HomeLinuxSearchsploit Find exploits in a local and online database

Searchsploit Find exploits in a local and online database

SearchSploit is an Exploit-DB command-line search tool that allows you to replicate the Exploit Database. Searchsploit is part of the GitHub Exploit Database source. SearchSploit is extremely useful for performing security assessments when you don’t have Internet connection since it allows you to run extensive offline searches for vulnerabilities in the stored Exploit-DB.

Install searchsploit in linux

To launch SearchSploit under Kali Linux, open the terminal and type “searchsploit” because the “exploitdb” package is already installed. However, if you are using the Kali Light edition or your custom-built ISO, you may manually install SearchSploit using the command shown below.

				
					sudo apt update && sudo apt -y install exploitdb
				
			

After installing this utility, you may learn how to use it by using the help command in your terminal, as shown below.

				
					searchsploit -h
				
			
Searchsploit Find exploits in a local and online database
Output for show useage options

After installing this utility, you must first update it because it is fully offline and requires the most recent exploit.

				
					searchsploit -u
				
			

If you are unable to install this tool directly due to an issue with your repository, you can download and install it from github.

				
					git clone https://www.github.com/Err0r-ICA/Searchsploit
cd Searchsploit 
sudo bash install.sh
sudo ./Searchsploit
				
			

Usage of searchsploit

Step 1) Basic Search You may include as many search phrases as you like. In the picture below, we are looking for exploits that contain the words “oracle” and “windows.”

				
					searchsploit oracle windows
				
			
Searchsploit Find exploits in a local and online database
Output for basic search

Step 2) Title Searching When you run a Basic Search, searchsploit will look for both the exploit’s path and title. Searches can be limited to titles by using the -t option, as seen below

Searchsploit Find exploits in a local and online database
Output for title search

In the above search, we are seeking for Oracle vulnerabilities that run on Windows.

Step 3) Copying Exploit to Clipboard and Directory Exploit Copying to Clipboard and Directory Use ‘-p‘ to copy the exploit to the clipboard. ” searchsploit -p XXX “, for example, where XXX is the exploit ID. Use ‘-m‘ to transfer the exploit to your current working directory. ” searchsploit -m XXX “, for example, where XXX is the exploit ID.

Searchsploit Find exploits in a local and online database

Step 4) Examine an Exploit Investigate an Exploit If you wish to investigate or research an exploit, use ‘-examine‘. “searchsploit XXX -examine,” for example, where XXX is the exploit ID.

Step 5) Eliminate Unwanted Results Remove Unwanted Outcomes Simply use ‘-exclude‘ to remove undesired results from your search. You may also delete numerous words by using a “|” to separate them (pipe). For instance, searchsploit -exclude “PoC.”

More usage commands

Search for all exploits and modules using a single search term:
* Searchsploit <search_term_1> (ie. Searchsploit apache)

Search multiple search terms:
* Searchsploit <search_term_1> <search_term_2> <search_term_3> …

Show all NMap scripts:
* Searchsploit nmap

Search for all FTP NMap scripts:
* Searchsploit nmap | grep ftp

Show all Metasploit auxiliary modules:
* Searchsploit auxiliary

Show all Metasploit exploits:
* Searchsploit exploits

Show all Metasploit encoder modules:
* Searchsploit encoder

Show all Metasploit payloads modules:
* Searchsploit payloads

Search all Metasploit payloads for windows only payloads:
* findsploit payloads | grep windows

I hope you found this post informative, and if you have any questions, please ask them in the comments area below.

RELATED ARTICLES

1 Comment

Leave A Reply

Please enter your comment!
Please enter your name here

Most Popular