Search Exploits

Browser Search: Start With Google and Shodan Exploit Search

Quick tip: The fastest way to get initial leads is a targeted Google search:

<service_name> [version] exploit

Examples:

• apache 2.4.29 exploit

• linux kernel 5.10 RCE

Google often indexes public proof-of-concepts, GitHub repos, or blog posts with exploits. Don’t underestimate this step!

Shodan Exploit Search

Use Shodan Exploits to search exploits by software and version.

• Go to https://exploits.shodan.io/

• Enter your target software and version in the search box

• Browse exploits indexed from multiple sources in one place

Searchsploit — Your Go-To CLI Exploit Database

What it is: Searchsploit is the command-line interface for the famous Exploit-DB database, letting you search and retrieve exploits offline.

How to install:

sudo apt update && sudo apt install exploitdb

Basic usage examples:

• Search exploits for Linux Kernel:

searchsploit "linux kernel"

• Search exploits for Apache mod_ssl:

searchsploit apache mod_ssl

• Copy an exploit to your current directory by its ID (e.g., 7618):

searchsploit -m 7618

• Show the full path of an exploit file:

searchsploit -p 7618

• Open an exploit file directly in vi for inspection:

searchsploit -x 7618

• Search vulnerabilities from an Nmap XML output:

searchsploit --nmap file.xml

Pro tip: Regularly update the exploit database:

searchsploit -u

Pompem — Another Exploit Search CLI Tool

What it is: Pompem is a newer, easy-to-use tool to search multiple exploit databases from your terminal.

How to use:

• Clone repo and install dependencies:

git clone https://github.com/rfunix/Pompem.git 
cd Pompem 
pip3 install -r requirements.txt 
python3 pompem.py -h

• Example search:

python3 pompem.py -s "apache 2.4.29"

Pompem aggregates multiple sources and speeds up your search.

MSF-Search — Search Within Metasploit Framework

Why: If you use Metasploit, msfconsole has its own search command tailored for exploits, payloads, and modules.

How to search:

Start msfconsole:

msfconsole

Inside the console:

search platform:windows port:135 target:XP type:exploit

Replace parameters to fit your target software, port, OS, or exploit type.

PacketStorm — Extensive Exploit Repository

If you didn’t find exploits yet, try:

https://packetstormsecurity.com/

• Use the search box to enter the software or vulnerability

• Filter results by date, platform, or type

• Download exploits, advisories, and tools directly

Vulners — Aggregated Vulnerability & Exploit Database

Vulners pulls data from NVD, Exploit-DB, SecurityFocus, and more.

• Website: https://vulners.com/

• Search for your software and version to get CVEs and exploits in one place

• Offers an API for automation

Example search:

apache 2.4.29 RCE

Sploitus — Meta Exploit Search Engine

Website: https://sploitus.com/

• Search exploits from multiple databases

• Simple interface for quick results

• Good alternative when other sources fail

Sploitify — Curated Exploits With Filters

Website: https://sploitify.haxx.it/

• Inspired by GTFOBins, but for exploits

• Filter by vulnerability type (RCE, LPE, Web, SMB, etc.), OS, and even labs to practice exploits

• Great for focused research and learning

search_vulns — Powerful Multi-Source Vulnerability & Exploit Search

Website: https://search-vulns.com/

• Combines data from NVD, Exploit-DB, GitHub PoCs, Security Advisory DBs, and endoflife.date

• Search by software or CVE

• Useful for broad, comprehensive checks