chore(mod): update go-exploitdb module (#1428)

* chore(mod): update go-exploitdb module * docs: add inthewild datasource * Unique because URLs sometimes duplicate on GitHub and InTheWild Co-authored-by: Kota Kanbe <kotakanbe@gmail.com>
2022-03-25 20:26:06 +00:00
parent 04f246cf8b
commit 3dfbd6b616
5 changed files with 17 additions and 4 deletions
--- a/README.md
+++ b/README.md
@@ -82,6 +82,7 @@ Vuls is a tool created to solve the problems listed above. It has the following
  - [Metasploit-Framework modules](https://www.rapid7.com/db/?q=&type=metasploit)
  - [qazbnm456/awesome-cve-poc](https://github.com/qazbnm456/awesome-cve-poc)
  - [nomi-sec/PoC-in-GitHub](https://github.com/nomi-sec/PoC-in-GitHub)
+  - [gmatuz/inthewilddb](https://github.com/gmatuz/inthewilddb)

 - CERT
  - [US-CERT](https://www.us-cert.gov/ncas/alerts)
--- a/go.mod
+++ b/go.mod
@@ -42,7 +42,7 @@ require (
 	github.com/sirupsen/logrus v1.8.1
 	github.com/spf13/cobra v1.4.0
 	github.com/vulsio/go-cve-dictionary v0.8.2-0.20211028094424-0a854f8e8f85
-	github.com/vulsio/go-exploitdb v0.4.2-0.20211028071949-1ebf9c4f6c4d
+	github.com/vulsio/go-exploitdb v0.4.2
 	github.com/vulsio/go-kev v0.1.1-0.20220118062020-5f69b364106f
 	github.com/vulsio/go-msfdb v0.2.1-0.20211028071756-4a9759bd9f14
 	github.com/vulsio/gost v0.4.1-0.20211028071837-7ad032a6ffa8
--- a/go.sum
+++ b/go.sum
@@ -1793,8 +1793,8 @@ github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgq
 github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU=
 github.com/vulsio/go-cve-dictionary v0.8.2-0.20211028094424-0a854f8e8f85 h1:nEhaBIAixxDQGeu/3sgHLSjpQpKGqENcUtWHEwkwC4k=
 github.com/vulsio/go-cve-dictionary v0.8.2-0.20211028094424-0a854f8e8f85/go.mod h1:Ii9TEH35giMSWJM2FwGm1PCPxuBKrbaYhDun2PM7ERo=
-github.com/vulsio/go-exploitdb v0.4.2-0.20211028071949-1ebf9c4f6c4d h1:iMXVmz2f1Phor1TAmRKx324mDOuXst0GXGEboVRgysg=
-github.com/vulsio/go-exploitdb v0.4.2-0.20211028071949-1ebf9c4f6c4d/go.mod h1:2R5gwySHHjF3DoEt11xqnIWEJLS93CLfCUDPwYH+VdM=
+github.com/vulsio/go-exploitdb v0.4.2 h1:eCqyOLWKPwD8hZ0NHGCtT6OG37Sadr5RGMnnHEEy0bI=
+github.com/vulsio/go-exploitdb v0.4.2/go.mod h1:2R5gwySHHjF3DoEt11xqnIWEJLS93CLfCUDPwYH+VdM=
 github.com/vulsio/go-kev v0.1.1-0.20220118062020-5f69b364106f h1:s28XqL35U+N2xkl6bLXPH68IqzmliuqeF37x5pzNLuc=
 github.com/vulsio/go-kev v0.1.1-0.20220118062020-5f69b364106f/go.mod h1:NrXTTkGG83ZYl7ypHHLqqzx6HvVkWH37qCizU5UoCS8=
 github.com/vulsio/go-msfdb v0.2.1-0.20211028071756-4a9759bd9f14 h1:2uYZw2gQ0kymwerTS1FXZbNgptnlye+SB7o3QlLDIBo=
--- a/reporter/util.go
+++ b/reporter/util.go
@@ -464,9 +464,16 @@ No CVE-IDs are found in updatable packages.
 		for _, url := range cweURLs {
 			data = append(data, []string{"CWE", url})
 		}
+
+		m := map[string]struct{}{}
 		for _, exploit := range vuln.Exploits {
+			if _, ok := m[exploit.URL]; ok {
+				continue
+			}
 			data = append(data, []string{string(exploit.ExploitType), exploit.URL})
+			m[exploit.URL] = struct{}{}
 		}
+
 		for _, url := range top10URLs {
 			data = append(data, []string{"OWASP Top10", url})
 		}
--- a/tui/tui.go
+++ b/tui/tui.go
@@ -781,13 +781,18 @@ func setChangelogLayout(g *gocui.Gui) error {
 			lines = append(lines, adv.Format())
 		}

+		m := map[string]struct{}{}
 		if len(vinfo.Exploits) != 0 {
 			lines = append(lines, "\n",
-				"Exploit Codes",
+				"PoC",
 				"=============",
 			)
 			for _, exploit := range vinfo.Exploits {
+				if _, ok := m[exploit.URL]; ok {
+					continue
+				}
 				lines = append(lines, fmt.Sprintf("* [%s](%s)", exploit.Description, exploit.URL))
+				m[exploit.URL] = struct{}{}
 			}
 		}