exploitdb nmap script available
Here is a little script wrote by “L10n“. It searches the exploitdb archive for possible exploits. It is very verbose and can give you false positives.
More information about official scripts.
description = [[Searches for exploits in the exploitdb on Backtrack. This archive can also be found at http://www.exploitdb.com]]
author = “L10n”
license = “Same as Nmap–See http://nmap.org/book/man-legal.html”
categories = {“safe”, “vuln”}require(“stdnse”)
portrule = function(host, port)
return port.state == “open”
endaction = function(host, port)
local n = port.version.product
local exploits = “”
for line in io.lines (“/pentest/exploits/exploitdb/files.csv”) do
if string.match(line, n) and string.match(line, “remote”) then
local items = split(line, “,”)
local file = items[2]
local desc = items[3]
exploits = exploits..file..” —> “..desc..”\n”
end
end
if not string.match(exploits, “\n”) then
exploits = nil
end
exploits = ” \n”..exploits
return exploits
endfunction split(str, pat)
local t = {} — NOTE: use {n = 0} in Lua-5.0
local fpat = “(.-)” .. pat
local last_end = 1
local s, e, cap = str:find(fpat, 1)
while s do
if s ~= 1 or cap ~= “” then
table.insert(t,cap)
end
last_end = e+1
s, e, cap = str:find(fpat, last_end)
end
if last_end <= #str then
cap = str:sub(last_end)
table.insert(t, cap)
end
return t
end
