def get_suggestion(searched): session = start_session() suggestion_item = session.query(Suggestion).get(searched) if suggestion_item is not None: return suggestion_item else: return None
def search_shellcodes_version(software_name, num_version): """ Perform a search based on exploits' description for an input search that contains a number of version. This function is called by 'search_vulnerabilities_version' method. :param software_name: the name of the software that the user is searching for. :param num_version: the specific number of version the user is searching for. :return: a queryset with search result found in 'searcher_exploit' DB table. """ session = start_session() queryset = session.query(Shellcode).filter( and_(Shellcode.description.contains(software_name))) query_result_set = queryset2list(queryset) session.close() # limit the time spent for searching useless results. if queryset.count() > N_MAX_RESULTS_NUMB_VERSION: # return Exploit.objects.none() return void_result_set() final_result_set = [] for shellcode in query_result_set: # if exploit not contains '<' if not str(shellcode.description).__contains__('<'): final_result_set = filter_shellcodes_without_comparator( shellcode, num_version, software_name, final_result_set) # if exploit contains '<' else: final_result_set = filter_shellcodes_with_comparator( shellcode, num_version, software_name, final_result_set) return final_result_set
def copy_shellcode(id, dst): """ Copy the shellcode identified by the id into the destination specified by the user. :param id: the shellcode's id. :return: exit the program. """ session = start_session() queryset = session.query(Shellcode).filter(Shellcode.id == id) session.close() try: vulnerabilities_path = os.path.split( sys.executable)[0] + "/HoundSploit/vulnerabilities/" src = vulnerabilities_path + queryset[0].file try: copyfile(src, dst) except IsADirectoryError: if src[-1:] == '/': dst = dst + queryset[0].id + get_vulnerability_extension( queryset[0].file) else: dst = dst + '/' + queryset[0].id + get_vulnerability_extension( queryset[0].file) copyfile(src, dst) except IndexError: print('ERROR: Exploit not found!') return exit(0)
def join_result_sets(result_set_1, result_set_2, db_table): """ Make the union of two result sets, excluding the duplicates. :param result_set_1: the first result set. :param result_set_2: the second result set. :param db_table: the database table. :return: the result set obtained by the union of the two result sets. """ list_id_1 = [] list_id_2 = [] for instance in result_set_1: list_id_1.append(instance.id) for instance in result_set_2: list_id_2.append(instance.id) union_list_id = set(list_id_1) | set(list_id_2) if len(union_list_id) == 0: return void_result_set() session = start_session() if db_table == 'searcher_exploit': queryset = session.query(Exploit).filter( or_(Exploit.id == instance_id for instance_id in union_list_id)) else: queryset = session.query(Shellcode).filter( or_(Shellcode.id == instance_id for instance_id in union_list_id)) session.close() return queryset2list(queryset)
def show_exploit_info(id): """ Show the information about the exploit identified by the id. :param id: the exploit's id. :return: exit the program. """ session = start_session() queryset = session.query(Exploit).filter(Exploit.id == id) session.close() try: exploit = queryset[0] if exploit.port: print( tabulate([[O + 'DESCRIPTION:' + W, exploit.description], [O + 'AUTHOR:' + W, exploit.author], [O + 'FILE:' + W, exploit.file], [O + 'DATE:' + W, exploit.date], [O + 'TYPE:' + W, exploit.type], [O + 'PLATFORM:' + W, exploit.platform], [O + 'PORT:' + W, exploit.port]], tablefmt='grid')) else: print( tabulate([[O + 'DESCRIPTION:' + W, exploit.description], [O + 'AUTHOR:' + W, exploit.author], [O + 'FILE:' + W, exploit.file], [O + 'DATE:' + W, exploit.date], [O + 'TYPE:' + W, exploit.type], [O + 'PLATFORM:' + W, exploit.platform]], tablefmt='grid')) except IndexError: print('ERROR: Exploit not found!') return exit(0)
def get_suggestions_list(): """ Get all suggestions in the database :return: a list containing all suggestions """ session = start_session() queryset = session.query(Suggestion) suggestions_list = queryset2list(queryset) session.close() return suggestions_list
def remove_suggestion(searched): session = start_session() suggestion_item = session.query(Suggestion).get(searched) if suggestion_item is not None: session.query(Suggestion).filter( Suggestion.searched == searched).delete() session.commit() session.close() delete_suggestion_from_csv(searched) return True else: return False
def open_shellcode(id): """ Open the shellcode identified by the id. :param id: the shellcode's id. :return: exit the program. """ session = start_session() queryset = session.query(Shellcode).filter(Shellcode.id == id) session.close() try: vulnerabilities_path = os.path.expanduser( "~") + "/HoundSploit/exploitdb/" os.system('vim ' + vulnerabilities_path + queryset[0].file) except IndexError: print('ERROR: Shellcode not found!') return exit(0)
def substitute_with_suggestions(searched_text): """ Substitute automatically an user's input with an appropriate suggestion. :param searched_text: the user's input. :return: the new input to use for the search. """ session = start_session() suggestions = session.query(Suggestion) session.close() for suggested_word in suggestions: if searched_text.lower().__contains__(suggested_word.searched.lower())\ and suggested_word.autoreplacement == 'true' \ and not str(searched_text).lower().__contains__(suggested_word.suggestion.lower()): searched_text = str(searched_text.lower()).replace( suggested_word.searched.lower(), suggested_word.suggestion.lower()) return searched_text
def new_suggestion(searched, suggestion, autoreplacement): session = start_session() searched = str(searched).lower() suggestion = str(suggestion).lower() queryset = session.query(Suggestion).filter( Suggestion.searched == searched) results_list = queryset2list(queryset) if len(results_list) == 0: new_suggestion = Suggestion(searched, suggestion, autoreplacement) session.add(new_suggestion) add_suggestion_to_custom_csv(searched, suggestion, autoreplacement) else: edited_suggestion = session.query(Suggestion).get(searched) edited_suggestion.suggestion = suggestion edited_suggestion.autoreplacement = autoreplacement edited_suggestion_in_csv(searched, suggestion, autoreplacement) session.commit() session.close()
def search_vulnerabilities_for_file(word_list, db_table): """ Search vulnerabilities for file. :param word_list: the list of words searched by the user. :param db_table: the database table in which perform the search. :return: the list containing the results of the performed search. """ session = start_session() if db_table == 'searcher_exploit': queryset = session.query(Exploit).filter( and_(Exploit.file.contains(word) for word in word_list)) else: queryset = session.query(Shellcode).filter( and_(Shellcode.file.contains(word) for word in word_list)) session.close() return queryset2list(queryset)
def search_vulnerabilities_for_text_input(searched_text, db_table): """ Perform a search in description based on characters contained by this attribute. This queryset can be joined with the search results based on the number of version. :param search_text: the search input. :param db_table: the DB table in which we want to perform the search. :return: a queryset containing the search results found with a search based on the characters contained by the attribute 'description' """ word_list = str(searched_text).split() word_list_num = [] for word in word_list: if word.isnumeric(): word_list.remove(word) word_list_num.append(' ' + word) word_list_num.append('/' + word) if word.__contains__('.'): word_list.remove(word) word_list_num.append(' ' + word) word_list_num.append('/' + word) try: session = start_session() if db_table == 'searcher_exploit': queryset = session.query(Exploit).filter( and_(Exploit.description.contains(word) for word in word_list)) else: queryset = session.query(Shellcode).filter( and_( Shellcode.description.contains(word) for word in word_list)) session.close() query_result_set = queryset2list(queryset) except TypeError: query_result_set = void_result_set() final_result_set = [] try: for instance in query_result_set: for word in word_list_num: if str(instance.description).__contains__(word) and not list( final_result_set).__contains__(instance): final_result_set.append(instance) except TypeError: pass return final_result_set
def propose_suggestions(searched_text): """ Suggest to the user a related search that he can do. :param searched_text: the user's input. :return: the suggested search. """ suggested_searched_text = '' session = start_session() queryset = session.query(Suggestion) suggestions = queryset2list(queryset) session.close() for suggested_word in suggestions: if searched_text.lower().__contains__(suggested_word.searched.lower()) \ and suggested_word.autoreplacement == 'false' \ and not str(searched_text).lower().__contains__(suggested_word.suggestion.lower()): suggested_searched_text = str(searched_text.lower()).replace( suggested_word.searched.lower(), suggested_word.suggestion.lower()) return suggested_searched_text
def search_vulnerabilities_numerical(searched_text, db_table): """ Perform a search based on vulnerabilities' description, file, id, and port (only if it is an exploit) for an only numerical search input. :param searched_text: the search input. :param db_table: the DB table in which we want to perform the search. :return: a queryset with search results. """ session = start_session() if db_table == 'searcher_exploit': queryset = session.query(Exploit).filter( or_(Exploit.description.contains(searched_text), Exploit.id == int(searched_text), Exploit.file.contains(searched_text), Exploit.port == int(searched_text))) else: queryset = session.query(Shellcode).filter( or_(Shellcode.description.contains(searched_text), Shellcode.id == int(searched_text), Shellcode.file.contains(searched_text))) session.close() return queryset2list(queryset)
def get_vulnerability_filters(): """ Get the list of all vulnerability filters :return: a list containing all vulnerability types and a list containing all platforms """ session = start_session() queryset = session.query(Exploit) exploits_list = queryset2list(queryset) types_list = [] platform_list = [] for exploit in exploits_list: types_list.append(exploit.type) platform_list.append(exploit.platform) queryset = session.query(Shellcode) shellcodes_list = queryset2list(queryset) for shellcode in shellcodes_list: types_list.append(shellcode.type) platform_list.append(shellcode.platform) types_list = sorted(remove_duplicates_by_list(types_list)) platform_list = sorted(remove_duplicates_by_list(platform_list)) session.close() return types_list, platform_list
def show_shellcode_info(id): """ Show the information about the shellcode identified by the id. :param id: the shellcode's id. :return: exit the program. """ session = start_session() queryset = session.query(Shellcode).filter(Shellcode.id == id) session.close() try: shellcode = queryset[0] print( tabulate([[O + 'DESCRIPTION:' + W, shellcode.description], [O + 'AUTHOR:' + W, shellcode.author], [O + 'FILE:' + W, shellcode.file], [O + 'DATE:' + W, shellcode.date], [O + 'TYPE:' + W, shellcode.type], [O + 'PLATFORM:' + W, shellcode.platform]], tablefmt='grid')) except IndexError: print('ERROR: Shellcode not found!') return exit(0)
def search_vulnerabilities_advanced(searched_text, db_table, operator_filter, type_filter, platform_filter, author_filter, port_filter, date_from_filter, date_to_filter): """ Perform a search based on filter selected by the user for an input search. :param searched_text: the search input. :param db_table: the DB table in which we want to perform the search. :param operator_filter: OR operator matches all search results that contain at least one search keyword, AND operator matches only search results that contain all the search keywords. :param type_filter: the filter on the vulnerabilities' type. :param platform_filter: the filter on the vulnerabilities' platform. :param author_filter: the filter on the vulnerabilities' author. :param port_filter: the filter on the exploits' port. :param date_from_filter: the filter on the vulnerabilities' date (from). :param date_to_filter: the filter on the vulnerabilities' date (to). :return: a queryset containing all the search results. """ session = start_session() words_list = str(searched_text).upper().split() if operator_filter == 'AND' and searched_text != '': vulnerabilities_list = search_vulnerabilities_for_description_advanced( searched_text, db_table) elif operator_filter == 'OR': if db_table == 'searcher_exploit': queryset = session.query(Exploit).filter( or_(Exploit.description.contains(word) for word in words_list)) else: queryset = session.query(Shellcode).filter( or_( Shellcode.description.contains(word) for word in words_list)) vulnerabilities_list = queryset2list(queryset) else: if db_table == 'searcher_exploit': queryset = session.query(Exploit) else: queryset = session.query(Shellcode) vulnerabilities_list = queryset2list(queryset) if type_filter != 'all': vulnerabilities_list = filter_vulnerabilities_for_type( vulnerabilities_list, type_filter) if platform_filter != 'all': vulnerabilities_list = filter_vulnerabilities_for_platform( vulnerabilities_list, platform_filter) if author_filter != '': vulnerabilities_list = filter_vulnerabilities_for_author( vulnerabilities_list, author_filter) try: date_from = datetime.datetime.strptime(date_from_filter, '%Y-%m-%d') date_to = datetime.datetime.strptime(date_to_filter, '%Y-%m-%d') vulnerabilities_list = filter_vulnerabilities_for_date_range( vulnerabilities_list, date_from, date_to) except ValueError: pass if port_filter != '' and db_table == 'searcher_exploit': vulnerabilities_list = filter_exploits_for_port( vulnerabilities_list, port_filter) elif port_filter != '' and db_table == 'searcher_shellcode': vulnerabilities_list = [] queryset_std = search_vulnerabilities_for_text_input_advanced( searched_text, db_table, type_filter, platform_filter, author_filter, port_filter, date_from_filter, date_to_filter) results_list = join_lists(vulnerabilities_list, queryset_std) session.close() return results_list