loading
loading
Vulnerabilities
Command-line search across the Exploit-Database archive of exploits and shellcodes.
overview
searchsploit is the command-line interface to Exploit-DB, the public archive of exploits and shellcodes. You give it a search term, a CVE, or an Nmap scan, and it returns the matching entries from a local copy of the database. Because the data sits on disk, searches run offline and stay fast regardless of network conditions.
It matches flexibly by default and tightens on request. Title-only and exact-match options narrow broad terms, strict mode disables fuzzy version matching, and an exclude filter drops noise by chaining terms with a pipe. CVE search maps a vulnerability id straight to known exploits, and feeding an Nmap XML file checks every detected service version against the archive at once.
On Trickest, searchsploit is a Vulnerabilities node that takes a search term and writes a file and a folder. JSON output makes each result a structured record, so you can wire it after service detection to turn discovered software versions into a list of candidate exploits.
use cases
Feed an Nmap XML scan with --nmap so every detected service and version is checked against Exploit-DB, turning a port scan into a candidate-exploit list.
Use --cve to search the archive directly for a Common Vulnerabilities and Exposures id and pull any published exploit code.
Combine --title and --exact to find precise software-and-version entries, avoiding loose hits that a default fuzzy search returns.
Set --json so each result becomes a record that a downstream node can parse, filter, and route into reporting.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| term | STRING | · | Search term. |
| cve | BOOLEAN | --cve | Search for a Common Vulnerabilities and Exposures (CVE) value. |
| nmap | FILE | --nmap | Check all results against an Nmap XML output with service versions. |
| json | BOOLEAN | --json | Show results in JSON format. |
| title | BOOLEAN | --title | Search only the exploit title (default matches title and file path). |
| exact | BOOLEAN | --exact | Perform an exact, ordered match on the exploit title. |
| strict | BOOLEAN | --strict | Strict search, disabling fuzzy matching for version ranges. |
| exclude | STRING | --exclude | Remove values from results, chaining multiple with a pipe. |
Showing key inputs. searchsploit exposes 15 inputs in total.
| Name | Type | Flag | Description |
|---|---|---|---|
| id | BOOLEAN | --id | Display the EDB-ID value rather than local path |
| cve | BOOLEAN | --cve | Search for Common Vulnerabilities and Exposures (CVE) value |
| www | BOOLEAN | --www | Show URLs to Exploit-DB.com rather than the local path |
| case | BOOLEAN | --case | Perform a case-sensitive search (Default is inSEnsITiVe) |
| json | BOOLEAN | --json | Show result in JSON format |
| nmap | FILE | --nmap | Checks all results in Nmap's XML output with service version |
| path | BOOLEAN | --path | Show the full path to an exploit (and also copies the path to the clipboard if possible) |
| term | STRING | · | Search term |
| exact | BOOLEAN | --exact | Perform an EXACT & order match on exploit title (Default is an AND match on each term) [Implies "--title"] (e.g. "WordPress 4.1" would not be detect "WordPress Core 4.1") |
| title | BOOLEAN | --title | Search JUST the exploit title (Default is title AND the file's path) |
| strict | BOOLEAN | --strict | Perform a strict search, so input values must exist, disabling fuzzy search for version range (e.g. "1.1" would not be detected in "1.0 < 1.3") |
| exclude | STRING | --exclude | Remove values from results. By using "|" to separate, you can chain multiple values (e.g. "term1|term2|term3") |
| verbose | BOOLEAN | --verbose | Display more information in output |
| overflow | BOOLEAN | --overflow | Exploit titles are allowed to overflow their columns |
| disable-colour | BOOLEAN | --disable-colour | Disable colour highlighting in search results |
example
# title-only search with JSON outputsearchsploit --title --json apache 2.4---------------------------------------------------------------------------------------- Exploit Title | Path----------------------------------------------------------------------------------------Apache HTTP Server 2.4.49 - Path Traversal | linux/remote/50383.shApache 2.4.49 - Path Traversal / RCE | multiple/webapps/50406.rbApache 2.4.50 - Path Traversal / RCE | multiple/webapps/50850.pyApache mod_proxy - Reverse Proxy Exposure | linux/remote/20421.c----------------------------------------------------------------------------------------guidance
Reach for SearchSploit when you have software, a version, or a CVE and want to find published exploit code in Exploit-DB. It searches an archive rather than testing live targets, so pair it with nuclei or a direct scanner to confirm exploitability.
Tests live targets against templates rather than searching an offline exploit archive.
Produces the service-version XML that SearchSploit consumes to find matching exploits.
Carries a framework of working exploit modules for confirmed execution against targets.
faq
related
A Go script for bypassing 403 forbidden responses.
An open-source tool that automates detecting and exploiting command injection.
Detect and abuse vulnerable implementations of stateless sessions.
A Python tool to find Cross-Origin Resource Sharing misconfigurations.
A tool to find HTTP splitting vulnerabilities.
Multi-threaded, IPv6-aware username enumeration via CVE-2018-15473.
An Nmap XML scan feeds SearchSploit, which checks every detected service version against Exploit-DB and writes the matching exploits as a queryable output.
Facts on this page come from the live Trickest tool library.