SearchSploit is a command-line search tool for Exploit-DB that allows you to reproduce the Exploit Database. Search-sploit is a component of the GitHub Exploit Database.
SearchSploit is highly useful for completing security assessments when there is no Internet connection available since it allows you to conduct comprehensive offline searches for vulnerabilities in the stored Exploit-DB.
Install searchsploit in linux
To launch Search-Sploit under Kali Linux, open the terminal and type “searchsploit” because the “exploitdb” package is already installed. However, if you are using the Kali Light edition or your custom-built ISO, you may manually install SearchSploit using the command shown below.
sudo apt update && sudo apt -y install exploitdb
After installing this utility, you may learn how to use it by using the help command in your terminal, as shown below.
After installing this utility, you must first update it because it is fully offline and requires the most recent exploit.
If you are unable to install this tool directly due to an issue with your repository, you can download and install it from github.
git clone https://www.github.com/Err0r-ICA/Searchsploit cd Searchsploit sudo bash install.sh sudo ./Searchsploit
Usage of searchsploit
Step 1: Basic Search You may include as many search phrases as you like. In the picture below, we are looking for exploits that contain the words “oracle” and “windows.”
searchsploit oracle windows
Step 2: Title Searching When you run a Basic Search, search-sploit will look for both the exploit’s path and title. Searches can be limited to titles by using the -t option, as seen below.
In the above search, we are seeking for Oracle vulnerabilities that run on Windows.
Step 3: Copying Exploit to Clipboard and Directory Exploit Copying to Clipboard and Directory Use ‘-p‘ to copy the exploit to the clipboard. ” searchsploit -p XXX “, for example, where XXX is the exploit ID. Use ‘-m‘ to transfer the exploit to your current working directory. ” searchsploit -m XXX “, for example, where XXX is the exploit ID.
Step 4: Examine an Exploit Investigate an Exploit If you wish to investigate or research an exploit, use ‘-examine‘. “searchsploit XXX -examine,” for example, where XXX is the exploit ID.
Step 5: Eliminate Unwanted Results Remove Unwanted Outcomes Simply use ‘-exclude‘ to remove undesired results from your search. You may also delete numerous words by using a “|” to separate them (pipe). For instance, searchsploit -exclude “PoC.”
More usage commands
Search for all exploits and modules using a single search term:
* Search-sploit <search_term_1> (ie. Searchsploit apache)
Search multiple search terms:
* Searchsploit <search_term_1> <search_term_2> <search_term_3> …
Show all NMap scripts:
* Searchsploit nmap
Search for all FTP NMap scripts:
* Searchsploit nmap | grep ftp
Show all Metasploit auxiliary modules:
* Search-sploit auxiliary
Show all Metasploit exploits:
* Search-sploit exploits
Show all Metasploit encoder modules:
* Search-sploit encoder
Show all Metasploit payloads modules:
* Search-sploit payloads
Search all Metasploit payloads for windows only payloads:
* findsploit payloads | grep windows
I hope you found this post informative, and if you have any questions, please ask them in the comments area below.