justakazh / sicat Goto Github PK

View Code? Open in Web Editor NEW

717.0 12.0 74.0 266 KB

The useful exploit finder

License: MIT License

Python 100.00%

exploit exploit-finder metasploit metasploit-modules reconnaissance

sicat's Introduction

SiCat - The useful exploit finder

Introduction

SiCat is an advanced exploit search tool designed to identify and gather information about exploits from both open sources and local repositories effectively. With a focus on cybersecurity, SiCat allows users to quickly search online, finding potential vulnerabilities and relevant exploits for ongoing projects or systems.

SiCat's main strength lies in its ability to traverse both online and local resources to collect information about relevant exploitations. This tool aids cybersecurity professionals and researchers in understanding potential security risks, providing valuable insights to enhance system security.

SiCat Resources

Installation

git clone https://github.com/justakazh/sicat.git && cd sicat

pip  install  -r  requirements.txt

Usage

~$ python sicat.py --help

Command Line Options:

Command	Description
`-h`	Show help message and exit
`-k KEYWORD`
`-kv KEYWORK_VERSION`
`-nm`	Identify via nmap output
`--nvd`	Use NVD as info source
`--packetstorm`	Use PacketStorm as info source
`--exploitdb`	Use ExploitDB as info source
`--exploitalert`	Use ExploitAlert as info source
`--msfmoduke`	Use metasploit as info source
`-o OUTPUT`	Path to save output to
`-ot OUTPUT_TYPE`	Output file type: json or html

Examples

From keyword


python sicat.py -k telerik --exploitdb --msfmodule

From nmap output


nmap --open -sV localhost -oX nmap_out.xml
python sicat.py -nm nmap_out.xml --packetstorm

To-do

Input from nmap result from pipeline
Nmap multiple host support
Search NSE Script
Search by PORT

Contribution

I'm aware that perfection is elusive in coding. If you come across any bugs, feel free to contribute by fixing the code or suggesting new features. Your input is always welcomed and valued.

sicat's People

Contributors

Stargazers

Watchers

Forkers

haka110 xcalibure2 cyb3rm3g adriyansyah-mf ramosslyz cvlabsio brosjsy nigwar satriaadhipradana lunarcwhite zc00l aleh4ckndro tobey123 oakkaya jeffmartson tucommenceapousser syntaxhax bhardwajrahul jollywr1ncher sekouperry techris45 surfswift213us jaybeale haakonhp asylum4you eri-bga tmichett amirshah77 mencelot lay4onok fxsecltd learnmonitoring pakkiraja mahmoud-raafat-ac dgg23 0xsojalsec rofoed01 pollockt shantanoo dr-raypc amastour nitani-x dmitri131313 monty1322 icedodin pandora-alias 5l1v3r1 eepiglet madaragon cqr-cryeye-forks opoet7 akshayjain-1 hardwarewolf diablonova drasrax sankethj simon-jr vinter-calls hotelzululima security-geeks zhnathaniellee isecdef 1f3lse mlynchcogent naitsirhc41 opengitworld emdnaia avgirl jairwen tehmasta dembyp saibashoejaa christin634

sicat's Issues

Cant use nmap output

the command I use

nmap -sV myip -oX nmap_out_single
..
..
..

python sicat.py -nm nmap_out_single --packetstorm

_._     _,-'""`-._
(,-.`._,'(       |\`-/|
    `-.-' \ )-`( , o o)
        `-    \`_`"'-
SiCat - The useful exploit finder
@justakazh (https://github.com/justakazh/sicat)

usage : sicat.py --help

[!] Only Supported for single host portscan result

other command, like in readme :

nmap -sV myip  -oX nmap_out | python sicat -nm --packetstorm
_._     _,-'""`-._
(,-.`._,'(       |\`-/|
    `-.-' \ )-`( , o o)
        `-    \`_`"'-
SiCat - The useful exploit finder
@justakazh (https://github.com/justakazh/sicat)

usage : sicat.py --help

usage: sicat.py [-h] [-k KEYWORD] [-kv KEYWORD_VERSION] [-nm NMAP] [--nvd] [--packetstorm] [--exploitdb] [--exploitalert] [--msfmodule] [-o OUTPUT] [-ot OUTPUT_TYPE]
sicat.py: error: argument -nm/--nmap: expected one argument

search cxsecurity

The third main exploit source after EDB and PacketStorm is cxsecurity (https://cxsecurity.com/).

Like PacketStorm it republishes EDB + have its own unique exploits.

IDK how you handle duplicates.

About nse script search function.

While considering the NSE Script search function, there are a few things you may want to check regarding the design.

Retrieval of NSE Scripts from the Official Repository and Other Options
When considering the implementation of a search feature for NSE Scripts, I'm wondering if retrieving them from the official repository is the optimal approach.
Could you provide advice on the method of retrieval from the official repository, and if there are any other alternatives I should consider?
URL: https://svn.nmap.org/nmap/scripts/
Feasibility of Resource Update Functionality for Local JSON Storage
When implementing search functionality for NSE scripts, we are considering whether we need a mechanism to update resources when leveraging local JSON files.
Comparison Between Local Resource and Scraping
As I plan the implementation of a search feature for NSE Scripts, I'm deliberating between using local resources and scraping from the official repository and which aligns better with the project's design philosophy.
Could you provide insights into the advantages, disadvantages, and design considerations associated with both local resource usage and scraping from the official repository?

Feel free to provide your insights and recommendations on these questions. Your input will be greatly appreciated in shaping the direction of the project.

Issue != salah

Ketika Ramadhan hilang dari systemd.
Ketika zombie process mulai bermunculan.
Ketika sudo rm -rf tidak dapat menghapus dosa kita.
Maka, diri kita akan penuh dengan bisikan syaiton malware yang akan mengendalikan kita melalui backdoor.

Bahkan, log tidak dapat mendeskripsikan kesalahan-kesalahan kita yang menyebabkan kita terjebak dalam Zero-day exploit.

Marilah kita bermaaf-maafkan dan melakukan race condition dalam kebaikan untuk mendapatkan pahala sabanyak-banyaknya

Selamat Hari Raya Idul Fitri 1445 H.
Mohon maaf lahir dan batin 🙏🏻

My cat fights

Hi @justakazh
How to fix this error?