Este simple programa lista las últimas vulnerabilidades publicadas en securityfocus.com y podremos verlas desde consola viendo la información, exploit, solución...
El código es el siguiente:
Using perl Syntax Highlighting
- #!/usr/bin/perl
- #SecurityFocus Manager 0.3
- #(C) Doddy Hackman 2011
- ##ppm install http://www.bribes.org/perl/ppm/HTML-Strip.ppd
- use LWP::UserAgent;
- use HTML::Parser;
- use HTML::Strip;
- my $nave = LWP::UserAgent->new;
- $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
- $nave->timeout(5);
- head();
- refrescar();
- sub refrescar {
- clean();
- head();
- print "\n\n[+] List of vulnerabilities\n\n\n";
- my %links = getlinks($code);
- my $contador = -1;
- for my $da(keys %links) {
- $contador++;
- print "[$contador] : $da\n";
- }
- print qq(
- [1] : Refresh
- [2] : Info
- [3] : Discussion
- [4] : Exploit
- [5] : Solution
- [6] : References
- [7] : Exit
- );
- print "\n[Option] : ";
- chomp(my $op = <stdin>);
- if ($op eq 1) {
- clean();
- refrescar();
- }
- elsif ($op eq 2) {
- print "\n[+] Number : ";
- chomp(my $se=<stdin>);
- my $fin = (keys %links)[$se];
- my $pro = (values %links)[$se];
- dar($fin,$pro,"tres");
- }
- elsif($op eq 3) {
- print "\n[+] Number : ";
- chomp(my $se=<stdin>);
- my $fin = (keys %links)[$se];
- my $pro = (values %links)[$se];
- dar($fin,$pro,"cuatro");
- }
- elsif($op eq 4) {
- print "\n[+] Number : ";
- chomp(my $se=<stdin>);
- my $fin = (keys %links)[$se];
- my $pro = (values %links)[$se];
- dar($fin,$pro,"cinco");
- }
- elsif ($op eq 5) {
- print "\n[+] Number : ";
- chomp(my $se=<stdin>);
- my $fin = (keys %links)[$se];
- my $pro = (values %links)[$se];
- dar($fin,$pro,"seis");
- }
- elsif ($op eq 6) {
- print "\n[+] Number : ";
- chomp(my $se=<stdin>);
- my $fin = (keys %links)[$se];
- my $pro = (values %links)[$se];
- dar($fin,$pro,"siete");
- }
- elsif ($op eq 7) {
- copyright();
- exit(1);
- }
- else {
- refrescar();
- }
- }
- sub dar {
- my($title,$numero,$op) = @_;
- print "\n\n[+] Getting data\n\n";
- if ($op eq "tres") {
- $link = "http://www.securityfocus.com/bid/$numero/info";
- }
- if ($op eq "cuatro") {
- $link = "http://www.securityfocus.com/bid/$numero/discuss";
- }
- if ($op eq "cinco") {
- $link = "http://www.securityfocus.com/bid/$numero/exploit";
- }
- if ($op eq "seis") {
- $link = "http://www.securityfocus.com/bid/$numero/solution";
- }
- if ($op eq "siete") {
- $link = "http://www.securityfocus.com/bid/$numero/references";
- }
- my $code = toma($link);
- if ($code=~/<div id="vulnerability">(.*?)<\/div>/s){
- my $code = $1;
- chomp $code;
- my $uno = HTML::Strip->new(emit_spaces =>1);
- my $final = $uno->parse($code);
- $final =~ s/^[\t\f ]+|[\t\f ]+$//mg;
- $final =~s/$title/ /;
- print $final;
- }
- print "\n\n[+] Press any key to continue\n\n";
- <stdin>;
- refrescar();
- }
- sub getlinks {
- my $code = toma("http://www.securityfocus.com/");
- my $test = HTML::Parser->new(
- start_h => [\&start, "tagname,attr"],
- text_h => [\&text, "dtext"],
- );
- $test->parse($code);
- sub start {
- my($a,$b) = @_;
- my %e = %$b;
- unless($a ne "a") {
- $d = $e{href};
- $c = $a;
- }}
- sub text {
- my $title = shift;
- chomp $title;
- unless($c ne "a") {
- if ($d=~/\/bid\/(.*)/) {
- my $id = $1;
- unless($title=~/www.securityfocus.com/) {
- $links{$title} = $id;
- }}
- $d = "";
- }}
- return %links;
- }
- sub toma {
- return $nave->get($_[0])->content;
- }
- sub repes {
- foreach $test(@_) {
- push @limpio,$test unless $repe{$test}++;
- }
- return @limpio;
- }
- sub clean {
- #if ($^O =~/Win32/ig) {
- system("cls");
- #} else {
- #system("clear");
- #}
- }
- sub head {
- print "\n\n-- == SecurityFocus Manager 0.3 == --\n\n";
- }
- sub copyright {
- print "\n\n\n(C) Doddy Hackman 2011\n\n";
- }
- #Credits: Thanks to explorer (perlenespanol)
- # The End ?
Coloreado en 0.008 segundos, usando GeSHi 1.0.8.4