SearchSploit is an Exploit-DB command-line search tool that allows you to replicate the Exploit Database. Searchsploit is part of the GitHub Exploit Database source. SearchSploit is extremely useful for performing security assessments when you don’t have Internet connection since it allows you to run extensive offline searches for vulnerabilities in the stored Exploit-DB.
Install searchsploit in linux
To launch SearchSploit under Kali Linux, open the terminal and type “searchsploit” because the “exploitdb” package is already installed. However, if you are using the Kali Light edition or your custom-built ISO, you may manually install SearchSploit using the command shown below.
sudo apt update && sudo apt -y install exploitdb
After installing this utility, you may learn how to use it by using the help command in your terminal, as shown below.
After installing this utility, you must first update it because it is fully offline and requires the most recent exploit.
If you are unable to install this tool directly due to an issue with your repository, you can download and install it from github.
git clone https://www.github.com/Err0r-ICA/Searchsploit cd Searchsploit sudo bash install.sh sudo ./Searchsploit
Usage of searchsploit
Step 1) Basic Search You may include as many search phrases as you like. In the picture below, we are looking for exploits that contain the words “oracle” and “windows.”
searchsploit oracle windows
Step 2) Title Searching When you run a Basic Search, searchsploit will look for both the exploit’s path and title. Searches can be limited to titles by using the -t option, as seen below
In the above search, we are seeking for Oracle vulnerabilities that run on Windows.
Step 3) Copying Exploit to Clipboard and Directory Exploit Copying to Clipboard and Directory Use ‘-p‘ to copy the exploit to the clipboard. ” searchsploit -p XXX “, for example, where XXX is the exploit ID. Use ‘-m‘ to transfer the exploit to your current working directory. ” searchsploit -m XXX “, for example, where XXX is the exploit ID.
Step 4) Examine an Exploit Investigate an Exploit If you wish to investigate or research an exploit, use ‘-examine‘. “searchsploit XXX -examine,” for example, where XXX is the exploit ID.
Step 5) Eliminate Unwanted Results Remove Unwanted Outcomes Simply use ‘-exclude‘ to remove undesired results from your search. You may also delete numerous words by using a “|” to separate them (pipe). For instance, searchsploit -exclude “PoC.”
More usage commands
Search for all exploits and modules using a single search term:
* Searchsploit <search_term_1> (ie. Searchsploit apache)
Search multiple search terms:
* Searchsploit <search_term_1> <search_term_2> <search_term_3> …
Show all NMap scripts:
* Searchsploit nmap
Search for all FTP NMap scripts:
* Searchsploit nmap | grep ftp
Show all Metasploit auxiliary modules:
* Searchsploit auxiliary
Show all Metasploit exploits:
* Searchsploit exploits
Show all Metasploit encoder modules:
* Searchsploit encoder
Show all Metasploit payloads modules:
* Searchsploit payloads
Search all Metasploit payloads for windows only payloads:
* findsploit payloads | grep windows
I hope you found this post informative, and if you have any questions, please ask them in the comments area below.