### Display SearchSploit Help Screen Source: https://www.exploit-db.com/searchsploit Use the -h option to display all available features and options for SearchSploit. This command also shows usage examples. ```bash kali@kali:~$ searchsploit -h Usage: searchsploit [options] term1 [term2] ... [termN] ========== Examples ========== searchsploit afd windows local searchsploit -t oracle windows searchsploit -p 39446 searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/" searchsploit -s Apache Struts 2.0.0 searchsploit linux reverse password searchsploit -j 55555 | jq searchsploit --cve 2021-44228 For more examples, see the manual: https://www.exploit-db.com/searchsploit ========= Options ========= ## Search Terms -c, --case [term] Perform a case-sensitive search (Default is inSEnsITiVe) -e, --exact [term] Perform an EXACT & order match on exploit title (Default is an AND match on each term) [Implies "-t"] e.g. "WordPress 4.1" would not be detect "WordPress Core 4.1") -s, --strict Perform a strict search, so input values must exist, disabling fuzzy search for version range e.g. "1.1" would not be detected in "1.0 < 1.3") -t, --title [term] Search JUST the exploit title (Default is title AND the file's path) --exclude="term" Remove values from results. By using "|" to separate, you can chain multiple values e.g. --exclude="term1|term2|term3" --cve [CVE] Search for Common Vulnerabilities and Exposures (CVE) value ## Output -j, --json [term] Show result in JSON format -o, --overflow [term] Exploit titles are allowed to overflow their columns -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible) -v, --verbose Display more information in output -w, --www [term] Show URLs to Exploit-DB.com rather than the local path --id Display the EDB-ID value rather than local path --disable-colour Disable colour highlighting in search results ## Non-Searching -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory -x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER ## Non-Searching -h, --help Show this help screen -u, --update Check for and install any exploitdb package updates (brew, deb & git) ## Automation --nmap [file.xml] Checks all results in Nmap's XML output with service version e.g.: nmap [host] -sV -oX file.xml ======= Notes ======= * You can use any number of search terms * By default, search terms are not case-sensitive, ordering is irrelevant, and will search between version ranges * Use '-c' if you wish to reduce results by case-sensitive searching * And/Or '-e' if you wish to filter results by using an exact match * And/Or '-s' if you wish to look for an exact version match * Use '-t' to exclude the file's path to filter the search results * Remove false positives (especially when searching using numbers - i.e. versions) * When using '--nmap', adding '-v' (verbose), it will search for even more combinations * When updating or displaying help, search terms will be ignored kali@kali:~$ ``` -------------------------------- ### Install ExploitDB Package with Homebrew on macOS Source: https://www.exploit-db.com/searchsploit Installs the exploitdb package on macOS using Homebrew. This is an alternative to using apt on Linux distributions. ```bash brew update && brew install exploitdb ``` -------------------------------- ### Install ExploitDB Package on Kali Linux Source: https://www.exploit-db.com/searchsploit Installs the exploitdb package on Kali Linux using apt. Related packages like exploitdb-papers and exploitdb-bin-sploits can also be installed. ```bash sudo apt update && sudo apt -y install exploitdb ``` -------------------------------- ### Generate Exploit URLs Source: https://www.exploit-db.com/searchsploit Use the -w option to generate direct URLs to exploit details on the Exploit Database website. This is useful for quickly accessing additional information like screenshots and setup files. ```bash kali@kali:~$ searchsploit WarFTP 1.65 -w ------------------------------------------------------------------------ ------------------------------------------ Exploit Title | URL ------------------------------------------------------------------------ ------------------------------------------ WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow (Perl) | https://www.exploit-db.com/exploits/3482 WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow (Python) | https://www.exploit-db.com/exploits/3474 WarFTP 1.65 - 'USER' Remote Buffer Overflow | https://www.exploit-db.com/exploits/3570 ------------------------------------------------------------------------ ------------------------------------------ Shellcodes: No Result kali@kali:~$ ``` -------------------------------- ### Update SearchSploit Source: https://www.exploit-db.com/searchsploit Run this command to update SearchSploit to the latest version. This command works for installations via Kali Linux package, Homebrew, or Git. ```bash $ searchsploit -u ``` -------------------------------- ### Filter and Sort Search Results Source: https://www.exploit-db.com/searchsploit Combine searchsploit with grep to filter results further, for example, by a specific version number, and to sort the output. ```bash searchsploit linux kernel --exclude="(PoC)|/dos/" | grep ' 3.2' ``` -------------------------------- ### Filter Search Results with Grep Source: https://www.exploit-db.com/searchsploit Use grep to filter out unwanted exploit results from the searchsploit output. This example removes 'Denial of Service (DoS)' results by filtering on the path. ```bash kali@kali:~$ searchsploit XnView | grep -v '/dos/' --------------------------------------------------------------------------------------- Exploit Title | Path --------------------------------------------------------------------------------------- XnView 1.90.3 - '.xpm' Local Buffer Overflow | windows/local/3777.c XnView 1.92.1 - 'FontName' Slideshow Buffer Overflow | windows/local/5346.pl XnView 1.92.1 - Command-Line Arguments Buffer Overflow | windows/remote/31405.c XnView 1.93.6 - '.taac' Local Buffer Overflow | windows/local/5951.c XnView 1.97.4 - '.MBM' File Remote Heap Buffer Overflow | windows/remote/34143.txt --------------------------------------------------------------------------------------- kali@kali:~$ ``` -------------------------------- ### Copy and Edit SearchSploit Resource File Source: https://www.exploit-db.com/searchsploit Copies the default SearchSploit resource file to the user's home directory and opens it for editing. This file configures SearchSploit's behavior, including paths to exploit data. ```bash $ cp -n /opt/exploit-database/.searchsploit_rc ~/ $ vim ~/.searchsploit_rc ``` -------------------------------- ### Create Symbolic Link for SearchSploit Source: https://www.exploit-db.com/searchsploit Creates a symbolic link to make the searchsploit executable available system-wide without specifying its full path. This involves linking the executable to a directory already in the PATH. ```bash $ ln -sf /opt/exploit-database/searchsploit /usr/local/bin/searchsploit ``` -------------------------------- ### Display PATH Environment Variable Source: https://www.exploit-db.com/searchsploit Shows the current value of the PATH environment variable, which lists directories where the system looks for executable files. ```bash $ echo $PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ``` -------------------------------- ### Execute Copied Exploit Script Source: https://www.exploit-db.com/searchsploit After copying an exploit path to the clipboard using 'searchsploit -p', you can execute the script directly. ```bash kali@kali:~$ /usr/share/exploitdb/exploits/windows_x86/local/39446.py ``` -------------------------------- ### Copy Exploit Path to Clipboard Source: https://www.exploit-db.com/searchsploit Use the -p option with searchsploit to retrieve detailed information about an exploit and copy its path to the clipboard. ```bash kali@kali:~$ searchsploit -p 39446 Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) URL: https://www.exploit-db.com/exploits/39446 Path: /usr/share/exploitdb/exploits/windows_x86/local/39446.py Codes: CVE-2014-1767, MS14-040 Verified: False File Type: Python script text executable, ASCII text Copied EDB-ID #39446's path to the clipboard kali@kali:~$ ``` -------------------------------- ### Basic Search for Exploits Source: https://www.exploit-db.com/searchsploit Perform a basic search for exploits by providing multiple keywords. The tool uses an AND operator, filtering results as more terms are added. Avoid abbreviations and use general terms if results are too narrow. ```bash kali@kali:~$ searchsploit afd windows local --------------------------------------------------------------------------------------- Exploit Title | Path --------------------------------------------------------------------------------------- --------------------------------- Microsoft Windows (x86) - 'afd.sys' Local Privilege Escalation (MS11-046) | windows_x86/local/40564.c Microsoft Windows - 'afd.sys' Local Kernel (PoC) (MS11-046) | windows/dos/18755.c Microsoft Windows - 'AfdJoinLeaf' Local Privilege Escalation (MS11-080) (Metasploit) | windows/local/21844.rb Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | windows_x86-64/local/39525.py Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | windows_x86/local/39446.py Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | windows/dos/17133.c Microsoft Windows XP/2003 - 'afd.sys' Local Privilege Escalation (K-plugin) (MS08-066) | windows/local/6757.txt Microsoft Windows XP/2003 - 'afd.sys' Local Privilege Escalation (MS11-080) | windows/local/18176.py --------------------------------------------------------------------------------------- Shellcodes: No Result kali@kali:~$ ``` -------------------------------- ### Count Search Results with wc -l Source: https://www.exploit-db.com/searchsploit Pipe the output of searchsploit to 'wc -l' to count the total number of lines, including headers and footers. ```bash kali@kali:~$ searchsploit XnView | wc -l 23 kali@kali:~$ ``` -------------------------------- ### Count Search Results Source: https://www.exploit-db.com/searchsploit Pipe the output of searchsploit to the 'wc -l' command to count the number of lines, which can be used to estimate the number of results. ```bash kali@kali:~$ searchsploit linux kernel 3.2 | wc -l 47 kali@kali:~$ ``` -------------------------------- ### Search for Exploits Source: https://www.exploit-db.com/searchsploit Use searchsploit to find exploits related to a specific vulnerability or software. This command lists available exploits and their paths. ```bash kali@kali:~$ searchsploit MS14-040 --------------------------------------------------------------------------------------- --------------------------------- Exploit Title | Path --------------------------------------------------------------------------------------- --------------------------------- Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | exploits/windows_x86-64/local/39525.py Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | exploits/windows_x86/local/39446.py --------------------------------------------------------------------------------------- --------------------------------- Shellcodes: No Result kali@kali:~$ ``` -------------------------------- ### Copy Exploits to Current Directory Source: https://www.exploit-db.com/searchsploit The -m option copies selected exploits to the current working directory. You can specify exploits by EDB-ID or by path. ```bash kali@kali:~$ searchsploit -m 39446 win_x86-64/local/39525.py Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) URL: https://www.exploit-db.com/exploits/39446 Path: /usr/share/exploitdb/exploits/windows_x86/local/39446.py Codes: CVE-2014-1767, MS14-040 Verified: False File Type: Python script text executable, ASCII text Copied to: /Users/b/Projects/git/forks/exploitdb/39446.py Exploit: Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) URL: https://www.exploit-db.com/exploits/39525 Path: /usr/share/exploitdb/exploits/windows_x86-64/local/39525.py Codes: CVE-2014-1767, MS14-040 Verified: False File Type: Python script text executable, ASCII text Copied to: /Users/b/Projects/git/forks/exploitdb/39525.py kali@kali:~$ ``` -------------------------------- ### Update Kali Linux Package Source: https://www.exploit-db.com/searchsploit If using the Kali Linux package and updating from a version older than September 20, 2016, first update the system package using this command. ```bash kali@kali:~$ sudo apt update && sudo apt -y full-upgrade ``` -------------------------------- ### Clone Exploit-DB Git Repository Source: https://www.exploit-db.com/searchsploit Clones the Exploit-DB Git repository to a specified local directory. This is a prerequisite for using SearchSploit offline. ```bash $ git clone https://gitlab.com/exploit-database/exploitdb.git /opt/exploit-database ``` -------------------------------- ### Title Searching for Exploits Source: https://www.exploit-db.com/searchsploit Restrict search results to exploit titles only by using the -t option. This helps reduce false positives when search terms might also match platforms or version numbers. ```bash kali@kali:~$ searchsploit -t oracle windows --------------------------------------------------------------------------------------- Exploit Title | Path --------------------------------------------------------------------------------------- Oracle 10g (Windows x86) - 'PROCESS_DUP_HANDLE' Local Privilege Escalation | windows_x86/local/3451.c Oracle 9i XDB (Windows x86) - FTP PASS Overflow (Metasploit) | windows_x86/remote/16731.rb Oracle 9i XDB (Windows x86) - FTP UNLOCK Overflow (Metasploit) | windows_x86/remote/16714.rb Oracle 9i XDB (Windows x86) - HTTP PASS Overflow (Metasploit) | windows_x86/remote/16809.rb Oracle MySQL (Windows) - FILE Privilege Abuse (Metasploit) | windows/remote/35777.rb Oracle MySQL (Windows) - MOF Execution (Metasploit) | windows/remote/23179.rb Oracle MySQL for Microsoft Windows - Payload Execution (Metasploit) | windows/remote/16957.rb Oracle VirtualBox Guest Additions 5.1.18 - Unprivileged Windows User-Mode Guest Code Do| multiple/dos/41932.cpp Oracle VM VirtualBox 5.0.32 r112930 (x64) - Windows Process COM Injection Privilege Esc| windows_x86-64/local/41908.txt --------------------------------------------------------------------------------------- Shellcodes: No Result kali@kali:~$ ``` ```bash kali@kali:~$ searchsploit oracle windows | wc -l 100 kali@kali:~$ ``` -------------------------------- ### Disable Color Output Source: https://www.exploit-db.com/searchsploit Use the --disable-colour option when piping searchsploit output to other tools like grep to ensure accurate matching of highlighted and non-highlighted text. ```bash # Example of disabling color output (no specific command shown, but option mentioned) ``` -------------------------------- ### Exclude Unwanted Search Results Source: https://www.exploit-db.com/searchsploit Use the --exclude option to filter out specific terms or paths from search results. Multiple terms can be excluded by separating them with a pipe symbol (|). ```bash kali@kali:~$ searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/" --------------------------------------------------------------------------------------- Exploit Title | Path --------------------------------------------------------------------------------------- --------------------------------- Linux Kernel (Solaris 10 / < 5.10 138888-01) - Local Privilege Escalation | solaris/local/15962.c Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW /proc/self/mem' Race Condition Privile| linux/local/40616.c Linux Kernel 2.6.22 < 3.9 - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalat| linux/local/40847.cpp Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (Write Access Me| linux/local/40838.c Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Esca| linux/local/40839.c Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (Write Access Met| linux/local/40611.c Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper' Local Privilege E| linux/local/18411.c Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper' Local Privilege Escalation (2) | linux/local/35161.c Linux Kernel 3.0 < 3.3.5 - 'CLONE_NEWUSER|CLONE_FS' Local Privilege Escalation | linux/local/38390.c Linux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Echo Race Condition Privilege Esc| linux_x86-64/local/33516.c Linux Kernel 3.2.0-23/3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init'| linux_x86-64/local/33589.c Linux Kernel 3.2.x - 'uname()' System Call Local Information Disclosure | linux/local/37937.c Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10 x64) - 'CONFIG_X86_X32=y' Local Privilege| linux_x86-64/local/31347.c Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.10) - 'CONFIG_X86_X32' Arbitrary Write (2) | linux/local/31346.c Linux Kernel 4.8.0 UDEV < 232 - Local Privilege Escalation | linux/local/41886.c Linux Kernel < 3.16.1 - 'Remount FUSE' Local Privilege Escalation | linux/local/34923.c Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation | linux/local/44302.c Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - 'ptrace/sysret' Local Privilege Escalation| linux_x86-64/local/34134.c Linux Kernel < 3.4.5 (Android 4.2.2/4.4 ARM) - Local Privilege Escalation | arm/local/31574.c Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege | linux/local/44299.c Linux Kernel < 3.8.9 (x86-64) - 'perf_swevent_init' Local Privilege Escalation (2) | linux_x86-64/local/26131.c Linux Kernel < 3.8.x - open-time Capability 'file_ns_capable()' Local Privilege Escalat| linux/local/25450.c Linux kernel < 4.10.15 - Race Condition Privilege Escalation | linux/local/43345.c Linux Kernel < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation | linux/local/45553.c Linux Kernel < 4.13.9 (Ubuntu 16.04 / Fedora 27) - Local Privilege Escalation | linux/local/45010.c Linux Kernel < 4.15.4 - 'show_floppy' KASLR Address Leak | linux/local/44325.c Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4) - Local Privilege Escalation | linux/local/44298.c Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege | linux/local/44300.c Linux Kernel < 4.4.0-83 / < 4.8.0-58 (Ubuntu 14.04/16.04) - Local Privilege Escalation | linux/local/43418.c Linux Kernel < 4.4.0/ < 4.8.0 (Ubuntu 14.04/16.04 / Linux Mint 17/18 / Zorin) - Local P| linux/local/47169.c --------------------------------------------------------------------------------------- Shellcodes: No Result kali@kali:~$ ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.