CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-02-12 22:53:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update Sun May 26 14:06:40 CEST 2024

Browse Source
This commit is contained in:
0xMarcio
2024-05-26 14:06:40 +02:00
parent 27447d5da4
commit e43b5e8e12
5 changed files with 423 additions and 189 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/CVE_list.json
View File

File diff suppressed because one or more lines are too long

237
docs/index.html
View File

@@ -1,193 +1,54 @@
<!DOCTYPE html>
<html>
<html lang="en">
<head>
<meta content="initial-scale=1, maximum-scale=1,
user-scalable=0" name="viewport" />
<meta name="viewport" content="width=device-width" />
<!-- Stylesheets for bootstrap + datatables 5 -->
<link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/5.0.1/css/bootstrap.min.css'>
<link rel='stylesheet' href='https://cdn.datatables.net/1.11.4/css/dataTables.bootstrap5.min.css'>
<link rel="stylesheet" href="https://cdn.datatables.net/1.11.4/js/dataTables.bootstrap5.min.js">
<!-- JS for jquery + datatables + datatables>bootstrap-->
<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.js">
</script>
<script type="text/javascript" src="https://cdn.datatables.net/1.11.4/js/jquery.dataTables.min.js">
</script>
<script type="text/javascript" src="https://cdn.datatables.net/1.11.4/js/dataTables.bootstrap5.min.js">
</script>
</script>
<style>
body {
margin-top: 5%;
font-size:12px;
margin-left:5%;
margin-right:5%;
}
#overlay {
background: #ffffff;
color: #666666;
position: fixed;
height: 100%;
width: 100%;
z-index: 5000;
top: 0;
left: 0;
float: left;
text-align: center;
padding-top: 25%;
opacity: .80;
}
button {
margin: 40px;
padding: 5px 20px;
cursor: pointer;
}
.spinner {
margin: 0 auto;
height: 64px;
width: 64px;
animation: rotate 0.8s infinite linear;
border: 5px solid firebrick;
border-right-color: transparent;
border-radius: 50%;
}
@keyframes rotate {
0% {
transform: rotate(0deg);
}
100% {
transform: rotate(360deg);
}
}
</style>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="Search utility for POCs">
<meta name="keywords" content="0xmarcio, hacking, pentesting">
<meta name="author" content="0xMarcio">
<link rel="stylesheet" href="style.css">
<title>0xMarcio - CVE POCs</title>
</head>
<body class="color-no-search">
<div class="container">
<div class="search">
<div class="header">
<h1>CVE POCs</h1>
</div>
<div class="query">
<form class="searchForm" action="#">
<input type="text" class="search" placeholder="ENTER SEARCH TERM" autocomplete="false">
</form>
</div>
<div class="results">
<br>
<div class="noResults">
<h2>No Results Found</h2>
</div>
<div class="results-table">
<body>
<!-- Bootstrap overlay div with growing spinner -->
<div id="overlay">
<div class="spinner"></div>
<br />
Loading... (usually 5-10s)
</div>
<div class="row justify-content-center" width="800px">
<div class="">
<h2>CVE Search</h2>
<!--HTML table with student data-->
<table id="datatable" class="table table-striped table-bordered" style="display:none" cellspacing="0"
width="100%">
<thead>
<tr>
<th>CVE_Year</th>
<th>CVE_Name</th>
<th>CVE_description</th>
<th>CVE_github</th>
<th>CVE_references</th>
</tr>
</thead>
<tfoot>
<tr>
<th>CVE_Year</th>
<th>CVE_Name</th>
<th>CVE_description</th>
<th>CVE_github</th>
<th>CVE_references</th>
</tr>
</tfoot>
</table>
</div>
</div>
<footer class="mt-auto text-black-50">
<p>Searchable CVEs from <a href="https://github.com/0xMarcio/cve" class="text">https://github.com/0xMarcio/cve</a></p>
</footer>
<script type="text/javascript" src="CVE_list.json"></script>
<script>
/* Initialization of datatable */
$(document).ready(function () {
var startTime = new Date().getTime();
table_settings = {
"dom": 'flirtp<"dt-buttons"Bf>',
"paging": true,
"processing": true,
responsive: false,
"deferRender": true,
oLanguage: { sProcessing: "<div id='loader'></div>" },
"buttons": [
'colvis',
],
"bSortClasses": false,
"bAutoWidth": false,
"aoColumns": [
{ "sWidth": "5%" },
{ "sWidth": "10%" },
{ "sWidth": "55%" },
{ "sWidth": "20%" },
{ "sWidth": "10%" },
],
"order": [[ 1, "desc" ]],
"orderClasses": false,
"data": dataTable_data,
initComplete: function () {
// Apply the search
this.api().columns().every(function () {
var that = this;
$('input', this.footer()).on('keyup change clear', function () {
if (that.search() !== this.value) {
that
.search(this.value)
.draw();
}
});
});
}
}
$('#datatable tfoot th').each(function () {
var title = $(this).text();
$(this).html('<input type="text" placeholder="Search ' + title + '" />');
});
$('#overlay').show()
$('#datatable').on('init.dt', function () {
var endTime = new Date().getTime();
var totalTimeTaken = (endTime - startTime) / 1000;
console.log('Table initialisation complete in: ' + totalTimeTaken + "s");
$('#datatable').show();
$('#overlay').hide()
})
.on('init', function () {
$('*[type="search"][class="form-control input-sm"]')
.addClass('input-lg')
.css({ 'width': '400px', 'display': 'inline-block' });
$('div.dataTables_filter').css({ 'margin-top': '1em' });
})
.dataTable(table_settings);
});
</script>
<table class="results">
<thead>
<tr>
<td width="15%">
CVE
</td>
<td>
Description / POC
</td>
</tr>
</thead>
<tbody class="results"></tbody>
</table>
</div>
</div>
</div>
<div class="footer">
&copy; 0xMarcio 2024
<br>
Found a bug? File it or fix it <a href="https://github.com/0xMarcio/cve/issues">here</a>
</div>
</div>
<script src="logic.js"></script>
</body>
</html>
</html>

188
docs/logic.js Normal file
View File

@@ -0,0 +1,188 @@
var searchResultFormat = '<tr><td class="cveNum"><b>$cve</b></td><td align="left">$description<hr>$poc</td></tr>';
var totalLimit = 500;
var replaceStrings = ['HackTheBox - ', 'VulnHub - ', 'UHC - '];
const results = document.querySelector('div.results');
const searchValue = document.querySelector('input.search');
const form = document.querySelector('form.searchForm');
const resultsTableHideable = document.querySelector('.results-table');
const resultsTable = document.querySelector('tbody.results');
const noResults = document.querySelector('div.noResults');
const colorUpdate = document.body;
function escapeHTML(str) {
return str.replace(/[&<>"']/g, function (match) {
const escapeChars = {
'&': '&amp;',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#39;'
};
return escapeChars[match];
});
}
function convertLinksToList(content) {
const tempDiv = document.createElement('div');
tempDiv.innerHTML = content;
const links = tempDiv.querySelectorAll('a');
if (links.length === 0) {
return content;
}
const list = document.createElement('ul');
links.forEach(link => {
const listItem = document.createElement('li');
listItem.appendChild(link.cloneNode(true));
list.appendChild(listItem);
});
// Remove all original links from the tempDiv
links.forEach(link => link.parentNode.removeChild(link));
// Append the newly created list to tempDiv
tempDiv.appendChild(list);
return tempDiv.innerHTML;
}
function convertToList(content) {
// Create a temporary div to manipulate the content
const tempDiv = document.createElement('div');
// Remove all <br> tags
content = content.replace(/<br\s*\/?>/gi, '');
tempDiv.innerHTML = content;
const list = document.createElement('ul');
Array.from(tempDiv.childNodes).forEach(node => {
const listItem = document.createElement('li');
if (node.nodeType === Node.TEXT_NODE) {
listItem.textContent = node.textContent.trim();
} else if (node.nodeType === Node.ELEMENT_NODE && node.tagName === 'A') {
listItem.appendChild(node.cloneNode(true));
}
list.appendChild(listItem);
});
return list.outerHTML;
}
var controls = {
oldColor: '',
displayResults: function() {
results.style.display = '';
resultsTableHideable.classList.remove('hide');
},
hideResults: function() {
results.style.display = 'none';
resultsTableHideable.classList.add('hide');
},
doSearch: function(match, dataset) {
let results = [];
let words = match.toLowerCase().split(' ');
let posmatch = words.filter(word => word[0] !== '-');
let negmatch = words.filter(word => word[0] === '-').map(word => word.substring(1));
dataset.forEach(e => {
let description = replaceStrings.reduce((desc, str) => desc.replace(str, ''), e.description).toLowerCase();
let combinedText = (e.cve + e.poc + description).toLowerCase();
let positiveMatch = posmatch.every(word => combinedText.includes(word));
let negativeMatch = negmatch.some(word => combinedText.includes(word));
if (positiveMatch && !negativeMatch) {
results.push(e);
}
});
return results;
},
updateResults: function(loc, results) {
if (results.length == 0) {
noResults.style.display = '';
noResults.textContent = 'No Results Found';
resultsTableHideable.classList.add('hide');
} else if (results.length > totalLimit) {
noResults.style.display = '';
resultsTableHideable.classList.add('hide');
noResults.textContent = 'Error: ' + results.length + ' results were found, try being more specific';
this.setColor(colorUpdate, 'too-many-results');
} else {
loc.innerHTML = ''; // Clear existing rows
noResults.style.display = 'none';
resultsTableHideable.classList.remove('hide');
let fragment = document.createDocumentFragment();
results.forEach(r => {
let el = searchResultFormat
.replace('$cve', r.cve)
.replace('$description', escapeHTML(r.description) )
//.replace('$poc', convertLinksToList(r.poc));
.replace('$poc', convertToList(r.poc));
let wrapper = document.createElement('table');
wrapper.innerHTML = el;
fragment.appendChild(wrapper.querySelector('tr'));
});
loc.appendChild(fragment);
}
},
setColor: function(loc, indicator) {
if (this.oldColor == indicator) return;
loc.className = loc.className.replace(/\bcolor-\S+/g, '');
loc.classList.add('color-' + indicator);
this.oldColor = indicator;
}
};
window.controls = controls;
document.addEventListener('DOMContentLoaded', function() {
document.body.classList.add('fade');
var currentSet = [];
var debounceTimer;
function doSearch(event) {
var val = searchValue.value.trim();
if (val !== '') {
controls.displayResults();
currentSet = window.dataset;
currentSet = window.controls.doSearch(val, currentSet);
if (currentSet.length < totalLimit) {
window.controls.setColor(colorUpdate, currentSet.length == 0 ? 'no-results' : 'results-found');
}
window.controls.updateResults(resultsTable, currentSet);
} else {
controls.hideResults();
window.controls.setColor(colorUpdate, 'no-search');
noResults.style.display = 'none';
}
if (event.type == 'submit') {
event.preventDefault();
}
}
fetch('./pocs.json')
.then(res => res.json())
.then(data => {
window.dataset = data;
currentSet = window.dataset;
window.controls.updateResults(resultsTable, window.dataset);
doSearch({ type: 'none' });
});
form.addEventListener('submit', doSearch);
searchValue.addEventListener('input', function(event) {
clearTimeout(debounceTimer);
debounceTimer = setTimeout(() => doSearch(event), 300);
});
});

1
docs/pocs.json Normal file
View File

File diff suppressed because one or more lines are too long

184
docs/style.css Normal file
View File

@@ -0,0 +1,184 @@
@import url("https://fonts.googleapis.com/css?family=Source+Code+Pro&display=swap");
body {
background: black;
color: white;
}
body.fade {
-webkit-transition: background-color 0.5s;
transition: background-color 0.5s;
}
body.color-no-search {
background: #60a8f0;
}
body.color-no-results {
background: #fa5e3d;
}
body.color-results-found {
background: #108000;
}
body.color-too-many-results {
background: #fa8840;
}
body .container a {
color: #f2ff00;
}
body .container .search .header a {
color: #f2ff00;
}
body .container .search .results .results-table table.results tbody tr:nth-child(odd) {
background-color: rgba(255, 255, 255, 0.2);
}
body .container .footer {
background-color: rgba(255, 255, 255, 0.05);
}
* {
-webkit-box-sizing: border-box;
box-sizing: border-box;
}
body {
margin: 0;
font-family: 'Source Code Pro', monospace;
overflow-x: hidden;
}
body .container {
display: -webkit-box;
display: -ms-flexbox;
display: flex;
min-height: 100vh;
-webkit-box-orient: vertical;
-webkit-box-direction: normal;
-ms-flex-direction: column;
flex-direction: column;
-webkit-box-pack: justify;
-ms-flex-pack: justify;
justify-content: space-between;
text-align: center;
margin-left: auto;
margin-right: auto;
}
body .container a {
text-decoration: none;
}
body .container .search .header {
padding-bottom: 1rem;
}
body .container .search .header h1 {
font-size: 4rem;
margin: 0.5rem;
}
body .container .search .query input {
width: 100%;
height: 5rem;
font-size: 2rem;
font-family: serif;
text-align: center;
margin: 0;
padding: 0;
border: 0;
font-family: 'Source Code Pro', monospace;
outline: none;
}
body .container .search .results .results-table.hide {
display: none;
}
body .container .search .results .results-table table.results {
table-layout: fixed;
border: 0;
width: 100%;
margin: 0;
}
@media screen and (min-width: 800px) {
body .container .search .results .results-table table.results {
margin-left: 5vw;
margin-right: 5vw;
width: 90vw;
}
}
body .container .search .results .results-table table.results thead {
font-size: 1.2rem;
}
@media screen and (min-width: 800px) {
body .container .search .results .results-table table.results thead {
font-size: 2.5rem;
}
}
body .container .search .results .results-table table.results tbody td {
padding: 0.5rem 5px;
word-break: break-word;
}
body .container .search .results .results-table table.results tbody tr {
font-size: 0.9rem;
max-width: 10vw;
}
@media screen and (min-width: 800px) {
body .container .search .results .results-table table.results tbody tr {
font-size: 1.1rem;
}
}
body .container .subfooter h3 {
padding: 0 4rem;
}
body .container .footer {
display: block;
position: relative;
bottom: 0;
left: 0;
width: 100vw;
padding: 1rem;
font-size: 0.8rem;
}
ul {
list-style: none!important;
padding: 0;
margin: 0;
}
ul li {
display: flex;
border-bottom: none;
margin-bottom: 0;
}
ul li a {
text-decoration: none;
font-size: 1rem;
}
ul li {
color: rgb(242, 255, 0);
}
hr {
border: 0;
height: 0;
box-shadow: 0 0 4px 0.3px #a6ff0087;
}
.cveNum {
font-size: 1.25rem;
}