searchsploit
Search Exploit Database for vulnerabilities
TLDR
Search for an exploit, shellcode, or paper
Search for a known specific version, e.g. sudo version 1.8.27
Show the exploit-db link to the found resources
Copy the resource to the current directory (requires the number of the exploit)
Examine the resource, using the pager defined in the $PAGER environment variable
Update the local Exploit Database
Search for the [c]ommon [v]ulnerabilities and [e]xposures (CVE) value
Check results in nmap's XML output with service version (nmap -sV -oX nmap-output.xml) for known exploits
SYNOPSIS
searchsploit [options] term1 [term2] ... [termN]
PARAMETERS
-h, --help
Show help screen and exit.
-v, --version
Show version information and exit.
-u, --update
Update the local Exploit Database copy.
-t, --title
Search only in the title field.
-c, --case
Case-sensitive search.
-x, --exact
Exact match (must match search terms entirely).
-p, --path
Show the full path to the exploit file.
-m [EXPLOIT-DB_ID]
Copy an exploit to the current working directory.
-w [EXPLOIT-DB_ID]
Mirror an exploit to the current working directory.
-i, --id
Display the Exploit-DB ID value.
-j, --json
Output results in JSON format.
-s [TERM]
Display the description of TERM
--nmap [TARGET]
Performs an Nmap scan on TARGET and uses the results to search exploitdb
DESCRIPTION
searchsploit is a command-line search tool for Exploit-DB, a comprehensive archive of public exploits and corresponding vulnerable software. It allows users to quickly search a local, offline copy of the Exploit-DB database for relevant exploits based on keywords, software names, or versions. This is useful for penetration testers, security researchers, and system administrators who need to rapidly identify potential vulnerabilities in their systems or networks. The tool is designed for speed and efficiency, allowing users to quickly filter and refine search results. searchsploit streamlines the process of finding appropriate exploits, improving the workflow of vulnerability assessments and penetration testing engagements. Unlike searching the Exploit-DB website directly, searchsploit provides immediate results, even without an internet connection. The utility is often included in penetration testing distributions such as Kali Linux and Parrot OS, highlighting its importance in the security community.
searchsploit helps you find exploits you can use to test your systems. It maintains a local copy of the Exploit Database.
CAVEATS
The local Exploit-DB copy needs to be updated regularly with the `-u` flag to ensure the most recent exploits are available. The accuracy of search results depends on the quality and completeness of the Exploit-DB database entries.
USING WITH NMAP
The `--nmap` option allows you to integrate searchsploit with Nmap. By providing a target IP address or hostname to the `--nmap` option, searchsploit will first perform an Nmap scan and then use the scan results to search the Exploit Database for relevant exploits. This is a convenient way to quickly identify potential vulnerabilities based on the services and versions detected by Nmap.
HISTORY
searchsploit was developed as a command-line tool for interacting with the Exploit-DB. It gained prominence within penetration testing distributions, such as Kali Linux. It simplified and automated the process of finding relevant exploits in an offline environment, improving the speed and efficiency of vulnerability assessments.
SEE ALSO
nmap(1), msfconsole(1)