Skip to content

Searchsploit

Official Documentation: https://www.exploit-db.com/searchsploit

Cheat Sheet: Searchsploit Commands

Purpose

Searchsploit is a command-line tool to search Exploit-DB offline. It lets you quickly find local exploit proof-of-concepts for known software vulnerabilities.

Scenarios

  • CTF: Search for exploits of a service/version banner you discover during enumeration.
  • Real world: Map discovered software versions against known vulnerabilities for testing.

All needed info to run

  • Installed with exploitdb package on Kali. Database stored locally.
  • Basic syntax: searchsploit <keyword>.
  • Options:
  • -m <id> → mirror (copy) exploit to current dir
  • -x <id> → open exploit in editor
  • -p → show full exploit path
  • -u → update database
  • Database path: /usr/share/exploitdb/.

Example commands & outputs

# Search for vsftpd exploits
$ searchsploit vsftpd 2.3.4
# Output:
# ----------------------------------------------
# Exploit Title                       | Path
# vsftpd 2.3.4 - Backdoor Command Exe | unix/remote/17491.rb

# Copy exploit locally
$ searchsploit -m 17491
# Output: Exploit copied to ./17491.rb

# Open exploit in editor
$ searchsploit -x 17491

Searchsploit Basics

  • Use searchsploit <keyword> with service name/version from nmap or banners.
  • Use -m to copy exploit locally so you don’t edit originals.
  • Update regularly with searchsploit -u.
  • Not every exploit works out-of-the-box — read and adapt code before running.

Searchsploit Commands