit awkward the process of searching for exploits with searchsploit or the online exploit database search application or google. With the latter, there are captchas, sometimes hard to solve (those street sign pictures...) or it is easy to repeat the same exploits, especially Linux Kernel exploits for privesc. Another problem is that, with the nomenclature they use in the exploit database, sometimes it is very easy to overlook exploits that are the right ones, but in their name the kernel version is not very specific. With searchsploit, it is also awkward to have to use (at least that's the fastest I could find) locate, cat and grep, and to chain several greps, to find what you need.

I have written a python GUI program that is very simple to use, and (in my opinion) a much better alternative to the existing ones, overcoming the limitations that they have. It only searches the Exploit database, since it runs local (no packet storm, etc), but for most cases we just use Exploit DB, right ?

Here is the source file: https://github.com/antlarac/2PL017

Hope you guyz find it helpful, I know I do!

There is a couple of minor additions I will make soon to this program.

Thanks, hope it helps!!

Great program, code needs editing because the location of exploit. files isnt where it says.