Open In App

Pompem – Exploit and Vulnerability Finder

Last Updated : 28 Nov, 2021
Improve
Improve
Like Article
Like
Save
Share
Report

Pompem tool is an automation tool used in the phase of Vulnerability Scanning. This tool can find the exploits for a particular text. Now, this text can be CMS, Port service, Database, etc. Pompem tool makes the exploit search into CXSecurity,  ZeroDay,  Vulners,  National  Vulnerability  Databases, and results in the exploits name and link. We can save the results in two ways. The 1st way is to save in a .html file and 2nd way is to save in a text formatted file. The Pompem tool is developed in the Python language and is also available on the GitHub platform. It’s free and open-source to use.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux

Installation of Pompem Tool on Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.

git clone https://github.com/rfunix/Pompem.git

Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.

cd Pompem

Step 3: You are in the directory of the Pompem. Now you have to install a dependency of the Pompem using the following command.

sudo pip3 install -r requirements.txt

Step 4: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check help section.

python3 pompem.py -h

Working with Pompem Tool on Kali Linux OS

Example 1: Text for search

python3 pompem.py -s ssh,ftp,mysql

In this example, we have given the text as ssh, ftp, mysql. Tool will find the exploits for the inputted text.

We have got the name and link of exploit available for the inputted text.

Example 2: Write HTML File

python3 pompem.py -s WordPress --html output

In this example, results will be saved as a html file.

We have displayed the results which are been saved as an html file.

Example 3: Write TEXT File

python3 pompem.py -s FortiGate --txt

In this example, results will be saved as text formatted file.

We have got the results for our search text.

The results are been saved in the text formatted file.


Similar Reads

hackerEnv - A Vulnerability Finder and Exploiter
Network Scanning and Exploitation are the phases where access to the target system is performed. Many famous services can be exploited like FTP, Telnet, etc. Due to improper security checks, there can be a route to the attacker. hackerEnv is an automated tool developed in the Bash Language that rapidly performs port scanning and also scans the targ
2 min read
OpenRedireX – Open Redirection Vulnerability Finder Tool in Linux
Open redirect is a security defect in an app or a web page that causes it to fail to properly authenticate URLs. When apps and web pages have requests for URLs, they are supposed to prove that those URLs are part of the expected page's domain. To test the web-based application manually for Open Redirection is very difficult. So we need an automated
4 min read
Badmod - CMS auto detect and exploit
Badmod tool is an automated tool used as a CMS detector Vulnerability finder, and also auto exploiter. Badmod tool is developed in the Shell Script and is available on the GitHub platform. This tool can gather information about the target domain as Subdomains, CMS type, Reverse IP, etc. Badmod tool also checks for different types of Security flaws
2 min read
WhatCMS - CMS Detection and Exploit Kit
Whatcms tool is an automated tool that is capable of detecting the CMS information about the target domain. This tool also gas the exploit kit with multiple sub-tools integrated into it. In the current scenario, the Whatcms tool can detect 33- different CMS applications and services. All the results are satisfactory and can be considered in upcomin
2 min read
Finding Exploit offline using Searchsploit in Kali Linux
SearchSploit is a command-line search tool for Exploit-DB that allows you to take a copy of the Exploit Database with you. Searchsploit is included in the Exploit Database repository on GitHub. SearchSploit is very useful for security assessments when you don't have Internet access because it gives you the power to perform detailed offline searches
2 min read
SubDomainizer - Subdomain finder in Kali Linux
SubDomainizer is a free and open-source tool available on GitHub. This tool is free means you can download and use this tool for free of cost. SubDomainizer is used for reconnaissance of subdomains. SubDomainizer is used for SubDomainizer of the target. This tool is used to find subdomains from a website/web-applications. Usually, what happens that
3 min read
Subscannon - Tool for Fastest Subdomains Finder in Kali Linux
Subscannon is a Python language-based tool that is used in the phase of Information Gathering and Enumeration. Subscannon is used for extracting subdomains for the target domain along with its status code. While Performing Penetration Testing on Web-based applications, there is very little probability of getting a valid bug in the central part. If
3 min read
social-analyzer - Profile Finder on social media in Kali Linux
Social Analyzer is a free and open-source tool available on GitHub. This tool is an API & CLI tool used to find Potential Profiles of a Person on 800+different sites such as Facebook Instagram telegram etc. This tool is based upon SINT Technology means Open Source Intelligence technology. This tool allows its users to find potential profiles of
3 min read
UrlBuster - Linux tool to find Web Hidden Files or Directories Finder
Hidden files and directories on the target server can contain some sensitive and crucial information about the target. This revealed information can also compromise the security of the application. To find these directories and files, we need an automated approach as manual testing would make a headache to the tester. UrlBuster is an automated tool
5 min read
Dork Scanner – Vulnerable URLs Finder tool in Linux
Getting the relevant results for our search is challenging work on google or on the internet. Being a Technical person we need to perform some advanced search through which we can get relevant results for our search. So this advanced searching process is known as Dorking. We fire up an advanced query that returns results that are only relevant to o
3 min read