From 4306d013eb2e831ff2dba80798655ab43fab766a Mon Sep 17 00:00:00 2001 From: Hash Borgir Date: Thu, 16 Oct 2025 15:35:30 -0500 Subject: [PATCH] ExploitDB plugin added --- README.md | 62 +++++++++++ funguy.py | 2 +- plugins/exploitdb.py | 238 ++++++++++++++++++++++++++++++++++++++++++ plugins/help.py | 39 +++++++ plugins/loadplugin.py | 3 +- 5 files changed, 342 insertions(+), 2 deletions(-) create mode 100644 plugins/exploitdb.py diff --git a/README.md b/README.md index 6973001..73e1307 100644 --- a/README.md +++ b/README.md @@ -171,6 +171,68 @@ Common Search Filters: http.title:"admin" - HTTP page title contains ``` +### 🔍 DNSDumpster Reconnaissance + +**🌐 !dnsdumpster [domain]** +Comprehensive DNS reconnaissance and attack surface mapping using DNSDumpster.com API. + +**Commands:** +- `!dnsdumpster ` - Complete DNS reconnaissance for any domain +- `!dnsdumpster test` - Test API connection and key validity + +**Features:** +- **A Records**: All IPv4 addresses with geographic and ASN information +- **NS Records**: Complete name server information with IP locations +- **MX Records**: All mail servers with geographic data +- **CNAME Records**: Full alias chain mappings +- **TXT Records**: All text records including SPF, DKIM, verification records +- **Additional Records**: AAAA, SRV, SOA, PTR records when available +- **Web Services**: HTTP/HTTPS service detection with banner information + +**Examples:** +```bash +!dnsdumpster google.com +!dnsdumpster github.com +!dnsdumpster example.com +!dnsdumpster test + +Data Returned: + Total record counts for each type + IP addresses with country and ASN information + Web server banners and technologies + Complete subdomain and host mappings + Geographic distribution of services +Requires DNSDUMPSTER_KEY environment variable in .env file +``` + +## ExploitDB Plugin + +A security plugin that searches Exploit-DB for vulnerabilities and exploits directly from Matrix. + +### Features +- Searches the official Exploit-DB CSV database for security exploits +- Provides direct links to exploit details +- Fallback to web search when CSV lookup fails +- Configurable result limits (1-10) +- Formatted output with exploit metadata + +### Commands +- `!exploitdb [max_results]` - Search Exploit-DB for vulnerabilities + +### Examples +``` +!exploitdb wordpress +!exploitdb apache 3 +!exploitdb windows privilege escalation +!exploitdb android 10 +``` +### Usage Notes +- Maximum results limited to 10 for performance +- Results include: title, EDB-ID, type, platform, author, date, and direct URL +- Includes responsible disclosure reminder +- Automatically falls back to search links if CSV database is unavailable + + ### AI & Generation Commands **🤖 AI Commands (!tech, !music, !eth, etc.)** diff --git a/funguy.py b/funguy.py index 6733289..ed92296 100755 --- a/funguy.py +++ b/funguy.py @@ -22,7 +22,7 @@ ALLOWED_PLUGINS = { 'ai', 'config', 'cron', 'date', 'fortune', 'help', 'isup', 'karma', 'loadplugin', 'plugins', 'proxy', 'sd_text', 'stable-diffusion', 'xkcd', 'youtube-preview', 'youtube-search', 'weather', 'urbandictionary', - 'bitcoin', 'dns', 'shodan', 'dnsdumpster' + 'bitcoin', 'dns', 'shodan', 'dnsdumpster', 'exploitdb' } class FunguyBot: diff --git a/plugins/exploitdb.py b/plugins/exploitdb.py new file mode 100644 index 0000000..6b47770 --- /dev/null +++ b/plugins/exploitdb.py @@ -0,0 +1,238 @@ +""" +This plugin provides a command to search Exploit-DB for security exploits and vulnerabilities. +Uses the searchsploit-style approach with the files.csv database. +""" + +import logging +import requests +import csv +import io +import simplematrixbotlib as botlib +from datetime import datetime + +# Exploit-DB CSV database URL +EXPLOITDB_CSV_URL = "https://gitlab.com/exploit-database/exploitdb/-/raw/main/files_exploits.csv" + + +def format_exploit(exploit, index, total): + """ + Format an exploit entry for display. + + Args: + exploit (dict): The exploit data. + index (int): Current result index. + total (int): Total number of results. + + Returns: + str: Formatted HTML string. + """ + edb_id = exploit.get('id', 'N/A') + title = exploit.get('description', 'No title') + date = exploit.get('date', 'Unknown') + author = exploit.get('author', 'Unknown') + exploit_type = exploit.get('type', 'Unknown') + platform = exploit.get('platform', 'Unknown') + + # Build the URL + url = f"https://www.exploit-db.com/exploits/{edb_id}" + + output = f"""💣 Exploit {index}/{total}
+Title: {title}
+EDB-ID: {edb_id}
+Type: {exploit_type} | Platform: {platform}
+Author: {author} | Date: {date}
+URL: {url}""" + + return output + + +async def search_exploitdb_csv(query, max_results=5): + """ + Search Exploit-DB CSV database for exploits matching the query. + + Args: + query (str): Search term. + max_results (int): Maximum number of results to return. + + Returns: + list: List of exploit dictionaries, or None on error. + """ + try: + logging.info(f"Downloading Exploit-DB CSV database...") + + headers = { + 'User-Agent': 'FunguyBot/1.0', + } + + # Download the CSV file + response = requests.get(EXPLOITDB_CSV_URL, headers=headers, timeout=30) + response.raise_for_status() + + # Parse CSV + csv_data = response.text + csv_file = io.StringIO(csv_data) + reader = csv.DictReader(csv_file) + + # Search through CSV + results = [] + query_lower = query.lower() + + logging.info(f"Searching CSV for: {query}") + + for row in reader: + # Search in description (title) and other fields + description = row.get('description', '').lower() + file_path = row.get('file', '').lower() + + if query_lower in description or query_lower in file_path: + exploit = { + 'id': row.get('id', 'N/A'), + 'description': row.get('description', 'No title'), + 'date': row.get('date_published', row.get('date', 'Unknown')), + 'author': row.get('author', 'Unknown'), + 'type': row.get('type', 'Unknown'), + 'platform': row.get('platform', 'Unknown') + } + results.append(exploit) + + if len(results) >= max_results: + break + + return results + + except requests.exceptions.Timeout: + logging.error("Timeout downloading Exploit-DB database") + return None + except requests.exceptions.RequestException as e: + logging.error(f"Error downloading Exploit-DB database: {e}") + return None + except Exception as e: + logging.error(f"Unexpected error searching Exploit-DB: {e}", exc_info=True) + return None + + +async def search_exploitdb_google(query, max_results=5): + """ + Alternative: Search Exploit-DB using site-specific search. + Returns formatted search URLs instead of parsing. + + Args: + query (str): Search term. + max_results (int): Maximum number of results to return. + + Returns: + str: Formatted search information. + """ + # Create search URLs + exploitdb_search_url = f"https://www.exploit-db.com/search?q={query}" + google_search_url = f"https://www.google.com/search?q=site:exploit-db.com+{query}" + + output = f"""💣 Exploit-DB Search for: {query}

+Direct Search:
+{exploitdb_search_url}

+Google Site Search:
+{google_search_url}

+💡 Tip: You can also use searchsploit command-line tool for offline searches.
+⚠️ Use responsibly and only on systems you have permission to test.""" + + return output + + +async def handle_command(room, message, bot, prefix, config): + """ + Function to handle the !exploitdb command. + + Args: + room (Room): The Matrix room where the command was invoked. + message (RoomMessage): The message object containing the command. + bot (Bot): The bot object. + prefix (str): The command prefix. + config (dict): Configuration parameters. + + Returns: + None + """ + match = botlib.MessageMatch(room, message, bot, prefix) + if match.is_not_from_this_bot() and match.prefix() and match.command("exploitdb"): + logging.info("Received !exploitdb command") + + args = match.args() + + if len(args) < 1: + await bot.api.send_text_message( + room.room_id, + "Usage: !exploitdb [max_results]\n" + "Examples:\n" + " !exploitdb wordpress\n" + " !exploitdb apache 3\n" + " !exploitdb windows privilege escalation\n" + "Searches Exploit-DB for security vulnerabilities and exploits." + ) + logging.info("Sent usage message for !exploitdb") + return + + # Check if last argument is a number (max results) + max_results = 5 + search_terms = args + + if args[-1].isdigit(): + max_results = int(args[-1]) + if max_results < 1: + max_results = 1 + elif max_results > 10: + max_results = 10 + search_terms = args[:-1] + + query = ' '.join(search_terms) + + try: + # Send "searching" message + await bot.api.send_text_message( + room.room_id, + f"🔍 Searching Exploit-DB for: {query}... (this may take a moment)" + ) + + # Try CSV search first + exploits = await search_exploitdb_csv(query, max_results) + + if exploits is None: + # Fallback to providing search links + logging.warning("CSV search failed, providing search links instead") + output = await search_exploitdb_google(query, max_results) + await bot.api.send_markdown_message(room.room_id, output) + return + + if not exploits: + # Also provide search links when no results + output = f"No exploits found in local search for: {query}

" + output += await search_exploitdb_google(query, max_results) + await bot.api.send_markdown_message(room.room_id, output) + logging.info(f"No exploits found for: {query}") + return + + total = len(exploits) + logging.info(f"Found {total} exploit(s) for: {query}") + + # Format all results + output = f"💣 Exploit-DB Search Results for: {query}

" + + for idx, exploit in enumerate(exploits, 1): + output += format_exploit(exploit, idx, total) + output += "

" + + output += f"⚠️ Use responsibly and only on systems you have permission to test." + + # Wrap in collapsible details if more than 2 results + if total > 2: + summary = f"💣 Exploit-DB: {query} ({total} results)" + output = f"
{summary}{output}
" + + await bot.api.send_markdown_message(room.room_id, output) + logging.info(f"Sent {total} exploit(s) for: {query}") + + except Exception as e: + await bot.api.send_text_message( + room.room_id, + f"An error occurred while searching Exploit-DB: {str(e)}" + ) + logging.error(f"Error in exploitdb plugin: {e}", exc_info=True) diff --git a/plugins/help.py b/plugins/help.py index 013684c..7b3fad9 100644 --- a/plugins/help.py +++ b/plugins/help.py @@ -126,6 +126,45 @@ async def handle_command(room, message, bot, prefix, config): Rate Limit: 1 request per 2 seconds

+
+💣 !exploitdb - Search Exploit Database +
+Description:
+Search Exploit-DB for security vulnerabilities and exploits. Returns detailed information about exploits including EDB-ID, type, platform, author, and direct links to exploit code.
+
+Usage:
+!exploitdb <search_term> [max_results]
+
+Parameters:
+• search_term (required) - Software name, CVE number, or vulnerability type
+• max_results (optional) - Number of results to return (1-10, default: 5)
+
+Examples:
+!exploitdb wordpress - Search for WordPress exploits
+!exploitdb apache 3 - Get 3 Apache exploits
+!exploitdb windows privilege escalation - Search for Windows privesc
+!exploitdb CVE-2021-44228 - Search by CVE number
+!exploitdb linux kernel 10 - Get 10 Linux kernel exploits
+!exploitdb sql injection - Search for SQL injection exploits
+
+Output Includes:
+• Exploit title and description
+• EDB-ID (Exploit Database ID)
+• Exploit type (webapps, local, remote, etc.)
+• Platform/OS (PHP, Linux, Windows, etc.)
+• Author name
+• Publication date
+• Direct link to full exploit code
+
+Notes:
+• Searches the official Exploit-DB CSV database
+• May take a few seconds on first use (downloads database)
+• Falls back to search links if database unavailable
+
+⚠️ Use responsibly and only on systems you have permission to test. +
+ +
📸 !sd [prompt]

Generates images using self-hosted Stable Diffusion. Supports options: --steps, --cfg, --h, --w, --neg, --sampler. Uses queuing system to handle multiple requests. See available options using just '!sd'.

diff --git a/plugins/loadplugin.py b/plugins/loadplugin.py index 902d63a..71f6a20 100644 --- a/plugins/loadplugin.py +++ b/plugins/loadplugin.py @@ -61,7 +61,8 @@ async def load_plugin(plugin_name): 'bitcoin':'plugins.bitcoin', 'dns':'plugins.dns', 'shodan':'plugins.shodan', - 'dnsdumpster': 'plugins.dnsdumpster' + 'dnsdumpster': 'plugins.dnsdumpster', + 'exploitdb': 'plugins.exploitdb' } # Get the module path from the mapping