Inguma/CLI/Modules:Exploits/Exploitdb
Jump to navigation
Jump to search
| You are here: | exploit-db
|
Description
This section explains how to update the exploits database, select an exploit and use it against a target.
Tutorial
Update database
The first step consists in updating the local database. First start exploitdb:
inguma> exploitdb Exploits from exploit-db not yet downloaded
Then type "help" to see the basic commands. Notice that you will have more commands once the local database will be updated.
LOCXPL> help Inguma's Exploit-DB Help ------------------------ fetch Download exploits from exploit-db help Show this help exit Exit DDBB
Update your local database with exploits from exploit-db.
LOCXPL> fetch Dir: /pentest/exploits/inguma/data/exploits/ exploit-db already downloaded, checking for updates Downloading http://www.exploit-db.com/archive.tar.bz2 Extracting files... Exploits successfully downloaded on Sun Jan 23 18:54:59 2011 Operation Complete Loading exploits... Exploits loaded: 15216
Issue "help" again and notice that you have more options:
LOCXPL> help
Inguma's Exploit-DB Help
------------------------
fetch Download exploits from exploit-db
Manage Exploit-DB commands
--------------------------
list Show list of local exploits. VERY VERBOSE
search <string> Search exploits containing the string
Example: to search for postgre exploits
'search Postgre'
rport <port> Show exploits afecting a remote port
Define the port using command 'rport 22'
Port must be numeric: 22 intead of SSH
correlate Search the DDBB for all exploits matching rport
for all the ports of a scanned machine. Specify
target machine with 'target 192.168.0.1'
Be sure to scan the machine before!
show Show selected exploit source code
Select exploit using xplpath command:
'xplpath path/to/exploit'
help Show this help
exit Exit DDBB
Search for exploits
See following issue: http://code.google.com/p/inguma/issues/detail?id=13