Hello,

Is it plan to support local database with 'cvelist' argument ?

Regards,

My environment is as follows.
Ubuntu : 16.04.3
Python : 2.7.12

    ./getsploit.py -u
    Downloading getsploit database archive. Please wait, it may take time. Usually around 5-10 minutes.
    Traceback (most recent call last):
        File "./getsploit.py", line 802, in <module>
            main()
        File "./getsploit.py", line 743, in main
            downloadVulnersGetsploitDB(DBPATH)
        File "./getsploit.py", line 648, in downloadVulnersGetsploitDB
            downloadFile(vulnersURL['updateAPI'], archiveFileName, progress_callback=progress_callback_simple)
        File "./getsploit.py", line 619, in downloadFile
            file_size = int(meta.getheaders("Content-Length")[0])
    IndexError: list index out of range

Breaks on line 664. Not sure what the problem is, whether the weird way you call print() or (more likely) something wrong with pathname2urlHandler(finalQuery).

Win7 Pro 64-bit, Python 2.7.6, sample output:

python getploit.py smb

Total found exploits: 850
Traceback (most recent call last):
  File "getsploit.py", line 672, in <module>
    main()
  File "getsploit.py", line 664, in main
    print("Web-search URL: %s" % 'https://vulners.com/search?query=%s' % pathname2urlHandler(finalQuery))
  File "C:\Python\lib\nturl2path.py", line 58, in pathname2url
    raise IOError, error
IOError: Bad path: bulletinFamily:exploit AND smb

After I enter my API key, this error message always shows up
Traceback (most recent call last): File "$HOME/Library/Python/2.7/bin/getsploit", line 8, in <module> sys.exit(main()) File "$HOME/Library/Python/2.7/lib/python/site-packages/getsploit/getsploit.py", line 189, in main vulners_lib = sploitVulners(api_key=api_key) File "$HOME/Library/Python/2.7/lib/python/site-packages/vulners/api.py", line 120, in __init__ max_retries=retries)

UpdateAPI https://vulners.com/api/v3/archive/getsploit/ is returning an empty sqlite database, can you take a look at it?

I'm expecting a ~900M zip file.

Hello,

We don't have same result when trying to get exploits using following commands:

• getsploit -j cvelist:CVE-2019-5521
  --> exploit not found. OK

• getsploit -j cvelist:CVE-2019-5684
  --> exploit not found. OK

• but, getsploit -j cvelist:CVE-2019-5521,CVE-2019-5684
  --> several exploits found but there is no link between result and CVE Ids given in input.

Any Idea ?

Regards,

la-la-2:getsploit none$ getsploit --update
Downloading getsploit database archive. Please wait, it may take time. Usually around 5-10 minutes.
[################################] 276048/427041 - 00:01:35

Unpacking database.
Traceback (most recent call last):
File "/Users/none/.pyenv/versions/3.6.5/bin/getsploit", line 11, in
load_entry_point('getsploit==0.3.3', 'console_scripts', 'getsploit')()
File "/Users/none/.pyenv/versions/3.6.5/lib/python3.6/site-packages/getsploit-0.3.3-py3.6.egg/getsploit/getsploit.py", line 204, in main
vulners_lib.downloadGetsploitDb(os.path.join(DBPATH, "getsplit.db.zip"))
File "/Users/none/.pyenv/versions/3.6.5/lib/python3.6/site-packages/getsploit-0.3.3-py3.6.egg/getsploit/getsploit.py", line 93, in downloadGetsploitDb
zip_ref = zipfile.ZipFile(full_path, 'r')
File "/Users/none/.pyenv/versions/3.6.5/lib/python3.6/zipfile.py", line 1108, in init
self._RealGetContents()
File "/Users/none/.pyenv/versions/3.6.5/lib/python3.6/zipfile.py", line 1175, in _RealGetContents
raise BadZipFile("File is not a zip file")
zipfile.BadZipFile: File is not a zip file

Hi,
I get the following when issuing the following command: getsploit -u:
is this an error handling routine issue?

Downloading getsploit database archive. Please wait, it may take time. Usually around 5-10 minutes.
39084032/336659441 [11.61%]Traceback (most recent call last):
File "/usr/local/bin/getsploit", line 11, in
sys.exit(main())
File "/usr/local/lib/python2.7/dist-packages/getsploit/getsploit.py", line 731, in main
downloadVulnersGetsploitDB(DBPATH)
File "/usr/local/lib/python2.7/dist-packages/getsploit/getsploit.py", line 636, in downloadVulnersGetsploitDB
downloadFile(vulnersURL['updateAPI'], archiveFileName, progress_callback=progress_callback_simple)
File "/usr/local/lib/python2.7/dist-packages/getsploit/getsploit.py", line 608, in downloadFile
_download_helper(response,out_file,file_size)
File "/usr/local/lib/python2.7/dist-packages/getsploit/getsploit.py", line 590, in _download_helper
buffer = response.read(block_size)
File "/usr/lib/python2.7/socket.py", line 384, in read
data = self._sock.recv(left)
File "/usr/lib/python2.7/httplib.py", line 597, in read
s = self.fp.read(amt)
File "/usr/lib/python2.7/socket.py", line 384, in read
data = self._sock.recv(left)
File "/usr/lib/python2.7/ssl.py", line 772, in recv
return self.read(buflen)
File "/usr/lib/python2.7/ssl.py", line 659, in read
v = self._sslobj.read(len)
socket.error: [Errno 104] Connection reset by peer

Hello there,

In its pip package getsploit informs that Python 2 is supported to run it.
But in Python 2 os.makedirs does not have an exist_ok option so it does not work:

New in version 3.2: The exist_ok parameter.

Cheers.

First Thanks for this package!

using: python 3.5.0 on anaconda continuum
I had an issue UnicodeEncodeError: 'charmap' codec can't encode character I couldn't debug it.

~\Documents\GitHub\getsploit [master ≡]> python getsploit.py django
Total found exploits: 41
Web-search URL: https://vulners.com/search?query=bulletinFamily%3Aexploit+AND+django
Traceback (most recent call last):
  File "getsploit.py", line 673, in <module>
    main()
  File "getsploit.py", line 670, in main
    print(outputTable.draw())
  File "C:\Users\Jeffrey\Miniconda3\lib\encodings\cp437.py", line 19, in encode
    return codecs.charmap_encode(input,self.errors,encoding_map)[0]
UnicodeEncodeError: 'charmap' codec can't encode character '\uff09' in position 598: character maps to <undefined>

When I add a return (out[:-1]).encode('utf-8') into line 313 the output is not well formatted.

When you first launch latest version of getsploit and enter the API key you can by chance entering spaces and see this output:

linxon@cirno-chan ~/.getsploit $ getsploit 
To use getsploit you need to obtain Vulners API key at https://vulners.com
Please, enter API key:     asd    
Traceback (most recent call last):
  File "/usr/lib/python-exec/python3.6/getsploit", line 11, in <module>
    load_entry_point('getsploit==0.3.2', 'console_scripts', 'getsploit')()
  File "/usr/lib64/python3.6/site-packages/getsploit/getsploit.py", line 145, in main
    vulners_lib = sploitVulners(api_key=api_key)
  File "/usr/lib64/python3.6/site-packages/vulners/api.py", line 102, in __init__
    if api_key and not self.__validKey(api_key):
  File "/usr/lib64/python3.6/site-packages/vulners/api.py", line 199, in __validKey
    return self.vulners_post_request('apiKey', {'keyID':api_key}).get('valid')
AttributeError: 'bytes' object has no attribute 'get'

After I downloaded some exploits for wordpress how would I use them?

sorry for retarded question.

Hi,

When I tried to update getsploit database, I got this error:

/usr/local/lib/venvs/getsploit/lib/python3.9/site-packages/vulners/vulners.py:439: DeprecationWarning: Vulners is deprecated and will be removed in future release. Use VulnersApi instead.
  warnings.warn(
Traceback (most recent call last):
  File "/usr/local/bin/getsploit", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/venvs/getsploit/lib/python3.9/site-packages/getsploit/getsploit.py", line 195, in main
    vulners_lib._Vulners__opener.headers.update({'User-Agent': 'Vulners Getsploit %s' % __version__})
AttributeError: 'sploitVulners' object has no attribute '_Vulners__opener'

Any idea ?

Hi,
can you please push the missing git tags like 0.3.1 - 0.3.3? It would be great to always have a matching tag available.
This would make it easier to potentially package this tool in a distro. thank you very much 🐈

Hello,

getsploit -j "CVE-2018-1001"

return exploits for the specific CVE BUT ALSO for other exploits (example return exploit about EURLEROS_SA-2018-1001 that talks about CVE-2018-5715 and not CVE-2018-1001) :-(

Any ideas ?

Regards

I cannot download database using "getsploit --update", the download hangs before 25% (sometimes before 4% !).
I tried from different devices, internet sources...

Any ideas ?

Regards,

Was just random typing. Works fine if I search for Kernel 4.0

Total found exploits: 6
Web-search URL: https://vulners.com/search?query=bulletinFamily%3Aexploit+AND+kernel+4.0.2
Traceback (most recent call last):
File "./getsploit.py", line 807, in
main()
File "./getsploit.py", line 801, in main
print(outputTable.draw().decode('ascii', 'ignore'))
UnicodeEncodeError: 'ascii' codec can't encode characters in position 2613-2620: ordinal not in range(128)

python script on mac , full text search sqlite database, tips:Your SQLite3 library does not support FTS4.， recompile sqlite， command "pragma compile_options" shows ENABLED_ FTS4，but python script still shows not support FTS4. Any solution？
system & program version
macos Sierra develop beta3
python 2.7.13
sqlite3 3.19.3

Hello,
Could you provide a real offline mode ?

Because to date, getsploit still needs an Internet connection even with the offline database, as one of the first actions in the script is to call this function which performs a check of the authenticity of the key.

Cheers.