SearchSploit

Command line of Exploit DB. Offline. The Exploit Database is maintained by Offensive Security.

💡 The Exploit DB website has an Advanced Search feature with the No Metasploit option useful for the OSCP exam.

Help

searchsploit -h
-c, --case     [Term]      Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact    [Term]      Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help                 Show this help screen.
-j, --json     [Term]      Show result in JSON format.
-m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term]      Exploit titles are allowed to overflow their columns.
-p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title    [Term]      Search JUST the exploit title (Default is title AND the file's path).
-u, --update               Check for and install any exploitdb package updates (deb or git).
-w, --www      [Term]      Show URLs to Exploit-DB.com rather than the local path.
-x, --examine  [EDB-ID]    Examine (aka opens) the exploit using $PAGER.
    --colour               Disable colour highlighting in search results.
    --id                   Display the EDB-ID value rather than local path.
    --nmap     [file.xml]  Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
                             Use "-v" (verbose) to try even more combinations
    --exclude="term"       Remove values from results. By using "|" to separated you can chain multiple values.
                                e.g. --exclude="term1|term2|term3".

Update the exploit database

searchsploit -u

Exploits location

ls -la /usr/share/exploitdb/exploits

Search for exploits

Search exploits for OpenSSH v6.6 

searchsploit OpenSSH 6.6

Examples from help

searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"
searchsploit -s Apache Struts 2.0.0
searchsploit linux reverse password
searchsploit -j 55555 | json_pp

Search SMB exploits on Windows, exclude DoS

searchsploit smb microsoft --exclude=dos

Search only in exploit title

searchsploit -t drupalgeddon user
searchsploit -t priv escalation

Search for a specific CVE

💡 New in Nov 2022

searchsploit --cve 2021-44228

Exploits already in Metasploit

searchsploit drupalgeddon | grep Metasploit

Exploits NOT in Metasploit

searchsploit drupalgeddon --exclude="Metasploit"
searchsploit drupalgeddon | grep -v Metasploit

Exclude unwanted results

searchsploit drupalgeddon --exclude="(PoC)|Authenticated"
searchsploit drupalgeddon | grep -v 'Authenticated'

Examine exploit

searchsploit -x 34992

Copy (“mirrors”) exploit in current directory

searchsploit -m 34992

Automated search for nmap results

IP=x.x.x.x
nmap -T4 -sV --top-ports 1000 $IP -oX file.xml
searchsploit --nmap file.xml

Other examples

searchsploit afd windows local
searchsploit -p 34992