Ultimate Searchsploit Cheat Sheet
Ultimate Searchsploit Cheat Sheet
The CLI tool for Exploit-DB. Find exploits offline, fast.
1. Search Modes
Refining how Searchsploit queries the local CSV database.
Standard Search
Case-insensitive search for terms.
Exact Title Match (-t)
Searches strictly within the "Title" field (ignores path/author). Reduces false positives.
Strict Search (-s)
Performs a specific search (case sensitive options available).
By CVE ID
Find exploits related to a specific CVE.
2. Result Handling & Copying
Once you find an exploit, you need to move it to your working directory.
Mirror (Copy) to Current Folder (-m)
Copies the exploit file (and any dependencies) to your current location.
Show Full Path (-p)
Displays the absolute path to the exploit on your disk.
Copy Path to Clipboard (Pipe)
Quickly copy the path for use in other commands.
3. Exploit Inspection
Always read the code before running it!
Examine Exploit (-x)
Opens the exploit in your default editor ($PAGER or vim). Good for checking hardcoded IP addresses or shellcode payload size.
Filtering Noise
Exclude results that are just "Denial of Service" (DoS) scripts using grep-like exclusions.
4. Online Interaction
Sometimes local scripts are broken or missing binary files.
Get Web Link (-w)
Returns the URL to the exploit on exploit-db.com.
Result: https://www.exploit-db.com/exploits/42315
5. Automation & Piping
Power user features for scripting and tool integration.
Nmap XML Input
Search automatically based on Nmap scan results.
JSON Output (-j)
Export results to JSON for parsing with tools like jq.
Color Disable
If you are piping output to a file, disable colors to avoid ANSI code garbage.
6. Maintenance
Update Database
Exploit-DB is updated daily. Keep your local copy fresh.
apt update && apt install exploitdb instead.
Post a Comment