LinuxCommandLibrary

searchsploit

Search Exploit Database for vulnerabilities

TLDR

Search for an exploit, shellcode, or paper

$ searchsploit [search_terms]
copy

Search for a known specific version, e.g. sudo version 1.8.27
$ searchsploit sudo 1.8.27
copy

Show the exploit-db link to the found resources
$ searchsploit [[-w|--www]] [search_terms]
copy

Copy the resource to the current directory (requires the number of the exploit)
$ searchsploit [[-m|--mirror]] [exploit_number]
copy

Examine the resource, using the pager defined in the $PAGER environment variable
$ searchsploit [[-x|--examine]] [exploit_number]
copy

Update the local Exploit Database
$ searchsploit [[-u|--update]]
copy

Search for the [c]ommon [v]ulnerabilities and [e]xposures (CVE) value
$ searchsploit --cve [2021-44228]
copy

Check results in nmap's XML output with service version (nmap -sV -oX nmap-output.xml) for known exploits
$ searchsploit --nmap [path/to/nmap-output.xml]
copy

SYNOPSIS

searchsploit [OPTIONS] [TERMS]
searchsploit [OPTIONS] [EDB-ID|CVE-ID]
searchsploit [OPTIONS] --shellcodes
searchsploit [OPTIONS] --exploits
searchsploit [OPTIONS] --papers

PARAMETERS

-h, --help
    Displays the help message and exits.

-v, --version
    Shows the program's version number and exits.

-u, --update
    Updates the local Exploit-DB copy (requires internet connection).

-c, --case
    Performs a case-sensitive search.

-e, --exact
    Performs an exact match search for specified terms.

-s, --strict
    Performs a strict search, treating multiple terms as an AND operation.

-t, --title
    Restricts the search to exploit titles only (default searches title and path).

-p, --path
    Displays the full path to the exploit file on the local system.

-m, --mirror
    Copies (mirrors) the selected exploit file to the current working directory.

-x, --examine
    Displays the content of the selected exploit file to the console.

-w, --web
    Shows the corresponding Exploit-DB URL for the found exploit.

-j, --json
    Outputs the search results in JSON format, useful for scripting.

--cve [CVE-ID]
    Searches for exploits by a specific Common Vulnerabilities and Exposures (CVE) ID.

--id [EDB-ID]
    Searches for exploits by a specific Exploit-DB ID.

--shellcodes
    Lists all available shellcodes in the database.

--exploits
    Lists all available exploits in the database.

--papers
    Lists all available security papers and research documents in the database.

DESCRIPTION

searchsploit is a powerful command-line utility designed for searching the local Exploit-DB archive. It enables security professionals, penetration testers, and researchers to quickly locate exploits, shellcodes, and vulnerability research papers based on various keywords, CVE IDs, or EDB-IDs.

As an integral component of the Exploit-DB repository, maintained by Offensive Security, searchsploit provides offline access to a vast collection of public exploits. This capability is particularly invaluable in environments where internet connectivity is limited or unavailable. Users can filter results, display full paths to exploit files, view associated Exploit-DB web links, and even copy exploit code directly to their current working directory. The tool's effectiveness relies on maintaining an up-to-date local database, which can be refreshed regularly to ensure access to the latest publicly disclosed vulnerabilities and proof-of-concepts.

CAVEATS

The effectiveness of searchsploit heavily relies on a current local Exploit-DB copy; regular updates are essential. It only searches the local database and does not perform live online lookups. Exploits found may be proofs-of-concept, outdated, or require modifications to function. It serves as a search utility, not an exploitation framework, meaning discovered exploits often need manual review, compilation, or integration with other tools.

UPDATING THE DATABASE

To ensure searchsploit provides the most current information, its local database must be updated regularly. This can typically be done via the command exploitdb --update or, in Kali Linux, by reinstalling the package: sudo apt update && sudo apt install --reinstall exploitdb.

INTEGRATION WITH KALI LINUX

searchsploit is a fundamental component of Kali Linux, pre-installed and readily available. This tight integration highlights its importance in the cybersecurity toolkit for quick access to vulnerability information directly from the command line.

HISTORY

searchsploit was developed by Offensive Security, the team behind Kali Linux and the Exploit-DB project. Its creation addressed the need for offline, rapid access to the vast Exploit-DB archive, making it an indispensable tool for penetration testers working in diverse network environments. Since its introduction, it has become a standard, pre-installed utility in Kali Linux distributions, continuously evolving alongside the Exploit-DB to provide comprehensive vulnerability and exploit information.

SEE ALSO

msfconsole(1), exploitdb(1), nmap(1), kali(7)

Copied to clipboard