Comprehensive Guide on SearchSploit

Hello friends!! Several times you might have read our articles on CTF challenges and other, where we have used searchsploit to find out an exploit if available in its Database. Today in this article we are going to discuss searchsploit in detail.

Table of Content

  • Introduction to searchsploit
  • Title Searching
  • Advance Title Searching
  • Copy To Clipboard
  • Copy To Directory
  • Examine an Exploit
  • Examining Nmap result
  • Exploit-DB Online
  • Eliminate Unwanted Results
  • Case Sensitive

Introduction to SearchSploit

Included in the Exploit Database repository on GitHub is “searchsploit”, a command line search tool for Exploit-DB that also allows you to take a copy of Exploit Database with you, everywhere you go. SearchSploit gives you the power to perform detailed off-line searches through your locally checked-out copy of the repository. This capability is particularly useful for security assessments on segregated or air-gapped networks without Internet access.

Since we are using GNOME build of Kali Linux therefore the “exploitdb” package is already included by default, all we need to do, open the terminal and just type “searchsploit” and press Enter. You will welcome by its help screen.


Title Searching

Using –t option enables “title” parameter to search an exploit with specific title. Because by default, searchsploit will try both the title of the exploit as well as the path. Searching an exploit with specific title gives quick and sorted results. 

Syntax: searchsploit [option] <title>

The above command will search exploit related to the java platform and will show all exploit available in the exploit DB database.

Advance Title Searching

Even you can use –t option, to get more fine result in finding the exploit of any particular platform. For example, if you want to find out java exploit for windows platform, then you can consider the following command.

Now you can compare the current output result from the previous result.

Copy To Clipboard

Using –p options, enables “copy to clipboard parameter” as this option provides more information related to the exploit, as well as copy the whole path to the exploit to the clipboard, all you need press Ctrlv to paste.

In the following image we have shown the default result varies when we use –p option along it.

Copy To Directory

using –m options, enables “copy to directory/folder parameter” as this option provides same information as above related to the exploit, as well as copy the exploit in your current working directory.

In the following image we have shown the default result varies when we use –m option along it.

Examine an Exploit

Using —examine option, enables examine parameter to read the functionality of that exploit with the help of $PAGER.

The above command will open the text file of the exploit to review its functionality, code and other information.

Examining Nmap result

As we all known, Nmap has very remarkable feature that let you save its output result in .xml format and we can identify each exploit associated with nmap xml file.

With the help of above command we have saved the scanning result of nmap in an xml file, so that we can search the exploit related to scanned port/services.

Using –x option enables the examine parameter as well as  –nmap option Checks all results in Nmap’s XML output with service version to find out related exploit with it.

Here you can observe that, it is using verbose mode for examine xml file and had shown all possible exploit of running services.

Continue reading…