From f13e7937b7e5812b652ae321a8b8ddc996768f2a Mon Sep 17 00:00:00 2001 From: Miiraak Date: Thu, 28 Aug 2025 22:10:30 +0200 Subject: [PATCH 1/3] Add SearchCVE.sh script and documentation Introduce SearchCVE.sh for automated CVE searches in Metasploit. Update documentation with an overview, features, usage examples, and troubleshooting tips. Implement argument parsing, error handling, and support for parallel execution in the script. --- Bash/Automation/SearchCVE.md | 89 +++++++++++++++++++++ Bash/Automation/SearchCVE.sh | 146 +++++++++++++++++++++++++++++++++++ Tools/ScriptTemplate.ps1 | 33 -------- 3 files changed, 235 insertions(+), 33 deletions(-) create mode 100644 Bash/Automation/SearchCVE.md create mode 100644 Bash/Automation/SearchCVE.sh delete mode 100644 Tools/ScriptTemplate.ps1 diff --git a/Bash/Automation/SearchCVE.md b/Bash/Automation/SearchCVE.md new file mode 100644 index 0000000..eb2cb58 --- /dev/null +++ b/Bash/Automation/SearchCVE.md @@ -0,0 +1,89 @@ +# SearchCVE.sh + +## Overview +**SearchCVE.sh** is a Bash script for automated CVE searches in Metasploit. It allows you to check multiple CVEs at once, either from a file or as a single argument, and supports parallel execution for faster results. + +## Features +- **Search for one or many CVEs in Metasploit** +- **Read CVEs from a file or as a direct argument** +- **Parallel execution with configurable threads** +- **Automatic detection of Metasploit installation** +- **Inline help for all usage options** + +## Requirements +- Bash (Linux or macOS) +- Metasploit Framework (`msfconsole`) installed and accessible in your PATH + +## Usage +```sh +# Search all CVEs in a file, one per line +./SearchCVE.sh -f cve.txt + +# Search for a specific CVE +./SearchCVE.sh CVE-2022-41741 + +# Search all CVEs in a file with 5 parallel threads +./SearchCVE.sh -f cve.txt -t 5 + +# Show help +./SearchCVE.sh -h +``` +> The script will print Metasploit search results for each CVE, clearly separated. + +## Output Example +``` +========== CVE:2021-36368 ========== +[-] No results from search +------------------------------ + +========== CVE-2023-20887 ========== + +Matching Modules +================ + + # Name Disclosure Date Rank Check Description + - ---- --------------- ---- ----- ----------- + 0 exploit/linux/http/vmware_vrni_rce_cve_2023_20887 2023-06-07 excellent Yes VMWare Aria Operations for Networks (vRealize Network Insight) pre-authenticated RCE + 1 \_ target: Unix (In-Memory) . . . . + 2 \_ target: Linux Dropper . . . . + + +Interact with a module by name or index. For example info 2, use 2 or use exploit/linux/http/vmware_vrni_rce_cve_2023_20887 +After interacting with a module you can manually set a TARGET with set TARGET 'Linux Dropper' +``` + +## Help & Documentation +You can read the inline help by using: + +```sh +./SearchCVE.sh -h +``` + +## Troubleshooting +- If you see `[ERROR] Metasploit msfconsole is not installed or not detected.`, ensure Metasploit is installed and `msfconsole` is available in your PATH. +- If you see `[ERROR] File 'filename' not found.`, double-check the file location and name. + +## License +``` +MIT License + +Copyright (c) 2025 Miiraak + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. +``` \ No newline at end of file diff --git a/Bash/Automation/SearchCVE.sh b/Bash/Automation/SearchCVE.sh new file mode 100644 index 0000000..1394ab2 --- /dev/null +++ b/Bash/Automation/SearchCVE.sh @@ -0,0 +1,146 @@ +#!/bin/bash + +######################################################################################## +# | +# ███▄ ▄███▓ ██▓ ██▓ ██▀███ ▄▄▄ ▄▄▄ ██ ▄█▀ | +# ▓██▒▀█▀ ██▒▓██▒▓██▒▓██ ▒ ██▒▒████▄ ▒████▄ ██▄█▒ | +# ▓██ ▓██░▒██▒▒██▒▓██ ░▄█ ▒▒██ ▀█▄ ▒██ ▀█▄ ▓███▄░ | +# ▒██ ▒██ ░██░░██░▒██▀▀█▄ ░██▄▄▄▄██░██▄▄▄▄██ ▓██ █▄ | +# ▒██▒ ░██▒░██░░██░░██▓ ▒██▒ ▓█ ▓██▒▓█ ▓██▒▒██▒ █▄ | +# ░ ▒░ ░ ░░▓ ░▓ ░ ▒▓ ░▒▓░ ▒▒ ▓▒█░▒▒ ▓▒█░▒ ▒▒ ▓▒ | +# ░ ░ ░ ▒ ░ ▒ ░ ░▒ ░ ▒░ ▒ ▒▒ ░ ▒ ▒▒ ░░ ░▒ ▒░ | +# ░ ░ ▒ ░ ▒ ░ ░░ ░ ░ ▒ ░ ▒ ░ ░░ ░ | +# ░ ░ ░ ░ ░ ░ ░ ░░ ░ | +# | +# Title : SearchCVE.sh | +# Link : https://github.com/Miiraak/Scripts/tree/master/Bash/Automation/ | +# Version : 2.1 | +# Category : Automation | +# Target : None | +# Description : Automated multi CVE search in Metasploit | +# | +######################################################################################## + +show_help() { + cat << EOF +Usage: $0 [-f ] [-t ] +Options: + -f : File containing a list of CVEs, one per line. + -t : Number of parallel searches (default: 1). + -h : Show this help message. + : Search for a single CVE provided as argument (e.g., CVE-2022-41741). +Examples: + $0 -f cve_list.txt # Search all CVEs in the file + $0 CVE-2022-41741 # Search for a specific CVE + $0 -f cve_list.txt -t 5 # Search all CVEs in the file with 5 parallel tasks +EOF +} + +# Check for msfconsole +if ! command -v msfconsole >/dev/null 2>&1; then + echo "[ERROR] Metasploit msfconsole is not installed or not detected." + exit 1 +fi + +# Default values +file="" +threads=1 +declare -a cves + +# Parse arguments +while getopts ":f:t:h" opt; do + case $opt in + f) file="$OPTARG";; + t) threads="$OPTARG";; + h) show_help; exit 0;; + \?) echo "[ERROR] Unknown option: -$OPTARG"; show_help; exit 1;; + :) echo "[ERROR] Option -$OPTARG requires an argument."; show_help; exit 1;; + esac +done +shift $((OPTIND -1)) + +# Get CVEs +if [ -n "$file" ]; then + if [ ! -f "$file" ]; then + echo "[ERROR] File '$file' not found." + exit 1 + fi + mapfile -t cves < "$file" +elif [ $# -gt 0 ]; then + cves=("$@") +else + echo "[ERROR] No CVE specified." + show_help + exit 1 +fi + +if ! [[ "$threads" =~ ^[0-9]+$ ]] || [ "$threads" -lt 1 ]; then + echo "[ERROR] The number of parallel tasks (-t) must be a positive integer." + exit 1 +fi + +# Progress bar function +progress_bar() { + local current=$1 + local total=$2 + local width=40 + local percent=$((100 * current / total)) + local done=$((width * current / total)) + local left=$((width - done)) + printf "\r[" + for ((i=0; i "$tmpdir/$cve.out" + msfconsole -q -x "search $cve; exit" >> "$tmpdir/$cve.out" 2>&1 + echo -e "------------------------------" >> "$tmpdir/$cve.out" + # Atomically increment counter + ( + flock -x 200 + local count=$(cat "$counterfile") + count=$((count + 1)) + echo "$count" > "$counterfile" + progress_bar "$count" "$total" + ) 200>"$counterfile.lock" +} + +export -f search_cve +export -f progress_bar + +if [ "$threads" -eq 1 ]; then + total=${#cves[@]} + counter=0 + for cve in "${cves[@]}"; do + search_cve "$cve" "/tmp" "/tmp/SearchCVE_counter" "$total" + counter=$((counter + 1)) + progress_bar "$counter" "$total" + echo + cat "/tmp/$cve.out" + rm "/tmp/$cve.out" + done +else + tmpdir=$(mktemp -d) + counterfile="$tmpdir/counter" + echo 0 > "$counterfile" + total=${#cves[@]} + export tmpdir + export counterfile + export total + progress_bar 0 "$total" + # Launch searches in parallel + printf "%s\n" "${cves[@]}" | xargs -P"$threads" -I{} bash -c 'search_cve "$1" "$tmpdir" "$counterfile" "$total"' _ {} + echo + for cve in "${cves[@]}"; do + cat "$tmpdir/$cve.out" + rm "$tmpdir/$cve.out" + done + rm -r "$tmpdir" +fi diff --git a/Tools/ScriptTemplate.ps1 b/Tools/ScriptTemplate.ps1 deleted file mode 100644 index b30da2e..0000000 --- a/Tools/ScriptTemplate.ps1 +++ /dev/null @@ -1,33 +0,0 @@ -######################################################################################## -# | -# Title : .ps1 | -# Link : https://github.com/miiraak/Scripts///subfolder> | -# Version : X.X.X | -# Category : | -# Target : | -# Description : Blablablablabalbalbalbalbablablabalblab | -# | -######################################################################################## - -# ---------------[Parameters]--------------- # -param ( - [string]$param1 = "param1", - [string]$param2 = "param2" -) - -# ---------------[Variables]--------------- # -$Parameter1 = $param1 -$Parameter2 = $param2 -$Parameter3 = $null - -# ---------------[Functions]--------------- # -function functionName { - $Parameter3 = $Parameter1 + $Parameter2 - Write-Output "The result is: $Parameter3" -} - -# ---------------[Execution]--------------- # -functionName - -# ---------------[End]--------------- # -exit 0 \ No newline at end of file From dbe147269fba85226e697389c5939ec365088466 Mon Sep 17 00:00:00 2001 From: Miiraak Date: Thu, 28 Aug 2025 22:44:20 +0200 Subject: [PATCH 2/3] Update documentation for SearchCVE output format --- Bash/Automation/SearchCVE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Bash/Automation/SearchCVE.md b/Bash/Automation/SearchCVE.md index eb2cb58..e145cd7 100644 --- a/Bash/Automation/SearchCVE.md +++ b/Bash/Automation/SearchCVE.md @@ -31,7 +31,7 @@ > The script will print Metasploit search results for each CVE, clearly separated. ## Output Example -``` +```sh ========== CVE:2021-36368 ========== [-] No results from search ------------------------------ From f1d7b0e1e84744f8b0e598a61c8b4c502bf92ecc Mon Sep 17 00:00:00 2001 From: Miiraak Date: Thu, 28 Aug 2025 22:49:23 +0200 Subject: [PATCH 3/3] ... --- Bash/Automation/SearchCVE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Bash/Automation/SearchCVE.md b/Bash/Automation/SearchCVE.md index e145cd7..eb2cb58 100644 --- a/Bash/Automation/SearchCVE.md +++ b/Bash/Automation/SearchCVE.md @@ -31,7 +31,7 @@ > The script will print Metasploit search results for each CVE, clearly separated. ## Output Example -```sh +``` ========== CVE:2021-36368 ========== [-] No results from search ------------------------------