A Guide on SearchSploit Tool

Searchsploit, a command line search tool for Exploit-DB that also allows you to take a copy of Exploit Database with you, everywhere you go. SearchSploit gives you the power to perform detailed off-line searches through your locally checked-out copy of the repository. This capability is particularly useful for security assessments on segregated or air-gapped networks without Internet access.

Many exploits contain links to binary files that are not included in the standard repository but can be found in our Exploit Database Binary Exploits repository instead. If you anticipate you will be without Internet access on an assessment, ensure you check out both repositories for the most complete set of data.

Using the flag “-t” search just the exploit title:

We can be more specific and add some parameters to the search like if we looking for exploits foe ssh to windows os, we can write it like this:

searchsploit –t ssh windows

As we can see from the search result every time we get back a result it shows also the path to the exploit on the far right of the screen, let’s say we are searching for exploit “25268.txt” and we want to copy it to our home directory, all we need to do is use the flag “-m” to search for it and copy it at the same time to our home directory or to where we are in the terminal:

We can also read the file with the flag “—examine” or just “-x”:

searchsploit 25268.txt –examine

We can filter the output by specifying a word or more, if we looking for exploits for Privilege Escalation we can write it like this:

searchsploit ubuntu 14.04 | grep Privilege Escalation

Now let’s say we want to download the exploit right from the internet and not from the database for our local system, no need to search online for it as we can use the flag “-w” with our search to view the name of the exploits along with the URL to that exploit and we can click the link to it and download it:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s