exploitPwned.sh

#!/usr/bin/env bash

# File paths
EPSS_CSV="epss_scores.csv"
KEV_JSON="kev.json"
EDB_CSV="exploitdb.csv"

# ANSI Colors
BOLD_PURPLE="\033[1;35m"
BLUE="\033[1;34m"
YELLOW="\033[1;33m"
CYAN="\033[0;36m"
RESET="\033[0m"

# 1. Update Datasets
if [[ "${1:-}" == "update" ]]; then
    echo -e "${BLUE}[*] Downloading datasets...${RESET}"
    curl -sSL "https://epss.cyentia.com/epss_scores-current.csv.gz" | gunzip > "$EPSS_CSV"
    curl -sSL "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json" -o "$KEV_JSON"
    curl -sSL "https://gitlab.com/exploit-database/exploitdb/-/raw/main/files_exploits.csv" -o "$EDB_CSV"
    echo -e "[+] Update complete."
    exit 0
fi

# 2. Logic to handle EDB vs CVE input (Fixed for macOS Bash 3.2)
UPPER_ARG1=$(echo "$1" | tr '[:lower:]' '[:upper:]')

if [[ "$UPPER_ARG1" == "EDB" ]]; then
    MODE="EDB"
    QUERY_ID=$2
    SHOW_DETAILS=$3
else
    MODE="CVE"
    QUERY_ID=$1
    SHOW_DETAILS=$2
fi

if [[ -z "$QUERY_ID" ]]; then
    echo "Usage:"
    echo "  $0 <CVE-ID> [--details]"
    echo "  $0 EDB <EDB-ID> [--details]"
    exit 1
fi

echo -e "${BOLD_PURPLE}--- Results for $MODE: $QUERY_ID ---${RESET}"

if [[ "$MODE" == "CVE" ]]; then
    # --- CVE-SPECIFIC LOOKUPS ---
    NVD_DATA=$(curl -s "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=$QUERY_ID")
    CVSS=$(echo "$NVD_DATA" | jq -r '.vulnerabilities[0].cve.metrics.cvssMetricV31[0].cvssData.baseScore // "N/A"')
    DESC=$(echo "$NVD_DATA" | jq -r '.vulnerabilities[0].cve.descriptions[] | select(.lang=="en") | .value // "No description available."')

    echo -e "${BLUE}CVSS Score:${RESET} $CVSS"
    echo -e "${BLUE}Description:${RESET} $DESC"
    echo ""

    EPSS_DATA=$(grep "^$QUERY_ID," "$EPSS_CSV" || true)
    if [ -n "$EPSS_DATA" ]; then
        SCORE=$(echo "$EPSS_DATA" | cut -d',' -f2)
        PERCENTILE=$(echo "$EPSS_DATA" | cut -d',' -f3)
        echo -e "${BLUE}EPSS Score:${RESET} $SCORE (Percentile: $PERCENTILE)"
    else
        echo -e "${BLUE}EPSS Score:${RESET} Not Found in local CSV"
    fi

    KEV_ENTRY=$(jq -r --arg CVE "$QUERY_ID" '.vulnerabilities[] | select(.cveID==$CVE)' "$KEV_JSON" 2>/dev/null || true)
    if [ -n "$KEV_ENTRY" ]; then
        echo -e "${BLUE}In KEV:${RESET} YES ✅"
    else
        echo -e "${BLUE}In KEV:${RESET} NO ❌"
    fi
    echo ""
    
    EDB_MATCHES=$(grep -i "$QUERY_ID" "$EDB_CSV" || true)
else
    # --- EDB-SPECIFIC LOOKUPS ---
    echo -e "${CYAN}Note: Skipping CVE-specific databases for EDB lookup.${RESET}\n"
    # Match the ID strictly in the first column
    EDB_MATCHES=$(grep -E "^\"?$QUERY_ID\"?," "$EDB_CSV" || true)
fi

# 3. ExploitDB Output
if [ -n "$EDB_MATCHES" ]; then
    echo -e "${BLUE}In ExploitDB:${RESET} YES"
    echo "$EDB_MATCHES" | while IFS=',' read -r id file edb_desc date author type platform port; do
        id=$(echo $id | tr -d '"')
        echo -e "  > ID: $id | URL: https://www.exploit-db.com/exploits/$id"
        if [[ "$SHOW_DETAILS" == "--details" ]]; then
            file=$(echo $file | tr -d '"')
            echo -e "    --- Snippet ---"
            curl -sSL "https://gitlab.com/exploit-database/exploitdb/-/raw/main/$file" | head -n 12 | sed 's/^/    | /'
            echo "    ----------------"
        fi
    done
else
    echo -e "${BLUE}In ExploitDB:${RESET} NO"
fi
echo ""

# 4. GitHub Search
echo -e "${BLUE}Searching GitHub for PoCs...${RESET}"
GH_QUERY="$QUERY_ID"
[[ "$MODE" == "EDB" ]] && GH_QUERY="exploit-db $QUERY_ID"

GITHUB_SEARCH=$(curl -s "https://api.github.com/search/repositories?q=$GH_QUERY&sort=stars&order=desc")
TOTAL_GH=$(echo "$GITHUB_SEARCH" | jq -r '.total_count // 0')

if [[ "$TOTAL_GH" -ne 0 && "$TOTAL_GH" != "null" ]]; then
    echo -e "${YELLOW}Found $TOTAL_GH GitHub repositories for $GH_QUERY:${RESET}"
    echo "$GITHUB_SEARCH" | jq -r '.items[:5][] | "  > \(.full_name) (\(.stargazers_count) ⭐)\n    URL: \(.html_url)\n"'
else
    echo -e "${YELLOW}No GitHub repositories found. ❌${RESET}"
fi