def search_shellcodes_version(software_name, num_version):
"""
Perform a search based on exploits' description for an input search that contains a number of version.
This function is called by 'search_vulnerabilities_version' method.
:param software_name: the name of the software that the user is searching for.
:param num_version: the specific number of version the user is searching for.
:return: a queryset with search result found in 'searcher_exploit' DB table.
"""
session = start_session()
queryset = session.query(Shellcode).filter(
and_(Shellcode.description.like('%' + software_name + '%')))
query_result_set = queryset2list(queryset)
session.close()
# limit the time spent for searching useless results.
if queryset.count() > N_MAX_RESULTS_NUMB_VERSION:
# return Exploit.objects.none()
return void_result_set()
final_result_set = []
for shellcode in query_result_set:
# if exploit not contains '<'
if not str(shellcode.description).__contains__('<'):
final_result_set = filter_shellcodes_without_comparator(
shellcode, num_version, software_name, final_result_set)
# if exploit contains '<'
else:
final_result_set = filter_shellcodes_with_comparator(
shellcode, num_version, software_name, final_result_set)
return final_result_set
def join_result_sets(result_set_1, result_set_2, db_table):
"""
Make the union of two result sets, excluding the duplicates.
:param result_set_1: the first result set.
:param result_set_2: the second result set.
:param db_table: the database table.
:return: the result set obtained by the union of the two result sets.
"""
list_id_1 = []
list_id_2 = []
for instance in result_set_1:
list_id_1.append(instance.id)
for instance in result_set_2:
list_id_2.append(instance.id)
union_list_id = set(list_id_1) | set(list_id_2)
if len(union_list_id) == 0:
return void_result_set()
session = start_session()
if db_table == 'searcher_exploit':
queryset = session.query(Exploit).filter(
or_(Exploit.id == instance_id for instance_id in union_list_id))
else:
queryset = session.query(Shellcode).filter(
or_(Shellcode.id == instance_id for instance_id in union_list_id))
session.close()
return queryset2list(queryset)
def open_shellcode(id):
"""
Open the shellcode identified by the id.
:param id: the shellcode's id.
:return: exit the program.
"""
session = start_session()
queryset = session.query(Shellcode).filter(Shellcode.id == id)
session.close()
try:
os.system('nano ' + './searcher/vulnerabilities/' + queryset[0].file)
except IndexError:
print('ERROR: Shellcode not found!')
return exit(0)
def main():
try:
session = start_session()
session.query(Exploit).count()
session.query(Shellcode).count()
print(
'Setup completed! Now you can run HoundSploit using the following command:'
)
print('\t$ python houndsploit.py')
exit(0)
except InternalError:
print('ERROR: The setup failed!')
setup_error()
except OperationalError:
print('ERROR: The setup failed!')
setup_error()
def search_vulnerabilities_for_text_input(searched_text, db_table):
"""
Perform a search in description based on characters contained by this attribute.
This queryset can be joined with the search results based on the number of version.
:param search_text: the search input.
:param db_table: the DB table in which we want to perform the search.
:return: a queryset containing the search results found with a search based on the characters contained by
the attribute 'description'
"""
word_list = str(searched_text).split()
word_list_num = []
for word in word_list:
if word.isnumeric():
word_list.remove(word)
word_list_num.append(' ' + word)
word_list_num.append('/' + word)
if word.__contains__('.'):
word_list.remove(word)
word_list_num.append(' ' + word)
word_list_num.append('/' + word)
try:
session = start_session()
if db_table == 'searcher_exploit':
queryset = session.query(Exploit).filter(
and_(
Exploit.description.like('%' + word + '%')
for word in word_list))
else:
queryset = session.query(Shellcode).filter(
and_(
Shellcode.description.like('%' + word + '%')
for word in word_list))
session.close()
query_result_set = queryset2list(queryset)
except TypeError:
query_result_set = void_result_set()
final_result_set = []
try:
for instance in query_result_set:
for word in word_list_num:
if str(instance.description).__contains__(word) and not list(
final_result_set).__contains__(instance):
final_result_set.append(instance)
except TypeError:
pass
return final_result_set
def show_shellcode_info(id):
"""
Show the information about the shellcode identified by the id.
:param id: the shellcode's id.
:return: exit the program.
"""
session = start_session()
queryset = session.query(Shellcode).filter(Shellcode.id == id)
session.close()
try:
shellcode = queryset[0]
print(tabulate([[O + 'DESCRIPTION:' + W, shellcode.description], [O + 'AUTHOR:' + W, shellcode.author],
[O + 'FILE:' + W, shellcode.file], [O + 'DATE:' + W, shellcode.date],
[O + 'TYPE:' + W, shellcode.type], [O + 'PLATFORM:' + W, shellcode.platform]], tablefmt='grid'))
except IndexError:
print('ERROR: Shellcode not found!')
return exit(0)
def search_vulnerabilities_for_file(word_list, db_table):
"""
Search vulnerabilities for file.
:param word_list: the list of words searched by the user.
:param db_table: the database table in which perform the search.
:return: the list containing the results of the performed search.
"""
session = start_session()
if db_table == 'searcher_exploit':
queryset = session.query(Exploit).filter(
and_(Exploit.file.like('%' + word + '%') for word in word_list))
else:
queryset = session.query(Shellcode).filter(
and_(Shellcode.file.like('%' + word + '%') for word in word_list))
session.close()
return queryset2list(queryset)
def search_vulnerabilities_numerical(searched_text, db_table):
"""
Perform a search based on vulnerabilities' description, file, id, and port (only if it is an exploit) for an only
numerical search input.
:param searched_text: the search input.
:param db_table: the DB table in which we want to perform the search.
:return: a queryset with search results.
"""
session = start_session()
if db_table == 'searcher_exploit':
queryset = session.query(Exploit).filter(
or_(Exploit.description.like('%' + searched_text + '%'),
Exploit.id == int(searched_text),
Exploit.file.like('%' + searched_text + '%'),
Exploit.port == int(searched_text)))
else:
queryset = session.query(Shellcode).filter(
or_(Shellcode.description.like('%' + searched_text + '%'),
Shellcode.id == int(searched_text),
Shellcode.file.like('%' + searched_text + '%')))
session.close()
return queryset2list(queryset)
def show_exploit_info(id):
"""
Show the information about the exploit identified by the id.
:param id: the exploit's id.
:return: exit the program.
"""
session = start_session()
queryset = session.query(Exploit).filter(Exploit.id == id)
session.close()
try:
exploit = queryset[0]
if exploit.port:
print(tabulate([[O + 'DESCRIPTION:' + W, exploit.description], [O + 'AUTHOR:' + W, exploit.author],
[O + 'FILE:' + W, exploit.file], [O + 'DATE:' + W, exploit.date],
[O + 'TYPE:' + W, exploit.type], [O + 'PLATFORM:' + W, exploit.platform],
[O + 'PORT:' + W, exploit.port]], tablefmt='grid'))
else:
print(tabulate([[O + 'DESCRIPTION:' + W, exploit.description], [O + 'AUTHOR:' + W, exploit.author],
[O + 'FILE:' + W, exploit.file], [O + 'DATE:' + W, exploit.date],
[O + 'TYPE:' + W, exploit.type], [O + 'PLATFORM:' + W, exploit.platform]], tablefmt='grid'))
except IndexError:
print('ERROR: Exploit not found!')
return exit(0)