Tool Documentation:

exploitdb Usage Example

Search for remote oracle exploits for windows:

root@kali:~# searchsploit oracle windows remote
 Description                                                                    Path
----------------------------------------------------------------------------- ----------------------------------
Oracle XDB FTP Service UNLOCK Buffer Overflow Exploit                        | /windows/remote/80.c
Oracle 9.2.0.1 Universal XDB HTTP Pass Overflow Exploit                      | /windows/remote/1365.pm
Oracle 9i/10g ACTIVATE_SUBSCRIPTION SQL Injection Exploit                    | /windows/remote/3364.pl
Oracle WebLogic IIS connector JSESSIONID Remote Overflow Exploit             | /windows/remote/8336.pl
Oracle Secure Backup Server 10.3.0.1.0 Auth Bypass/RCI Exploit               | /windows/remote/9652.sh


Packages and Binaries:

exploitdb

Searchable archive from The Exploit Database. https://www.exploit-db.com/

Installed size: 188.14 MB
How to install: sudo apt install exploitdb

Dependencies:
  • libxml2-utils
exploitdb
root@kali:~# exploitdb -h

> exploitdb ~ Searchable Exploit Database archive

/usr/share/exploitdb
|-- exploits
`-- shellcodes

searchsploit

Exploit Database Archive Search

root@kali:~# searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]

==========
 Examples 
==========
  searchsploit afd windows local
  searchsploit -t oracle windows
  searchsploit -p 39446
  searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"
  searchsploit -s Apache Struts 2.0.0
  searchsploit linux reverse password
  searchsploit -j 55555 | jq
  searchsploit --cve 2021-44228

  For more examples, see the manual: https://www.exploit-db.com/searchsploit

=========
 Options 
=========
## Search Terms
   -c, --case     [term]      Perform a case-sensitive search (Default is inSEnsITiVe)
   -e, --exact    [term]      Perform an EXACT & order match on exploit title (Default is an AND match on each term) [Implies "-t"]
                                e.g. "WordPress 4.1" would not be detect "WordPress Core 4.1")
   -s, --strict               Perform a strict search, so input values must exist, disabling fuzzy search for version range
                                e.g. "1.1" would not be detected in "1.0 < 1.3")
   -t, --title    [term]      Search JUST the exploit title (Default is title AND the file's path)
       --exclude="term"       Remove values from results. By using "|" to separate, you can chain multiple values
                                e.g. --exclude="term1|term2|term3"
       --cve      [CVE]       Search for Common Vulnerabilities and Exposures (CVE) value

## Output
   -j, --json     [term]      Show result in JSON format
   -o, --overflow [term]      Exploit titles are allowed to overflow their columns
   -p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible)
   -v, --verbose              Display more information in output
   -w, --www      [term]      Show URLs to Exploit-DB.com rather than the local path
       --id                   Display the EDB-ID value rather than local path
       --disable-colour       Disable colour highlighting in search results

## Non-Searching
   -m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory
   -x, --examine  [EDB-ID]    Examine (aka opens) the exploit using $PAGER

## Non-Searching
   -h, --help                 Show this help screen
   -u, --update               Check for and install any exploitdb package updates (brew, deb & git)

## Automation
       --nmap     [file.xml]  Checks all results in Nmap's XML output with service version
                                e.g.: nmap [host] -sV -oX file.xml

=======
 Notes 
=======
 * You can use any number of search terms
 * By default, search terms are not case-sensitive, ordering is irrelevant, and will search between version ranges
   * Use '-c' if you wish to reduce results by case-sensitive searching
   * And/Or '-e' if you wish to filter results by using an exact match
   * And/Or '-s' if you wish to look for an exact version match
 * Use '-t' to exclude the file's path to filter the search results
   * Remove false positives (especially when searching using numbers - i.e. versions)
 * When using '--nmap', adding '-v' (verbose), it will search for even more combinations
 * When updating or displaying help, search terms will be ignored


Updated on: 2024-Aug-14