chrisjsimpson · August 27, 2012 16:46
diff --git a/mosre_hastle_than_its_worth.php b/mosre_hastle_than_its_worth.php
 <?php
 /*  Terminal sript for fast searching of the exploit-db.com/search page
 *	
 *   Requires: php5, curl, php-cli, w3m (use sudo apt-get install programName)
 *
 *   For defaults just leave questions blank & press enter.
 *
 *	Notes for improvement:
 *	> No pagination support (only shows page one of results)
 *	> Writes search result to a file- this is messy, must be better way
 *
 */

 //Initialise search parameters to default values

 $searchTerms = array(); //Search parameters as associative array

 $searchTerms['action'] = 'search';
 $searchTerms['filter_page'] = 1;
 $searchTerms['filter_description'] = '';
 $searchTerms['filter_exploit_text'] = '';
 $searchTerms['filter_author'] = '';
 $searchTerms['filter_platform'] = 0;
 $searchTerms['filter_type'] = 0;
 $searchTerms['filter_lang_id'] = 0;
 $searchTerms['filter_port'] = '';
 $searchTerms['filter_osvdb'] = '';
 $searchTerms['filter_cve'] = '';

 //Get description
 echo "\nEnter exploit description (e.g. 'mysql'): ";
 fscanf(STDIN, "%s", $searchTerms['filter_description']);
 echo "\nOK [{$searchTerms['filter_description']}]\n";

 //Get exploit text
 echo "\nEnter free text search (e.g. 'the' also finds 'Thesis'): ";
 fscanf(STDIN, "%s", $searchTerms['filter_exploit_text']); 
 print "OK [{$searchTerms['filter_exploit_text']}]\n";

 //Get author
 echo "\nAuthor name: ";
 fscanf(STDIN, "%s", $searchTerms['filter_author']);
 echo "OK [{$searchTerms['filter_author']}]\n";

 //Get platform
 echo "\nPlatform: ";
 fscanf(STDIN, "%s", $searchTerms['filter_platform']);
 echo "\nOK [{$searchTerms['filter_platform']}]\n";

 //Get type (dos, local, papers, remote, shellcode, webapps)
 echo "\nType: ";
 fscanf(STDIN, "%s", $searchTerms['filter_type']);
 echo "\nOK [{$searchTerms['filter_type']}]\n";

 //Get language
 echo "\nLanguage: ";
 fscanf(STDIN, "%s", $searchTerms['filter_lang_id']);
 echo "\nOK [{$searchTerms['filter_lang_id']}]\n";

 //Get port
 echo "\nPort: ";
 fscanf(STDIN, "%s", $searchTerms['filter_port']);
 echo "OK [{$searchTerms['filter_port']}]\n";

 //Get osvdb
 echo "\nOsvdb: ";
 fscanf(STDIN, "%s", $searchTerms['filter_osvdb']);
 echo "\nOK [{$searchTerms['filter_osvdb']}]\n";

 //Get cve 
 echo "\nCVE (eg: 2010-2204): ";
 fscanf(STDIN, "%s", $searchTerms['filter_cve']);
 echo "\nOK [{$searchTerms['filter_cve']}]\n";


 ###########
 ##########	echo all search terms for confirmation:
 ############

 echo "#######################\n";
 echo "  Search terms chosen: ";
 echo "\n#####################\n";

 foreach($searchTerms as $term=>$value)
 	{
 		echo "---> $term = $value \n";
 	}


 //Build query url
 $url = 'http://www.exploit-db.com/search/?action=search&filter_page=1&';
 $url .= "filter_description={$searchTerms['filter_description']}";
 $url .= '&filter_exploit_text=' . $searchTerms['filter_exploit_text'];
 $url .= '&filter_author=' . $searchTerms['filter_author'];
 $url .= '&filter_platform=' . $searchTerms['filter_platform'];
 $url .= '&filter_type=' . $searchTerms['filter_type'];
 $url .= '&filter_lang_id=' . $searchTerms['filter_lang_id'];
 $url .= '&filter_port=' . $searchTerms['filter_port'];
 $url .= '&filter_osvdb='. $searchTerms['filter_osvdb'];
 $url .= '&filter_cve=' . $searchTerms['filter_cve'];


 //echo URL
 echo "\n\n$url\n\n";

 echo "#########################\n######## Please wait while result is fetched ###########\n #######################\n";


 //Pull search page 1 search  result using curl

 $curl  = curl_init($url);

 //Tell curl to fail on error:
 curl_setopt($curl, CURLOPT_FAILONERROR, 1);

 //Allow for redirects:
 curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);

 //Assign returned data to a variable:
 curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

 //Set a timeout:
 curl_setopt($curl, CURLOPT_TIMEOUT, 20);

 //Execute the trasaction:
 $result = curl_exec($curl);

 //Close the connection:
 curl_close($curl);


 //Use phpDOM to get only the table from the webpage.

 $dom = new DOMDocument;

 $dom->loadHTML($result);

 //Strip out only the results <table> tag 
 $resultsTable = $dom->getElementsByTagName('table')->item(0);

 //Get results table out of the DOMDocument object
 $data = $dom->saveHTML($resultsTable);

 //Prepare file to write results to 
 $file = 'test.txt';

 $fh = fopen($file, 'w') or die("can't create file");

 //Write results table to $file
 fwrite($fh, $data);

 fclose($fh);

 //Pass html results table to w3m (a terminal web browser) this formats the html table nicely.
 system('w3m -T text/html test.txt');  //-  system() strips the links from w3ms output :(
	<?php
	/* Terminal sript for fast searching of the exploit-db.com/search page
	*
	* Requires: php5, curl, php-cli, w3m (use sudo apt-get install programName)
	*
	* For defaults just leave questions blank & press enter.
	*
	* Notes for improvement:
	* > No pagination support (only shows page one of results)
	* > Writes search result to a file- this is messy, must be better way
	*
	*/

	//Initialise search parameters to default values

	$searchTerms = array(); //Search parameters as associative array

	$searchTerms['action'] = 'search';
	$searchTerms['filter_page'] = 1;
	$searchTerms['filter_description'] = '';
	$searchTerms['filter_exploit_text'] = '';
	$searchTerms['filter_author'] = '';
	$searchTerms['filter_platform'] = 0;
	$searchTerms['filter_type'] = 0;
	$searchTerms['filter_lang_id'] = 0;
	$searchTerms['filter_port'] = '';
	$searchTerms['filter_osvdb'] = '';
	$searchTerms['filter_cve'] = '';

	//Get description
	echo "\nEnter exploit description (e.g. 'mysql'): ";
	fscanf(STDIN, "%s", $searchTerms['filter_description']);
	echo "\nOK [{$searchTerms['filter_description']}]\n";

	//Get exploit text
	echo "\nEnter free text search (e.g. 'the' also finds 'Thesis'): ";
	fscanf(STDIN, "%s", $searchTerms['filter_exploit_text']);
	print "OK [{$searchTerms['filter_exploit_text']}]\n";

	//Get author
	echo "\nAuthor name: ";
	fscanf(STDIN, "%s", $searchTerms['filter_author']);
	echo "OK [{$searchTerms['filter_author']}]\n";

	//Get platform
	echo "\nPlatform: ";
	fscanf(STDIN, "%s", $searchTerms['filter_platform']);
	echo "\nOK [{$searchTerms['filter_platform']}]\n";

	//Get type (dos, local, papers, remote, shellcode, webapps)
	echo "\nType: ";
	fscanf(STDIN, "%s", $searchTerms['filter_type']);
	echo "\nOK [{$searchTerms['filter_type']}]\n";

	//Get language
	echo "\nLanguage: ";
	fscanf(STDIN, "%s", $searchTerms['filter_lang_id']);
	echo "\nOK [{$searchTerms['filter_lang_id']}]\n";

	//Get port
	echo "\nPort: ";
	fscanf(STDIN, "%s", $searchTerms['filter_port']);
	echo "OK [{$searchTerms['filter_port']}]\n";

	//Get osvdb
	echo "\nOsvdb: ";
	fscanf(STDIN, "%s", $searchTerms['filter_osvdb']);
	echo "\nOK [{$searchTerms['filter_osvdb']}]\n";

	//Get cve
	echo "\nCVE (eg: 2010-2204): ";
	fscanf(STDIN, "%s", $searchTerms['filter_cve']);
	echo "\nOK [{$searchTerms['filter_cve']}]\n";


	###########
	########## echo all search terms for confirmation:
	############

	echo "#######################\n";
	echo " Search terms chosen: ";
	echo "\n#####################\n";

	foreach($searchTerms as $term=>$value)
	{
	echo "---> $term = $value \n";
	}


	//Build query url
	$url = 'http://www.exploit-db.com/search/?action=search&filter_page=1&';
	$url .= "filter_description={$searchTerms['filter_description']}";
	$url .= '&filter_exploit_text=' . $searchTerms['filter_exploit_text'];
	$url .= '&filter_author=' . $searchTerms['filter_author'];
	$url .= '&filter_platform=' . $searchTerms['filter_platform'];
	$url .= '&filter_type=' . $searchTerms['filter_type'];
	$url .= '&filter_lang_id=' . $searchTerms['filter_lang_id'];
	$url .= '&filter_port=' . $searchTerms['filter_port'];
	$url .= '&filter_osvdb='. $searchTerms['filter_osvdb'];
	$url .= '&filter_cve=' . $searchTerms['filter_cve'];


	//echo URL
	echo "\n\n$url\n\n";

	echo "#########################\n######## Please wait while result is fetched ###########\n #######################\n";


	//Pull search page 1 search result using curl

	$curl = curl_init($url);

	//Tell curl to fail on error:
	curl_setopt($curl, CURLOPT_FAILONERROR, 1);

	//Allow for redirects:
	curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);

	//Assign returned data to a variable:
	curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

	//Set a timeout:
	curl_setopt($curl, CURLOPT_TIMEOUT, 20);

	//Execute the trasaction:
	$result = curl_exec($curl);

	//Close the connection:
	curl_close($curl);


	//Use phpDOM to get only the table from the webpage.

	$dom = new DOMDocument;

	$dom->loadHTML($result);

	//Strip out only the results <table> tag
	$resultsTable = $dom->getElementsByTagName('table')->item(0);

	//Get results table out of the DOMDocument object
	$data = $dom->saveHTML($resultsTable);

	//Prepare file to write results to
	$file = 'test.txt';

	$fh = fopen($file, 'w') or die("can't create file");

	//Write results table to $file
	fwrite($fh, $data);

	fclose($fh);

	//Pass html results table to w3m (a terminal web browser) this formats the html table nicely.
	system('w3m -T text/html test.txt'); //- system() strips the links from w3ms output :(