i SearchSploit – a command line search tool for Exploit-DB – All things in moderation

SearchSploit – a command line search tool for Exploit-DB

What happens if your network breaks up? How can you search for detailed information about bugs to evaluate for your network?
In this post, I will introduce you to a tool that does not require network connection, but you can still find detailed information about the vulnerabilities. It is SearchSploit.

What is SearchSploit?

“Searchsploit” is a command-line search tool for Exploit-DB, which also allows you to bring a copy of Exploit-DB with you.
SearchSploit provides you with the ability to perform detailed offline searches in locally saved repositories.This capability is particularly useful for security assessment of the network without Internet access. Many vulnerabilities contain links to binary files that are not included in the standard repository but can be found in our Exploit-DB binaries.

How to Install SearchSploit

I will install SearchSploit on Kali Linux:

$sudo apt update

$sudo apt -y install exploitdb

Keeping SearchSploit Up-to-Date
If you are using Kali Linux, you can expect the exploitdb package to be updated weekly. If you are using homebrew or Git, you can expect daily updates (at 05:05 UTC).

Regardless of how you installed SearchSploit, all you need to do in order to update it is run the following:

$searchsploit -u

Using SearchSploit
Help screen

[email protected]:~$ searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]

  searchsploit afd windows local
  searchsploit -t oracle windows
  searchsploit -p 39446
  searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"

  For more examples, see the manual: https://www.exploit-db.com/searchsploit/

   -c, --case     [Term]      Perform a case-sensitive search (Default is inSEnsITiVe).
   -e, --exact    [Term]      Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
   -h, --help                 Show this help screen.
   -j, --json     [Term]      Show result in JSON format.
   -m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory.
   -o, --overflow [Term]      Exploit titles are allowed to overflow their columns.
   -p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible).
   -t, --title    [Term]      Search JUST the exploit title (Default is title AND the file's path).
   -u, --update               Check for and install any exploitdb package updates (deb or git).
   -w, --www      [Term]      Show URLs to Exploit-DB.com rather than the local path.
   -x, --examine  [EDB-ID]    Examine (aka opens) the exploit using $PAGER.
       --colour               Disable colour highlighting in search results.
       --id                   Display the EDB-ID value rather than local path.
       --nmap     [file.xml]  Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
                                Use "-v" (verbose) to try even more combinations
       --exclude="term"       Remove values from results. By using "|" to separated you can chain multiple values.
                                e.g. --exclude="term1|term2|term3".

 * You can use any number of search terms.
 * Search terms are not case-sensitive (by default), and ordering is irrelevant.
   * Use '-c' if you wish to reduce results by case-sensitive searching.
   * And/Or '-e' if you wish to filter results by using an exact match.
 * Use '-t' to exclude the file's path to filter the search results.
   * Remove false positives (especially when searching using numbers - i.e. versions).
 * When updating or displaying help, search terms will be ignored.

Basic Search
Simply add any number of search terms you wish to look for:

[email protected]:~$ searchsploit windows local smb

Note, SearchSploit uses an AND operator, not an OR operator. The more terms that are used, the more results will be filtered out.

Title Searching
Searches can be restricted to the titles by using the “-t” option:

[email protected]:~$ searchsploit -t windows smb 

Removing Unwanted Results
We can remove unwanted results by using the “–exclude=” option. We are also to remove multiple terms by separating the value with a “|” (pipe). This can be demonstrated by the following:

[email protected]:~$ searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"

You can see the results have been pretty much reduced when we use “–exclude=”.

Exploit-DB Online
The Exploit Database repository is the main core of Exploit-DB, making SearchSploit efficient and easy to use. However, some of the exploit metadata (such as screenshots, setup files, tags, and vulnerability mappings) are not included. To access them, you will need to check the website.
You can quickly generate the links to exploits of interest by using the “-w” option:

[email protected]:~$ searchsploit linux kernel 3.2 -w
--------------------------------------------------------------------------------------------------------- --------------------------------------------
 Exploit Title                                                                                           |  URL
--------------------------------------------------------------------------------------------------------- --------------------------------------------
Linux Kernel 2.0/2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD  | https://www.exploit-db.com/exploits/19117/
Linux Kernel 2.3 (BSD/OS 4.0 / FreeBSD 3.2 / NetBSD 1.4) - Shared Memory Denial of Service               | https://www.exploit-db.com/exploits/19423/
Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper' Privilege Escalation (1)           | https://www.exploit-db.com/exploits/18411/
Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper' Privilege Escalation (2)                           | https://www.exploit-db.com/exploits/35161/
Linux Kernel 3.2.0-23/3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Privilege Escala | https://www.exploit-db.com/exploits/33589/
Linux Kernel 3.2.1 - Tracing Multiple Local Denial of Service Vulnerabilities                            | https://www.exploit-db.com/exploits/38465/
Linux Kernel 3.2.24 - 'fs/eventpoll.c' Local Denial of Service                                           | https://www.exploit-db.com/exploits/19605/
Linux Kernel 3.2.x - 'uname()' System Call Local Information Disclosure                                  | https://www.exploit-db.com/exploits/37937/
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10 x64) - 'CONFIG_X86_X32=y' Privilege Escalation (3)         | https://www.exploit-db.com/exploits/31347/
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.10) - 'CONFIG_X86_X32' Arbitrary Write Exploit (2)                  | https://www.exploit-db.com/exploits/31346/
Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat (PoC)                                                    | https://www.exploit-db.com/exploits/31305/
Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - 'ptrace/sysret' Privilege Escalation                        | https://www.exploit-db.com/exploits/34134/
--------------------------------------------------------------------------------------------------------- --------------------------------------------

I hope the article will be useful to you when testing in isolated systems. If you have any comments about the post please leave a comment below.

Reference: https://www.exploit-db.com

Leave a Reply