SearchSploit

LSE toolsLSE toolsSearchSploit (162)SearchSploit (162)

Tool and Usage

Project details

License
GPLv2 or later
Programming language
shell script
Latest release
2018-08-14
Latest release date

Project health

74
This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

SearchSploit is a small by OffensiveSecurity to search for exploits and related data in the exploit database (Exploit-DB). This may help penetration testers in their security assignments.

How it works

SearchSploit uses shell script to parse the data from CSV files from the repository. Based on the search queries it returns the related information and shows them.

Background information

The GitHub project hosts both the database and the tool in the same repository. The tool is written by those under the aliases Unix-Ninja and g0tmi1k.

Usage and audience

SearchSploit is commonly used for information gathering, penetration testing, service exploitation, system exploitation, or vulnerability testing. Target users for this tool are pentesters.

Features

  • Colored output
  • Command line interface
  • JSON output supported

Example usage and output

root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]

==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"

For more examples, see the manual: https://www.exploit-db.com/searchsploit/

=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
--exclude="term" Remove values from results. By using "|" to separated you can chain multiple values.
e.g. --exclude="term1|term2|term3".

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + The source code is easy to read and understand
  • + Tool is easy to use
  • + Used language is shell script

Weaknesses

  • - Full name of author is unknown

Installation

Supported operating systems

SearchSploit is known to work on Linux, Microsoft Windows, and macOS.

SearchSploit alternatives

Similar tools to SearchSploit:

78

vFeed

vFeed is a set of tools around correlated vulnerability and threat intelligence. It provides a database, API, and supporting tools to store vulnerability data.

60

vulnerability-alerter

Vulnerability-alerter is a security tool to retrieve vulnerability data from NIST's database (NVD). This data can be used to discover recent vulnerabilities.

64

VulnFeed

VulnFeed is a tool that sorts through vulnerability reports, providing a single report that is organized by the applications and services you are interested in.

All SearchSploit alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information

Categories

This tool is categorized as a vulnerability data tool.