Searchsploit is a command-line search tool for the Exploit Database (Exploit-DB), a comprehensive repository of public exploits and vulnerabilities maintained by Offensive Security.
It is designed to help security professionals and penetration testers quickly find, review, and copy exploit code directly to their local machine during security assessments.
It is pre-installed on Kali Linux but can be installed on other systems (macOS, Windows via VM) via Git or Homebrew.
Key Features and Capabilities Offline Searching: Searchsploit allows users to download the entire Exploit-DB repository, enabling detailed offline searches, which is essential for working on air-gapped or restricted networks. Rapid Identification: It allows searching by keywords, application, or version number, making it easy to find specific vulnerabilities. Mirroring Exploits: With the -m option, users can copy an exploit file from the database to their current working directory. Examining Code: It includes functionality (—examine) to quickly open and read the exploit code in a pager. Version Range Support: Modern versions of Searchsploit can identify software version ranges, increasing the chances of finding relevant exploits. Update Mechanism: It includes an update command (-u or —update) to keep the local database synchronized with the latest, online Exploit-DB entries.
Common Usage Examples
Update the Database: searchsploit -u
Search for an Exploit: searchsploit
Key Information Focus: It only searches for practical exploit code (e.g., Python scripts, C code, shellcode) and does not typically return results for academic papers or the Google Hacking Database. Search Operator: It uses an “AND” operator by default, meaning more keywords make the search more specific. Data Source: It is tied to the Exploit-DB website, but allows local, offline interaction.
clitool #tool