Search Exploits

Browser Search: Start With Google and Shodan Exploit Search

Quick tip: The fastest way to get initial leads is a targeted Google search:

<service_name> [version] exploit

Examples:

• apache 2.4.29 exploit

• linux kernel 5.10 RCE

Google often indexes public proof-of-concepts, GitHub repos, or blog posts with exploits. Don’t underestimate this step!

Shodan Exploit Search

Use Shodan Exploits to search exploits by software and version.

• Go to https://exploits.shodan.io/

• Enter your target software and version in the search box

• Browse exploits indexed from multiple sources in one place

Searchsploit — Your Go-To CLI Exploit Database

What it is: Searchsploit is the command-line interface for the famous Exploit-DB database, letting you search and retrieve exploits offline.

How to install:

Basic usage examples:

• Search exploits for Linux Kernel:

• Search exploits for Apache mod_ssl:

• Copy an exploit to your current directory by its ID (e.g., 7618):

• Show the full path of an exploit file:

• Open an exploit file directly in vi for inspection:

• Search vulnerabilities from an Nmap XML output:

Pro tip: Regularly update the exploit database:

Pompem — Another Exploit Search CLI Tool

What it is: Pompem is a newer, easy-to-use tool to search multiple exploit databases from your terminal.

How to use:

• Clone repo and install dependencies:

• Example search:

Pompem aggregates multiple sources and speeds up your search.

MSF-Search — Search Within Metasploit Framework

Why: If you use Metasploit, msfconsole has its own search command tailored for exploits, payloads, and modules.

How to search:

Start msfconsole:

Inside the console:

Replace parameters to fit your target software, port, OS, or exploit type.

PacketStorm — Extensive Exploit Repository

If you didn’t find exploits yet, try:

https://packetstormsecurity.com/

• Use the search box to enter the software or vulnerability

• Filter results by date, platform, or type

• Download exploits, advisories, and tools directly

Vulners — Aggregated Vulnerability & Exploit Database

Vulners pulls data from NVD, Exploit-DB, SecurityFocus, and more.

• Website: https://vulners.com/

• Search for your software and version to get CVEs and exploits in one place

• Offers an API for automation

Example search:

Sploitus — Meta Exploit Search Engine

Website: https://sploitus.com/

• Search exploits from multiple databases

• Simple interface for quick results

• Good alternative when other sources fail

Sploitify — Curated Exploits With Filters

Website: https://sploitify.haxx.it/

• Inspired by GTFOBins, but for exploits

• Filter by vulnerability type (RCE, LPE, Web, SMB, etc.), OS, and even labs to practice exploits

• Great for focused research and learning

search_vulns — Powerful Multi-Source Vulnerability & Exploit Search

Website: https://search-vulns.com/

• Combines data from NVD, Exploit-DB, GitHub PoCs, Security Advisory DBs, and endoflife.date

• Search by software or CVE

• Useful for broad, comprehensive checks