Our IT/Blog

[Solved] How To Install Exploit-db (Searchsploit) On Ubuntu 19

Written by Derrick Thomas

Derrick Thomas is a Network\Security Engineer with years of experience solving issues for International Companies as well as home users. He has performed both Red Team and Blue Team exercises for his clients in the Healthcare and Defense fields.

April 24, 2020

When getting into Pentesting or Security, you likely have found yourself running one of the many flavors of Linux. That being said, sometimes you find a tool you love while you are still trying out different Linux Versions. How do you get these tools to work on the version of Ubuntu that you are running. Below I will quickly explain how.

4siteadvantage Exploit-db Tutorial

Installing Exploit-db (it’s easier than it looks)

Easy way:

  • Follow my post to install Katoolin on your version of Ubuntu 19+ (Click here for the Link)
  • Install the Kali Linux Repositories
  • Update with sudo apt-get update
  • Install Exploitdb with the command: sudo apt install exploit-db
  • Remove the Kali Linux Repositories with the commands in Katoolin
  • That’s it!

Hard way: (pulled from their page at exploit-db.com)

On *nix systems, all you really need is either “CoreUtils” or “utilities” (e.g. bash, sed, grep, awk, etc.), as well as git. These are installed by default on many different Linux distributions, including OS X/macOS.
You can easily check out the git repository by running the following:

$ git clone https://github.com/offensive-security/exploitdb.git /opt/exploit-database

An optional step that will make using SearchSploit easier is to include it into your $PATH.
Example: In the following output, the directory /usr/local/bin is included in the $PATH environment variable:

$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
$

With this in mind, you can then create a symbolic link in the /usr/local/bin directory that points to searchsploit, allowing you to run it without providing the full path:

$ ln -sf /opt/exploit-database/searchsploit /usr/local/bin/searchsploit
$

The last stage is to copy the resource file and edit it to match your system environment so it points to the correct directories:

$ cp -n /opt/exploit-database/.searchsploit_rc ~/
$
$ vim ~/.searchsploit_rc

Each section in the resource file (.searchsploit_rc) is split into sections (such as Exploits, Shellcodes, Papers).

  • files_array – A Comma-Separated Value file (files_*.CSV) that contains all the data that relates to that section (such as: EDB-ID, Title, Author, Date Published, etc)
  • path_array – This points to the directory where all the files are located. **This is often the only value that needs altering**
  • name_array – The value name to display in SearchSploit for that section
  • git_array – The remote git location to use to update the local copy
  • package_array – The package name to use when there is a package manager available (such as apt or brew)

If you want to include Exploit-DB Papers, you can check out the git repository. Afterwards, edit searchsploit’s resource file so paper’s path_array points to the same directory you just checked out.

Setting up Python

Most of the tools that you will use from Exploitdb will run through Python. Python is just a programming language like Java, C++, or any other number of programming languages. You will know which exploit runs via python by the end of the file.

For Example: 40136.py

The cool thing about Python is that it has many tools to make your program become more capable and versatile. However these tools are NOT installed and enabled automatically. You have to install them. Because of this, you might find an error that pops up saying:

ImportError: No Module named requests

ImportError: No module named numpy

ImportError: No module named paramiko

etc….

How do we fix this?

Installing Modules in Python

First, attempt to run the script and see if you can run it with the current setup you have.

Example: python3 /usr/share/exploitdb/exploits/linux/remote/43920.py

or depending if you are using Python 2.7

Example: python2 /usr/share/exploitdb/exploits/linux/remote/43920.py

If it returns with an error that a module can’t be imported, record the name of that module. Now we need to Install the module.

Run the below commands:

Install pip. Use the first command (pip) if you run python2.7. (pip3) if you are running python3

  • sudo apt install pip

or

  • sudo apt install pip3

Once pip installs, use it to install the module you are needing.

  • sudo pip install (the module you are lacking)

In my case, my code would look like this:

  • sudo pip install requests

Allow the module to install. It may take a minute. Be patient….

Running Your Script With The New Module

Now attempt to run the command again. You may be informed that you are missing another module. If that is the case, simply sudo pip install (the missing module) to install the next module.

Issues with Python2.7 and Python3

There are some issues with scripts designed in Python2.7 running with Python3. Many cases, the script will inform you of the issue and likely tell you what you need to change inside the .py file to make it run right.

If that is the case with you, be patient. Open your favorite text editor (Atom is my favorite) and simply make the changes. Be careful not to go crazy with it, take your time and make the correct changes.

4Site Advantage Tutorials

If you have any comments or tips to make the installation easier, please leave them in the comments seciton below!

You May Also Like…

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *