SearchSploit

Command line of Exploit DB. Offline. The Exploit Database is maintained by Offensive Security.

The Exploit DB website has an Advanced Search feature with the No Metasploit option useful for the OSCP exam.

Help

searchsploit -h
-c, --case     [Term]      Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact    [Term]      Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help                 Show this help screen.
-j, --json     [Term]      Show result in JSON format.
-m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term]      Exploit titles are allowed to overflow their columns.
-p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title    [Term]      Search JUST the exploit title (Default is title AND the file's path).
-u, --update               Check for and install any exploitdb package updates (deb or git).
-w, --www      [Term]      Show URLs to Exploit-DB.com rather than the local path.
-x, --examine  [EDB-ID]    Examine (aka opens) the exploit using $PAGER.
    --colour               Disable colour highlighting in search results.
    --id                   Display the EDB-ID value rather than local path.
    --nmap     [file.xml]  Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
                             Use "-v" (verbose) to try even more combinations
    --exclude="term"       Remove values from results. By using "|" to separated you can chain multiple values.
                                e.g. --exclude="term1|term2|term3".

Update the exploit database

searchsploit -u

Exploits location

ls -la /usr/share/exploitdb/exploits

Search for exploits

Search exploits for OpenSSH v6.6 

searchsploit OpenSSH 6.6

Examples from help

searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"
searchsploit -s Apache Struts 2.0.0
searchsploit linux reverse password
searchsploit -j 55555 | json_pp

Search SMB exploits on Windows, exclude DoS

searchsploit smb microsoft --exclude=dos

Search only in exploit title

searchsploit -t drupalgeddon user
searchsploit -t priv escalation

Search for a specific CVE

New in Nov 2022

searchsploit --cve 2021-44228

Exploits already in Metasploit

searchsploit drupalgeddon | grep Metasploit

Exploits NOT in Metasploit

searchsploit drupalgeddon --exclude="Metasploit"
searchsploit drupalgeddon | grep -v Metasploit

Exclude unwanted results

searchsploit drupalgeddon --exclude="(PoC)|Authenticated"
searchsploit drupalgeddon | grep -v 'Authenticated'

Examine exploit

searchsploit -x 34992

Copy (“mirrors”) exploit in current directory

searchsploit -m 34992

Automated search for nmap results

IP=x.x.x.x
nmap -T4 -sV --top-ports 1000 $IP -oX file.xml
searchsploit --nmap file.xml

Other examples

searchsploit afd windows local
searchsploit -p 34992