expliot_finder.scraper package

Subpackages

• expliot_finder.scraper.core package
  • Submodules
  • expliot_finder.scraper.core.cve_scrapper module
  • expliot_finder.scraper.core.sites_finder module
  • Module contents

Submodules

expliot_finder.scraper.executor module

Executor of built-in exploits and CVEs scrappers.

This module will run:

• ‘sites_finder’ module

• ‘cve_scrapper’ module

in order to find ready exploits and most suitable CVE for captured ‘service’ by ‘vulnerability_scanner’. Information detected by this module will be saved and returned to the following form:

# Returns URLs to ready exploit that can be used against detected
# service in target and also URL to CVE's that describe vulnerability
# in this detected service
 (
    ['https://www.exploit-db.com/exploits/21314']
    ['https://www.cvedetails.com/cve/CVE-2002-1646/'],
 )

class expliot_finder.scraper.executor.ExploitScrapperExecutor(service_version: str)

Bases: object

This class is a handle to run: (‘sites_finder’, ‘cve_scrapper’) scrappers.

These modules are run asynchronously in order to find ready exploits and most suitable CVE for captured service as quick as possible because the module ‘vulnerability_scanner’ could find a lot of open ports in scanned target. If ‘vulnerability_scanner’ found an open ports there is a high probability that’s module found also services names and services versions for those open ports if so ‘ExploitScrapperExecutor’ will be called to find ready exploits and suitable CVE’s for those captured services.

service_version

Detected service version in a target for which exploit and CVE will be searched for.

google_searcher

A ‘GoogleSitesFinder’ class instance. Methods in this class will be used to find ready exploits and CVE’s for captured service.

google_searcher: GoogleSitesFinder

async run_web_scrappers() → tuple[Optional[list[str]], list[str]]

Run two modules asynchronously in order to output as fast as possible.

Theses two modules will run asynchronously:

• ‘sites_finder’

• ‘cve_scrapper’

to find a ready exploit and most suitable CVE for captured service as fast as possible. Module ‘vulnerability_scanner’ can find a many open ports with services in the scanned target. Without asynchronicity, this module creates a bottleneck.

Returns

Two URLs, one with a ready exploit for captured service and the second one with a most suitable CVE for captured service. This ‘captured service’ is a version of captured service that is currently iterated in ‘main_executor.py’ and is provided to this class attribute as: ‘service_version’.

async scrap_cve() → Optional[list[str]]

Find CVE for captured service by using google search engine.

CVE document can provide useful information about weakness of captured service. Search CVE only in sites with domain: ‘https://www.cvedetails.com’. It is possible that Google search engine will find a page contain an HTML table with a few CVE’s for this captured service if so ‘SuitableCVEFinder’ will be called to extract most suitable CVE for captured service.

Returns

URL or URLs to CVE/CVE’s for captured service.

async scrap_exploits() → list[str]

Find ready exploits for captured service by using google search engine.

Ready exploits mean URL to an HTML page with a raw code of exploits which to exploit the vulnerabilities in captured service. Search ready exploits only in sites with domain: ‘https://www.exploit-db.com’.

Returns

URL or URLs to ready exploit/exploits with which to exploit the vulnerabilities in captured service.

service_version: str

Module contents

Aliases for module ‘scraper’.

expliot_finder.scraper.FindExploit

alias of ExploitScrapperExecutor