Adding Explot-DB to Kali Linux

[dboy1612]

After google searching, finding some examples. and failing, I was hoping to find some help here. I'm currently trying to add the entire Exploit-DB to my Metasploit framework inside the .msf4 found in the home folder, except I see to be running in to an error after adding the database. I'm currently downloading the database from the following URL: http://www.exploit-db.com/archive.tar.bz2

Inside the archive is the following:


Inside Platforms, you find all your modules categorized.


I go in to /root/.msf4/modules/, and create a new directory called 'exploits', where I copy everything from platforms.


After a reboot, and running metasploit from the applications menu, this is what happens in terminal.



To me that looks like instead of loading the module in to metasploit, it's trying to run one of the exploits right then and there. What exactly am I doing wrong in this process? Any help is appreciated!

[catalyst256]

Hi dboy1612,

Why are you trying to install the exploit-db inside of Metasploit? There is a copy of exploit-db already in Kali and the format of the exploits within range from php file to C code that needs complying. Most of which won't actually work directly within Metasploit as it's Ruby based and requires a certain folder/file structure.

If you run:

searchsploit [software]

It searches the local copy of exploit-db which I believe is updated as part of the normal update cycle.

[satriani1]

If you run:
searchsploit [software]
It searches the local copy of exploit-db which I believe is updated as part of the normal update cycle.

yes but, how could this work with armitage's "FIND ATTACKs" and "HAIL MARY", which searces ALL the exploits of the metasploit? is this possible to run the whole exploit-db with armitage for finding attacks automatically?

[aerokid240]

yes but, how could this work with armitage's "FIND ATTACKs" and "HAIL MARY", which searces ALL the exploits of the metasploit? is this possible to run the whole exploit-db with armitage for finding attacks automatically?

No this is not possbile. Time to give armitage a break and get back to doing things the hard way.

[satriani1]

ow.. ok !!
i just thought it would be easier if it was possible..
But, can you share a small piece of your knowledge here? i mean... how..or what should be the 1st step when you wanna try an attack? how you know which is the right one exploit?? ?!!

[aerokid240]

Information gathering is the first step. Just to give a little perspective, you want to identify your target(s) (ex: obtain IP of target), then identify the operating system on your target (linux, Mac, Windows, etc.). You also want to identify what ports or open on the target(ex: port 80); what service/program is listening for connections (ex: apache); what version of the service is running (ex: apache version 1.4).

Now with such information you can research/goolge for known vulnerabilies in, as in our example, apache version 1.4. Search exploitDB for proof of concept code for the version of apache with the appropriate supported OS. Once you found a proof of concept code, determine how it is supposed to work and what conditions are required in order for it to work. With the knowledge at hand, you can try the exploit in a controlled virtual environment and see if it works. Exploits are not always 100%. Sometimes you may need to modify the exploit code, especially those found in the exploitdb database, to get them to work, and even then its not guarateed to work lol.

Hope this helps.

[CHAMPIONx]

also "grep [software] files.csv" works as well from within the exploit-db directory.

[satriani1]

thank you guys! yeah, it helped me a bit!!

[McNightstricker]

the best way to do that is :
cd /usr/share/exploitdb
wget http://www.exploit-db.com/archive.tar.bz2
tar –xvjf archive.tar.bz2
rm archive.tar.bz2

[g0tmi1k]

the best way to do that is :
cd /usr/share/exploitdb
wget http://www.exploit-db.com/archive.tar.bz2
tar –xvjf archive.tar.bz2
rm archive.tar.bz2

Kali comes with the exploit-db package by default.
There isn't a need todo this.

Code:

cd /usr/share/exploitdb/