SearchSploit: a Searchable Database of Exploits


All major operating systems.


Reference Walk-Throughs





Kioptrix Level 1 Vulnerability Assessment and Exploitation

What is SearchSploit?

The SearchSploit utility helps you find exploits for enumerated software and services. It’s part of the Metasploit Framework.

How does it work?

A local copy of the Exploit Database (EDB) exists in Kali Linux. (This database is also available for other systems.) The SearchSploit utility searches through this database in order to find exploits for the various software and services discovered during the enumeration phase of your penetration test. The utility also enables you to examine an exploit, and create a copy that you can alter for use on a specific host.

Using SearchSploit

To use SearchSploit, simply type searchsploit in the command-line, followed by the necessary arguments. Examples:

searchsploit ms08-067
searchsploit --id smb2
searchsploit --color vsftpd

At a minimum, SearchSploit expects one or more search terms corresponding to the names and versions of software or services. To learn the various command-line arguments available in SearchSploit, simply run searchsploit with no arguments.

By default, SearchSploit shows the relative path to each of the exploits returned in your search query. Exploits can be found in the /usr/share/exploitdb/ directory.

The following are the most commonly-used command-line arguments and their descriptions:

-x [EDB-ID]: Examine Exploit

Example: searchsploit -x 41891

Using the less system utility, the -x command-line argument enables you to view the source code of the specified exploit ID, enabling you to explore the exploit without having to create a local copy. This is especially handy for inspecting exploit code before you choose to use it.

-m [EDB-ID]: Mirror Exploit

Example: searchsploit -m 41891

This creates a copy of the exploit referred to by the provided EDB-ID, saving it to the current working directory. This enables you to customize the exploit to suit your purposes, without messing up the original exploit code.

--id: Show EDB IDs

Example: searchsploit --id ms17-010

Instead of showing the relative path to the exploit on-disk, --id shows the EDB ID of the exploit. This ID number can be used in place of search terms when examining or copying discovered exploits.

--color: Remove Color From Results

Example: searchsploit --color vsftpd

By default, found search terms are highlighted in red in the returned search results. Using the --color command-line argument suppresses the use of color, thus providing results that are easier to parse programmatically.