diff --git a/Bash/Automation/SearchCVE.md b/Bash/Automation/SearchCVE.md new file mode 100644 index 0000000..eb2cb58 --- /dev/null +++ b/Bash/Automation/SearchCVE.md @@ -0,0 +1,89 @@ +# SearchCVE.sh + +## Overview +**SearchCVE.sh** is a Bash script for automated CVE searches in Metasploit. It allows you to check multiple CVEs at once, either from a file or as a single argument, and supports parallel execution for faster results. + +## Features +- **Search for one or many CVEs in Metasploit** +- **Read CVEs from a file or as a direct argument** +- **Parallel execution with configurable threads** +- **Automatic detection of Metasploit installation** +- **Inline help for all usage options** + +## Requirements +- Bash (Linux or macOS) +- Metasploit Framework (`msfconsole`) installed and accessible in your PATH + +## Usage +```sh +# Search all CVEs in a file, one per line +./SearchCVE.sh -f cve.txt + +# Search for a specific CVE +./SearchCVE.sh CVE-2022-41741 + +# Search all CVEs in a file with 5 parallel threads +./SearchCVE.sh -f cve.txt -t 5 + +# Show help +./SearchCVE.sh -h +``` +> The script will print Metasploit search results for each CVE, clearly separated. + +## Output Example +``` +========== CVE:2021-36368 ========== +[-] No results from search +------------------------------ + +========== CVE-2023-20887 ========== + +Matching Modules +================ + + # Name Disclosure Date Rank Check Description + - ---- --------------- ---- ----- ----------- + 0 exploit/linux/http/vmware_vrni_rce_cve_2023_20887 2023-06-07 excellent Yes VMWare Aria Operations for Networks (vRealize Network Insight) pre-authenticated RCE + 1 \_ target: Unix (In-Memory) . . . . + 2 \_ target: Linux Dropper . . . . + + +Interact with a module by name or index. For example info 2, use 2 or use exploit/linux/http/vmware_vrni_rce_cve_2023_20887 +After interacting with a module you can manually set a TARGET with set TARGET 'Linux Dropper' +``` + +## Help & Documentation +You can read the inline help by using: + +```sh +./SearchCVE.sh -h +``` + +## Troubleshooting +- If you see `[ERROR] Metasploit msfconsole is not installed or not detected.`, ensure Metasploit is installed and `msfconsole` is available in your PATH. +- If you see `[ERROR] File 'filename' not found.`, double-check the file location and name. + +## License +``` +MIT License + +Copyright (c) 2025 Miiraak + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. +``` \ No newline at end of file diff --git a/Bash/Automation/SearchCVE.sh b/Bash/Automation/SearchCVE.sh new file mode 100644 index 0000000..1394ab2 --- /dev/null +++ b/Bash/Automation/SearchCVE.sh @@ -0,0 +1,146 @@ +#!/bin/bash + +######################################################################################## +# | +# ███▄ ▄███▓ ██▓ ██▓ ██▀███ ▄▄▄ ▄▄▄ ██ ▄█▀ | +# ▓██▒▀█▀ ██▒▓██▒▓██▒▓██ ▒ ██▒▒████▄ ▒████▄ ██▄█▒ | +# ▓██ ▓██░▒██▒▒██▒▓██ ░▄█ ▒▒██ ▀█▄ ▒██ ▀█▄ ▓███▄░ | +# ▒██ ▒██ ░██░░██░▒██▀▀█▄ ░██▄▄▄▄██░██▄▄▄▄██ ▓██ █▄ | +# ▒██▒ ░██▒░██░░██░░██▓ ▒██▒ ▓█ ▓██▒▓█ ▓██▒▒██▒ █▄ | +# ░ ▒░ ░ ░░▓ ░▓ ░ ▒▓ ░▒▓░ ▒▒ ▓▒█░▒▒ ▓▒█░▒ ▒▒ ▓▒ | +# ░ ░ ░ ▒ ░ ▒ ░ ░▒ ░ ▒░ ▒ ▒▒ ░ ▒ ▒▒ ░░ ░▒ ▒░ | +# ░ ░ ▒ ░ ▒ ░ ░░ ░ ░ ▒ ░ ▒ ░ ░░ ░ | +# ░ ░ ░ ░ ░ ░ ░ ░░ ░ | +# | +# Title : SearchCVE.sh | +# Link : https://github.com/Miiraak/Scripts/tree/master/Bash/Automation/ | +# Version : 2.1 | +# Category : Automation | +# Target : None | +# Description : Automated multi CVE search in Metasploit | +# | +######################################################################################## + +show_help() { + cat << EOF +Usage: $0 [-f ] [-t ] +Options: + -f : File containing a list of CVEs, one per line. + -t : Number of parallel searches (default: 1). + -h : Show this help message. + : Search for a single CVE provided as argument (e.g., CVE-2022-41741). +Examples: + $0 -f cve_list.txt # Search all CVEs in the file + $0 CVE-2022-41741 # Search for a specific CVE + $0 -f cve_list.txt -t 5 # Search all CVEs in the file with 5 parallel tasks +EOF +} + +# Check for msfconsole +if ! command -v msfconsole >/dev/null 2>&1; then + echo "[ERROR] Metasploit msfconsole is not installed or not detected." + exit 1 +fi + +# Default values +file="" +threads=1 +declare -a cves + +# Parse arguments +while getopts ":f:t:h" opt; do + case $opt in + f) file="$OPTARG";; + t) threads="$OPTARG";; + h) show_help; exit 0;; + \?) echo "[ERROR] Unknown option: -$OPTARG"; show_help; exit 1;; + :) echo "[ERROR] Option -$OPTARG requires an argument."; show_help; exit 1;; + esac +done +shift $((OPTIND -1)) + +# Get CVEs +if [ -n "$file" ]; then + if [ ! -f "$file" ]; then + echo "[ERROR] File '$file' not found." + exit 1 + fi + mapfile -t cves < "$file" +elif [ $# -gt 0 ]; then + cves=("$@") +else + echo "[ERROR] No CVE specified." + show_help + exit 1 +fi + +if ! [[ "$threads" =~ ^[0-9]+$ ]] || [ "$threads" -lt 1 ]; then + echo "[ERROR] The number of parallel tasks (-t) must be a positive integer." + exit 1 +fi + +# Progress bar function +progress_bar() { + local current=$1 + local total=$2 + local width=40 + local percent=$((100 * current / total)) + local done=$((width * current / total)) + local left=$((width - done)) + printf "\r[" + for ((i=0; i "$tmpdir/$cve.out" + msfconsole -q -x "search $cve; exit" >> "$tmpdir/$cve.out" 2>&1 + echo -e "------------------------------" >> "$tmpdir/$cve.out" + # Atomically increment counter + ( + flock -x 200 + local count=$(cat "$counterfile") + count=$((count + 1)) + echo "$count" > "$counterfile" + progress_bar "$count" "$total" + ) 200>"$counterfile.lock" +} + +export -f search_cve +export -f progress_bar + +if [ "$threads" -eq 1 ]; then + total=${#cves[@]} + counter=0 + for cve in "${cves[@]}"; do + search_cve "$cve" "/tmp" "/tmp/SearchCVE_counter" "$total" + counter=$((counter + 1)) + progress_bar "$counter" "$total" + echo + cat "/tmp/$cve.out" + rm "/tmp/$cve.out" + done +else + tmpdir=$(mktemp -d) + counterfile="$tmpdir/counter" + echo 0 > "$counterfile" + total=${#cves[@]} + export tmpdir + export counterfile + export total + progress_bar 0 "$total" + # Launch searches in parallel + printf "%s\n" "${cves[@]}" | xargs -P"$threads" -I{} bash -c 'search_cve "$1" "$tmpdir" "$counterfile" "$total"' _ {} + echo + for cve in "${cves[@]}"; do + cat "$tmpdir/$cve.out" + rm "$tmpdir/$cve.out" + done + rm -r "$tmpdir" +fi diff --git a/Tools/ScriptTemplate.ps1 b/Tools/ScriptTemplate.ps1 deleted file mode 100644 index b30da2e..0000000 --- a/Tools/ScriptTemplate.ps1 +++ /dev/null @@ -1,33 +0,0 @@ -######################################################################################## -# | -# Title : .ps1 | -# Link : https://github.com/miiraak/Scripts///subfolder> | -# Version : X.X.X | -# Category : | -# Target : | -# Description : Blablablablabalbalbalbalbablablabalblab | -# | -######################################################################################## - -# ---------------[Parameters]--------------- # -param ( - [string]$param1 = "param1", - [string]$param2 = "param2" -) - -# ---------------[Variables]--------------- # -$Parameter1 = $param1 -$Parameter2 = $param2 -$Parameter3 = $null - -# ---------------[Functions]--------------- # -function functionName { - $Parameter3 = $Parameter1 + $Parameter2 - Write-Output "The result is: $Parameter3" -} - -# ---------------[Execution]--------------- # -functionName - -# ---------------[End]--------------- # -exit 0 \ No newline at end of file