Hey Folks, in this tutorial we are going to talk about the SearchSploit tool. This tool is specially designed for CTF players, where they can easily find the exploits with the command line.
Searchsploit is a (CLI) tool for find the exploits, which also allows you to bring a copy of Exploit-DB with you. SearchSploit provides you with the ability to perform detailed offline searches in locally saved repositories. Many vulnerabilities contain links to binary files that are not included in the standard repository but can be found in our Exploit-DB binaries.
Lets do it 🙂 !!
If you doesn’t have this tool you can download it by using the following command.
sudo apt -y install exploitdbAfter installation is complete we can execute it from any location of our terminal.
searchsploitIf your tool is out dated then you can use “-u” option which will automatically update your tool.
searchsploit -uWe can just type in anything we want to see and it will give us all the results that will be related to that word.
searchsploit afd windows localLets take another example and try to find wordpress all vulnerable plugins.
We can use the following command to get all the exploits.
searchsploit Multi Scheduler 1.0In this attempts we will try to find the exploit with CVE number.
searchsploit 37200If we want to get more information about the exploits then we have to go on google to find them but by using this command we can find the exploits links directly.
searchsploit Multi Scheduler -wExclude function is used to remove some unwanted results.
searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"By using “-m” option we can copy the exploit in your current working directory.
searchsploit -m 32112Let’s figure out this feature. Now we will save our nmap results in xml format.
nmap 192.168.0.102 -oX result.xmlLets check the results.
It will checks all results in nmap XML output and try to find the related exploit.
searchsploit –x --nmap result.xmlSimilarly ! we can get better results by adding filters to our results.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.
The gau (Get All URLs) tool is a versatile open-source utility that collects URLs from…
Jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic…
Hey Folks :) !! In this tutorial, we will describe some of the techniques commonly…
Hey Folks :) !! In this article, we present the "Termux Cheat Sheet for Hackers"…
Amid the rapid advancement of technology, the significance of human involvement in cybersecurity frequently goes…
Hey Folks, we are back today after such a long break, but don't worry we…
This website uses cookies.