Exploit Search: XPL-Search

2015-09-18T21:55:57
ID N0WHERE:51699
Type n0where
Reporter N0where
Modified 2015-09-18T21:55:57

Description

XPL SEARCH is a script made in PHP, to perform quick searches for vulnerabilities or exploits in multiple databases

Dependencies:

The XPL SEARCH is written in PHP and therefore, can be used both on Linux or Windows.

The following items are required for the proper functioning of the script:

  • PHP Version (cli) 5.5.8 or higher
  • php5-cli Lib
  • cURL support Enabled
  • php5-curl Lib
  • cURL Version 7.40.0 or higher
  • allow_url_fopen On
  • Permission: Writing & Reading

Databases:

The following databases are available for search:

  1. Exploit-DB
  2. MIlw00rm
  3. Packet Storm Security
  4. Intelligent Exploit
  5. IEDB
  6. CVE

Commands


–search / -s

Basic command to perform the search for vulnerabilities or exploits.

 php xpl_search.php --search anything

–help/ -h

Displays the help screen, where a brief description of the options are available.

php xpl_search.php --help

–about / -a

Displays the about screen, where a brief description of the script and provides other information.

php xpl_search.php --about

–update

Option used to update the script, direct of the github, the script running on the machine will have the superscript code.

php xpl_search.php --update

–set-db

Defines which databases will be used, to define more than one database, use the comma.
Below contains the databases and their respective “ID”.

  1. Exploit-DB
  2. MIlw00rm
  3. Packet Storm Security
  4. Intelligent Exploit
  5. IEDB
  6. CVE

    php xpl_search.php --search anything --set-db 1,4

–cve-id

Command used to display information related to a specific CVE-ID.

php xpl_search.php --cve-id 2015-9696

–author

Used to display vulnerabilities or exploits of the specific author(Does not work with CVE).

php xpl_search.php --author Anything

–save

Saves all vulnerabilities or exploits found during the search. The saved files can be found in the folder “log”, divided by subdirectories corresponding to each database.

php xpl_search.php --search anything --save

–save-log

Saves a “search log” containing basic information about the vulnerabilities or exploits found during the search.

php xpl_search.php --search anything --save-log

–save-dir

Defines which directory, the folder “log” will be created. This command must be used with the command “–save” or “–save-log”. php xpl_search.php –search anything –save –save-dir /medi/pendrive/

–proxy / -p

Used to define a proxy.

 php xpl_search.php --search anything --proxy 127.0.0.1:80

–proxy-login

sed to define login:pass if the indicated proxy requires authentication.

php xpl_search.php --search anything --proxy 127.0.0.1:80 --proxy-login admin:root

–respond-time

Defines how long(in seconds), the databases has to respond. By default, 60 seconds is the limit.

php xpl_search.php --respond-time 80

–banner-no

Command not to display the banner/header.

 php xpl_search.php --banner-no

Source && Download

download