Exploit-db web sitesindeki güncel zaafiyetleri görmek için pytohn ile ufak bir script yazacağız. Kullanacağımız kütüphaneler;

Kütüphane Link
urllib3 urllib3.readthedocs.io/en/latest/
beautifulsoup4 pypi.python.org/pypi/beautifulsoup4

Kodumuzu yazmaya başlarken urllib3 kütüphanesi için gerekli ayarlamaları yapalım.

from bs4 import BeautifulSoup
import urllib3
urllib3.disable_warnings() # https uyarisini gizlemek icin
user_agent = {'user-agent': 'Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0'} # exploit-db sitesinde user-agent eger tanimsizsa site gelen get isteklerini engelliyor
http = urllib3.PoolManager(2, headers=user_agent)

Artık get isteği göndermek için hazırız. Get isteği gönderdikten sonra gelen cevabı beautifulsoup4 kütüphanesi ile ayrıştıracağız.

r = http.request('GET', 'https://www.exploit-db.com/browse/')
html_doc = r.data
soup = BeautifulSoup(html_doc, 'html.parser')

Get isteği sonucunda gelen cevap içerisinde birden fazla elementi almamız gerekecek bunun için 4 adet değişken oluşturacağım. Oluşturacağımız i değişkeni ise elementleri ekrana yazdırma sırasında bize yardımcı olacak.

link = [] # zaafiyetler basliginin linklerini biriktirmek icin liste
date = [] # zaafiyetlerin tarihlerini biriktirmek icin liste
platform = [] # zaafiyetlerin hangi platform icin oldugunu tanimlamak icin liste
i = 0

Liste tipindeki değişkenleri oluşturduktan sonra get isteği sonucunda gelen ve beautifulsoup4 ile ayrıştırılmış cevabın içerisinden beautifulsoup4 kütüphanesinin find_all() fonksiyonu ile elementleri seçip, liste tipindeki değişkenlere veri eklemek için kullanılan append() fonksiyonunu kullanarak zafiyetleri liste tipindeki değikenlere ekleyeceğiz.

for soupTdDesc in soup.find_all('td', {'class': "description"}):
    for soupA in soupTdDesc.find_all('a'):
        link.append(soupA.get('href'))

for soupTdDate in soup.find_all('td', {'class': "date"}):
    date.append(soupTdDate.text)

for soupTdPlatform in soup.find_all('td', {'class': "platform"}):
    platform.append(soupTdPlatform.text)

Son adımda ise zafiyetlerin açıklamalarını ayrıştırıp bunlarla beraber diğer bilgileri ekrana yazdırma işlemini gerçekleştireceğiz.

for soupTd in soup.find_all('td', {'class': "description"}):
    print(soupTd.text.replace(' ', '').strip()) # bosluklari silmek icin .replace() / bos satirlari silmek icin .strip()
    print(platform[i].replace(' ', '').strip())
    print(link[i].replace(' ', '').strip())
    print(date[i].replace(' ', '').strip())
    print("-------------------------------------------------------")
    i=i+1

Kodumuzun tamamı şu şekilde;

from bs4 import BeautifulSoup
import urllib3
urllib3.disable_warnings() # https uyarisini gizlemek icin
user_agent = {'user-agent': 'Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0'} # exploit-db sitesinde user-agent eger tanimsizsa site gelen get isteklerini engelliyor
http = urllib3.PoolManager(2, headers=user_agent)
r = http.request('GET', 'https://www.exploit-db.com/browse/')
html_doc = r.data
soup = BeautifulSoup(html_doc, 'html.parser')

link = [] # zaafiyetler basliginin linklerini biriktirmek icin liste
date = [] # zaafiyetlerin tarihlerini biriktirmek icin liste
platform = [] # zaafiyetlerin hangi platform icin oldugunu tanimlamak icin liste
i = 0

for soupTdDesc in soup.find_all('td', {'class': "description"}):
    for soupA in soupTdDesc.find_all('a'):
        link.append(soupA.get('href'))

for soupTdDate in soup.find_all('td', {'class': "date"}):
    date.append(soupTdDate.text)

for soupTdPlatform in soup.find_all('td', {'class': "platform"}):
    platform.append(soupTdPlatform.text)

for soupTd in soup.find_all('td', {'class': "description"}):
    print(soupTd.text.replace(' ', '').strip()) # bosluklari silmek icin .replace() / bos satirlari silmek icin .strip()
    print(platform[i].replace(' ', '').strip())
    print(link[i].replace(' ', '').strip())
    print(date[i].replace(' ', '').strip())
    print("-------------------------------------------------------")
    i=i+1

Kodumuzu tamamladık, çalıştırarak ekran çıktımızı görelim.

Tuleap9.17.99.189-BlindSQLInjection
PHP
https://www.exploit-db.com/exploits/44286/
2018-03-13
-------------------------------------------------------
SecurEnvoySecurMail9.1.501-MultipleVulnerabilities
ASPX
https://www.exploit-db.com/exploits/44285/
2018-03-13
-------------------------------------------------------
MikroTikRouterOS<6.38.4(x86)-'ChimayRed'StackClashRemoteCodeExecution
Hardware
https://www.exploit-db.com/exploits/44284/
2018-03-12
-------------------------------------------------------
MikroTikRouterOS<6.38.4(MIPSBE)-'ChimayRed'StackClashRemoteCodeExecution
Hardware
https://www.exploit-db.com/exploits/44283/
2018-03-12
-------------------------------------------------------
ACLAnalytics11.X-13.0.0.579-ArbitraryCodeExecution
Windows
https://www.exploit-db.com/exploits/44281/
2018-03-12
-------------------------------------------------------
EclipseEquinoxeOSGiConsole-CommandExecution(Metasploit)
Multiple
https://www.exploit-db.com/exploits/44280/
2018-03-12
-------------------------------------------------------
SC7.16-Stack-BasedBufferOverflow
Linux
https://www.exploit-db.com/exploits/44279/
2018-03-12
-------------------------------------------------------
AdvantechWebAccess<8.3-DirectoryTraversal/RemoteCodeExecution
Windows
https://www.exploit-db.com/exploits/44278/
2018-03-12
-------------------------------------------------------
TextPattern4.6.2-'qty'SQLInjection
PHP
https://www.exploit-db.com/exploits/44277/
2018-03-12
-------------------------------------------------------
PrismaIndustrialeCheckweigherPrismaWEB1.21-Hard-CodedCredentials
Multiple
https://www.exploit-db.com/exploits/44276/
2018-03-12
-------------------------------------------------------
DEWESoftX3SP1(64-bit)-RemoteCommandExecution
Windows
https://www.exploit-db.com/exploits/44275/
2018-03-12
-------------------------------------------------------
ManageEngineApplicationsManager13.5-RemoteCodeExecution(Metasploit)
Java
https://www.exploit-db.com/exploits/44274/
2018-03-12
-------------------------------------------------------
SonyPlaystation4(PS4)4.55<5.50-WebKitCodeExecution(PoC)
Hardware
https://www.exploit-db.com/exploits/44282/
2018-03-10
-------------------------------------------------------
Bacula-Web<8.0.0-rc2-SQLInjection
PHP
https://www.exploit-db.com/exploits/44272/
2018-03-09
-------------------------------------------------------
WebLogExpertEnterprise9.4-DenialofService
Windows
https://www.exploit-db.com/exploits/44271/
2018-03-09
-------------------------------------------------------
WebLogExpertEnterprise9.4-AuthenticationBypass
Windows
https://www.exploit-db.com/exploits/44270/
2018-03-09
-------------------------------------------------------
Memcached1.5.5-'Memcrashed'InsufficientControlofNetworkMessageVolumeDenialof...
Linux
https://www.exploit-db.com/exploits/44265/
2018-03-08
-------------------------------------------------------
antMan0.9.0c-AuthenticationBypass
Java
https://www.exploit-db.com/exploits/44262/
2018-03-07
-------------------------------------------------------
RedaxoCMSAddonMyEvents2.2.1-SQLInjection
PHP
https://www.exploit-db.com/exploits/44261/
2018-03-07
-------------------------------------------------------
ChromeV8JIT-EmptyBytecodeJumpTableOut-of-BoundsRead
Multiple
https://www.exploit-db.com/exploits/44260/
2018-03-06
-------------------------------------------------------
ChromeV8JIT-'GetSpecializationContext'TypeConfusion
Multiple
https://www.exploit-db.com/exploits/44259/
2018-03-06
-------------------------------------------------------
ChromeV8JIT-JSBuiltinReducer::ReduceObjectCreateFailstoEnsurethatthePrototype...
Multiple
https://www.exploit-db.com/exploits/44258/
2018-03-06
-------------------------------------------------------
ChromeV8JIT-Simplified-lowerererIrOpcode::kStoreField,IrOpcode::kStoreElement...
Multiple
https://www.exploit-db.com/exploits/44257/
2018-03-06
-------------------------------------------------------
BravoTejariWebPortal-Cross-SiteRequestForgery
Multiple
https://www.exploit-db.com/exploits/44256/
2018-03-06
-------------------------------------------------------
SoftrosNetworkTimeSystemServer2.3.4-DenialofService
Windows
https://www.exploit-db.com/exploits/44255/
2018-03-06
-------------------------------------------------------
Memcached1.5.5-'Memcrashed'InsufficientControlNetworkMessageVolumeDenialof...
Linux
https://www.exploit-db.com/exploits/44264/
2018-03-05
-------------------------------------------------------
Memcached1.5.5-'Memcrashed'InsufficientControlNetworkMessageVolumeDenialof...
Linux
https://www.exploit-db.com/exploits/44254/
2018-03-05
-------------------------------------------------------
ActivePDFToolkit<8.1.0.19023-MultipleMemoryCorruptions
Windows
https://www.exploit-db.com/exploits/44251/
2018-03-05
-------------------------------------------------------
ClipBucket<4.0.0-Release4902-CommandInjection/FileUpload/SQLInjection
PHP
https://www.exploit-db.com/exploits/44250/
2018-03-05
-------------------------------------------------------
Suricata<4.0.4-IDSDetectionBypass
Multiple
https://www.exploit-db.com/exploits/44247/
2018-03-05
-------------------------------------------------------
SophosUTM9.410-'loginuser''confd'ServicePrivilegeEscalation
Linux
https://www.exploit-db.com/exploits/44246/
2018-03-05
-------------------------------------------------------
NETGEAR-'TelnetEnable'MagicPacket(Metasploit)
Hardware
https://www.exploit-db.com/exploits/44245/
2018-03-05
-------------------------------------------------------
DupScoutEnterprise10.5.12-'ShareUsername'LocalBufferOverflow
Windows
https://www.exploit-db.com/exploits/44244/
2018-03-05
-------------------------------------------------------
Xion1.0.125-'.m3u'LocalSEH-BasedUnicodeVenetianExploit
Windows
https://www.exploit-db.com/exploits/44243/
2018-03-05
-------------------------------------------------------
SonyPlaystation4(PS4)-WebKit'setAttributeNodeNS'UserAfterFreeWrite-up
Papers
https://www.exploit-db.com/papers/44230/
2018-03-02
-------------------------------------------------------
TestLinkOpenSourceTestManagement<1.9.16-RemoteCodeExecution
PHP
https://www.exploit-db.com/exploits/44226/
2018-03-02
-------------------------------------------------------
iSumsoftZIPPasswordRefixer3.1.1-BufferOverflow
Windows
https://www.exploit-db.com/exploits/44224/
2018-03-02
-------------------------------------------------------
uWSGI<2.0.17-DirectoryTraversal
PHP
https://www.exploit-db.com/exploits/44223/
2018-03-02
-------------------------------------------------------
DualDesk20-'Proxy.exe'DenialofService
Windows
https://www.exploit-db.com/exploits/44222/
2018-03-02
-------------------------------------------------------
SEGGERembOS/IPFTPServer3.22-DenialofService
Windows
https://www.exploit-db.com/exploits/44221/
2018-03-02
-------------------------------------------------------
antMan<0.9.1a-AuthenticationBypass
Multiple
https://www.exploit-db.com/exploits/44220/
2018-03-02
-------------------------------------------------------
D-LinkDIR-600MWireless-Cross-SiteScripting
Hardware
https://www.exploit-db.com/exploits/44219/
2018-03-02
-------------------------------------------------------
IrfanView4.50EmailPlugin-BufferOverflow(SEHUnicode)
Windows
https://www.exploit-db.com/exploits/44218/
2018-03-02
-------------------------------------------------------
IrfanView4.44EmailPlugin-BufferOverflow(SEH)
Windows
https://www.exploit-db.com/exploits/44217/
2018-03-02
-------------------------------------------------------
Routers22.24-Cross-SiteScripting
Perl
https://www.exploit-db.com/exploits/44216/
2018-02-28
-------------------------------------------------------
AppleiOS11.2.5/watchOS4.2.2/tvOS11.2.5-'bluetoothd'MemoryCorruption
Multiple
https://www.exploit-db.com/exploits/44215/
2018-02-28
-------------------------------------------------------
SonyPlaystation4(PS4)5.01<5.05-WebKitCodeExecution(PoC)
Hardware
https://www.exploit-db.com/exploits/44197/
2018-02-27
-------------------------------------------------------
SonyPlaystation4(PS4)4.55-'Jailbreak''setAttributeNodeNS'WebKit5.02/'bpf'...
Hardware
https://www.exploit-db.com/exploits/44196/
2018-02-27
-------------------------------------------------------
Concrete5<8.3.0-Username/CommentsEnumeration
PHP
https://www.exploit-db.com/exploits/44194/
2018-02-27
-------------------------------------------------------
AngularJS​​Template​​Injection
Papers
https://www.exploit-db.com/docs/arabic/44193-angularjs​-​template​-​injection.pdf
2018-02-27
-------------------------------------------------------