ExploitDB-images is a project that aims to detect the presence of new exploits in the repository and run them, automatically detecting the script language and creating a docker image to run on a generated container.
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.
Make sure you have installed all of the following prerequisites on your development machine:
- Git (How to install Git on your machine )
- Docker: (How to install Docker on your machine )
- Docker compose: (How to install Docker Compose on your machine)
- Clone the github repository:
git clone https://github.com/NS-unina/exploitdb-images.git
cd exploitdb-images
- Now, you need to download the dump files for neo4j KB in PyCRE repository assets
wget https://github.com/nju-websoft/PyCRE/releases/download/v1.0.0/py2.dump
wget https://github.com/nju-websoft/PyCRE/releases/download/v1.0.0/py3.dump
- Move dump files in docker_env folder
mv py2.dump py3.dump docker_env/neo4j
- Build the docker images and start the daemon service:
cd docker_env
docker-compose up --detach
- First, make sure docker is running on your local machine, or start it from desktop app or cli:
sudo service docker start
- In order to run correctly statistics script, please install requirements from the cloned folder
cd exploitdb-images
pip install -r requirements.txt
- Now you can run exploitdb-images specifying the id of the desider exploit. Use -t flag if you want to run it with a timeout (30 s):
python3 main.py [-t] <exploit_code>
python3 main.py -t 599
- Change directory in statistics folder
cd statistics
- You can run statistics with this command:
python statistics.py
Output will be saved in results folder and you can check files_exploit_lang.csv for more informations on snippet languages.
- For statistics on python version of python snippets run this script and make sure you've first runned previous steps: output will be saved in python_exploits.csv, where you can find the version for each script. Percentage will be displayed.
python check_version.py
- For dependency solving and automated import using PyCRE tool, run this script and make sure you've first runned previous steps: output will be saved in exploits folder and the related statistics are available in python_exploits.csv and percentage of correctly parsed snippets will be displayed.
python test_pycre.py
- For main test on all python exploits, run this script and make sure you've first runned previous steps: output statistics on exit codes are available in exit_code.csv and percentage of exit codes will be displayed.
python test_exploits.py
This project is licensed under the GNU GENERAL PUBLIC LICENSE - see the LICENSE.md file for details