Searchsploit Find exploits in a database

SearchSploit is a command-line search tool for Exploit-DB that allows you to reproduce the Exploit Database. Search-sploit is a component of the GitHub Exploit Database.

SearchSploit is highly useful for completing security assessments when there is no Internet connection available since it allows you to conduct comprehensive offline searches for vulnerabilities in the stored Exploit-DB.

Install searchsploit in linux

To launch Search-Sploit under Kali Linux, open the terminal and type “searchsploit” because the “exploitdb” package is already installed. However, if you are using the Kali Light edition or your custom-built ISO, you may manually install SearchSploit using the command shown below.

					sudo apt update && sudo apt -y install exploitdb

After installing this utility, you may learn how to use it by using the help command in your terminal, as shown below.

					searchsploit -h
Searchsploit Find exploits in a database
Output for showing usage options

After installing this utility, you must first update it because it is fully offline and requires the most recent exploit.

					searchsploit -u

If you are unable to install this tool directly due to an issue with your repository, you can download and install it from github.

					git clone
cd Searchsploit
sudo bash
sudo ./Searchsploit

Usage of searchsploit

Step 1: Basic Search You may include as many search phrases as you like. In the picture below, we are looking for exploits that contain the words “oracle” and “windows.”

					searchsploit oracle windows
Searchsploit Find exploits in a database
Output for serchsploit basic search

Step 2: Title Searching When you run a Basic Search, search-sploit will look for both the exploit’s path and title. Searches can be limited to titles by using the -t option, as seen below.

Searchsploit Find exploits in a database
Output for title searching

In the above search, we are seeking for Oracle vulnerabilities that run on Windows.

Step 3: Copying Exploit to Clipboard and Directory Exploit Copying to Clipboard and Directory Use ‘-p‘ to copy the exploit to the clipboard. ” searchsploit -p XXX “, for example, where XXX is the exploit ID. Use ‘-m‘ to transfer the exploit to your current working directory. ” searchsploit -m XXX “, for example, where XXX is the exploit ID.

Searchsploit Find exploits in a database
Output for copying exploit

Step 4: Examine an Exploit Investigate an Exploit If you wish to investigate or research an exploit, use ‘-examine‘. “searchsploit XXX -examine,” for example, where XXX is the exploit ID.

Step 5: Eliminate Unwanted Results Remove Unwanted Outcomes Simply use ‘-exclude‘ to remove undesired results from your search. You may also delete numerous words by using a “|” to separate them (pipe). For instance, searchsploit -exclude “PoC.”

More usage commands

Search for all exploits and modules using a single search term:
* Search-sploit <search_term_1> (ie. Searchsploit apache)

Search multiple search terms:
* Searchsploit <search_term_1> <search_term_2> <search_term_3> …

Show all NMap scripts:
* Searchsploit nmap

Search for all FTP NMap scripts:
* Searchsploit nmap | grep ftp

Show all Metasploit auxiliary modules:
* Search-sploit auxiliary

Show all Metasploit exploits:
* Search-sploit exploits

Show all Metasploit encoder modules:
* Search-sploit encoder

Show all Metasploit payloads modules:
* Search-sploit payloads

Search all Metasploit payloads for windows only payloads:
* findsploit payloads | grep windows

I hope you found this post informative, and if you have any questions, please ask them in the comments area below.

Latest articles

Related articles

Leave a reply

Please enter your comment!
Please enter your name here

Skip to content