Blog

OffSec News

May 5, 2020

Exploit Database SearchSploit Update

To help search the local copy of Exploit DB, we created “SearchSploit“, which gives you a powerful command line interface to perform detailed queries. SearchSploit has recently been updated. Let’s review the update and the benefits.

2 min read

The Exploit Database, one of our community projects, is still actively under development with updates coming even after a decade of existence! This month, we’re excited to announce an update to the default search option when using [ccie]SearchSploit[/ccie].

Along with the web interface of Exploit-DB, we offer the database to download for offline usage, which is great for air-gapped networks without Internet access. We also offer all the shellcodes, binary resources and papers to go with it. To help search the local copy of Exploit-DB, we created “SearchSploit“, which gives you a powerful command line interface to perform detailed queries.

Let’s review the update and the benefits.

What’s changing

Previously, if you were searching for an exploit (for example “WordPress Core v5.2.2”) you might have tried something like:

[cce]kali@kali:~$ searchsploit wordpress core 5.2.2
Exploits: No Results
Shellcodes: No Results
kali@kali:~$
[/cce]

Then you might have tried removing the maintenance/build version, just leaving major and minor version numbers, 5.2:

[cce]kali@kali:~$ searchsploit wordpress core 5.2
———————————————————————— ————————–
Exploit Title | Path
———————————————————————— ————————–
WordPress Core 5.2.3 – Cross-Site Host Modification | php/webapps/47361.pl
WordPress Core 5.2.4 – Cross-Origin Resource Sharing | php/webapps/47557.txt
WordPress Core < 5.2.3 – Viewing Unauthenticated/Password/Private Posts | multiple/webapps/47690.md
———————————————————————— ————————–
Shellcodes: No Results
kali@kali:~$
[/cce]

Bingo! We found what we were looking for (EDB-ID: 47690), along with another two that may or may not work (based on the title). It took multiple queries, but we got there.

The new default change in searching with SearchSploit should be able to detect software version ranges, and search in-between values.

Now, with the update and the new changes, we can repeat our original search and get:

[cce]kali@kali:~$ searchsploit wordpress core 5.2.2
———————————————————————— ————————–
Exploit Title | Path
———————————————————————— ————————–
WordPress Core < 5.2.3 – Viewing Unauthenticated/Password/Private Posts | multiple/webapps/47690.md
WordPress Core < 5.3.x – ‘xmlrpc.php’ Denial of Service | php/dos/47800.py
———————————————————————— ————————–
Shellcodes: No Results
kali@kali:~$
[/cce]

We got what we wanted straight away – plus another possible exploit for the version!

You may have also noticed that the output is slightly cleaner from before. Under the hood, it is performing additional searches and amending the results. This means it may take a little longer. In our tests, it’s less than a second on modern desktops.

However, on lower-powered devices it may take longer. Offensive Security puts out images for ARM devices, as well as Kali NetHunter (Kali Linux on Android). These devices may take a bit longer with this change.

If you don’t want the new search function, you can stop it from happening by using the switch [ccie]-s / –strict[/ccie].

If you have any other ideas, suggestions, improvements or bug reports for the Exploit Database, please open an issue on GitHub. This will be packaged up and shipped with Kali Linux 2020.2, which is due shortly.

Happy sploit’ing!