When this service was SVN based the local database copies where updated every Sunday. It has been a little over a week since updates where pushed, is there a new schedule and if so what is it?

Hello how to install the repository on mac os x?

This is prolly a total stupid noob question, but I'm so sick of these exploits that never, ever, ever, ever work. I realize it's prolly something I'm doing. To be honest, I have no clue what you mean in your usage.

"Usage: " << argv[0] << " " << endl;
cout <<
"Example: " << argv[0] << " 192.168.2.100 21" << endl;
return (-1);

Apparently I don't just type in ./1336.cpp target_ip port, because that doesn't work, as this is my output. Can you either clarify the usage instructions or give me some type of tip? Thx

: No such file or directory
./1336.cpp: line 2: $'FileZillaDoS.cpp\r': command not found
./1336.cpp: line 3: FileZilla: command not found
./1336.cpp: line 4: Read: command not found
./1336.cpp: line 5: syntax error near unexpected token (' ./1336.cpp: line 5:Made to work with Microsoft(R) Visual C++(R), to use link "'S2_32.lib".

I also tried running it like: ./1366.cpp " << argv[0] << " target_ip 21", but just get presented with a prompt. Am I supposed to type something else in or.....?

Can you add the CVE number directly to the files.csv?

I'm trying to avoid reindexing it.

It seems like this field is available on the exploitdb website, but not present in the csv index.

In the .csv there are lines

38636,platforms/multiple/remote/38636.txt,"Cryptocat Chrome Extension 'img/keygen.gif' File Information Disclosure Vulnerability",2012-11-07,"Mario Heiderich",multiple,remote,0
38637,platforms/multiple/remote/38637.txt,"Cryptocat Arbitrary Script Injection Vulnerability",2015-11-07,"Mario Heiderich",multiple,remote,0

The first line has date 2012-11-07 and the link in the 38636.txt file also has that date.

But the second line has 2015-11-07 date, while the link in 38637.txt file has 2012-11-07.

Why does the second line from the .csv excerpt uses 2015 instead of 2012?

Hello,
is there a way to do the following research in searchsploit (or programmatically)?
https://www.exploit-db.com/search?type=webapps&platform=php&hasapp=true

When the --json switch is used to get JSON formatted output, it's not valid JSON, because there are are two double quotes after the value for "Exploit":

$ searchsploit --json WordPress
{
  "SEARCH": "WordPress",
  "RESULTS": [
                {"Exploit":"WordPress 2.9 - Denial of Service"","Path":"/usr/local/Cellar/exploitdb/2016-12-02/share/exploitdb/platforms/php/dos/10825.sh","EDB-ID":10825},
                {"Exploit":"WordPress 4.0 - Denial of Service"","Path":"/usr/local/Cellar/exploitdb/2016-12-02/share/exploitdb/platforms/php/dos/35413.php","EDB-ID":35413},

...

Using jq will tell you there is a problem parsing the resulting JSON.

I didn't found out where the value came from, but I can provide a workaround:

in Line 632 of searchsploit I added another sed command to substitute "", for ",:

-    | sed '$ s/,$//g' )"
+    | sed -e '$ s/,$//g' -e 's/\"\",/\",/g' )"

I can provide a pull request if you want.

Hello there!

While I was trying to parse the search results in the JSON Format, I noticed that there was no comma after the first record but there was still a comma left after the last record (see example below):

{ "SEARCH": "ProFTPD 1.3.0", "DB_PATH": "/opt/exploit-database", "RESULTS": [ {"Exploit":"ProFTPd 1.2 < 1.3.0 (Linux) - sreplace Buffer Overflow (Metasploit)"} {"Exploit":"ProFTPd 1.3.0 - (sreplace) Remote Stack Overflow"}, {"Exploit":"ProFTPd 1.3.0 - mod_ctrls Local Stack Overflow"}, {"Exploit":"ProFTPd 1.3.0a - (mod_ctrls support) Local Buffer Overflow (PoC)"}, ] }

The issue here is that the results are sorted after the last comma has been removed. The sed command in line 697 should be called after the sort command in line 698 instead.

Exploit https://www.exploit-db.com/exploits/42031 references two shellcode files:

• x64 ~ https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/42030.asm
• x86 ~ https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/42031.asm

But these links lead nowhere.

Example:
searchsploit -j --id joomla 5109
Result:

{
        "SEARCH": "joomla 5109",
        "DB_PATH": "/usr/local/Cellar/exploitdb/2017-10-18/share/exploitdb",
        "RESULTS": [
Joomla! Component xfaq 1.2 - 'aid' SQL Injection                                              | 5109
        ]
}

is there any plan to add more metadata to the csv file, like cve etc.?

Like it says on the tin. I think it happens because $(software) on line 307 is undefined outside of the while do loop. Here's a diff between my version and the current searchsploit:

root@kali:/media/sf_Hack/tantest# diff /usr/bin/searchsploit ../recon/searchsploit
295c295
<         echo "${software}" >> /tmp/searchsploitout
---
>         #echo "${software}" >> /tmp/searchsploitout
304a305
>     echo "${software}" >> /tmp/searchsploitout
307c308
<   echo "${software}" >> /tmp/searchsploitout
---
>   #echo "${software}" >> /tmp/searchsploitout

Adding the echo "${software}" >> /tmp/searchsploitout at line 304 just outside of the case/esac catches the last <port> element but also increases the number of searches and those that return > 100 results (for example mysql, irc, ...) although these could be added to list of overly general terms that are filtered. Not the best solution but hey :)

I believe that you use some automated script to generate files.csv. I think I found a vice in the algo.

Take a look at line for the EDBID 10209: the second field has two forward slashes (//) and the third to the last field is empty.

My guess is that your algo fails because the 10209.txt file is kept in the root of platforms/webapps/ directory, while all other exploits are kept in exploit-type/ subdirs of platforms/platform-name/ directories.

Since the location of the 10209.txt violates the overall directory structure anyway, the easiest and straightforward solution would be to mv platforms/webapps/10209.txt platforms/multiple/webapps/ and then rmdir platforms/webapps. Or you can fix your files.csv generating algo...

Can you add CVE number in files_exploits.csv detail ?

about the mupdf 1.3 BOF
I didnt understand how to change the comman into the array
anyone help?

Change line 16
csvpath="${gitpath}/files.csv"

To
csvpath="$(locate files.csv)"

The files in the repo's root README.md and files.csv are executable for no reason (that I can figure out.) This adds two broken "programs" into my path. I wouldn't want to chmod -x the files everytime I git pull. This should be an easy fix. Thanks

is there any exploit for windows server 2012? help pls

Hi,

Just wanted to suggest adding an option to search for exploits by the CVE ID, the same way you search from the exploit-db website.

Thanks in advance.

Best Regards,
Mohamed Abo El-Kheir

Attempted to update searchsploit on linux via searchsploit --update: received the following output:

[i] Git pull'ing
Updating e8dcb9f..deaee53
Fast-forward
exploits/cgi/webapps/46081.txt | 20 ++++
exploits/hardware/webapps/46092.py | 49 ++++++++++
exploits/php/webapps/46076.txt | 36 ++++++++
exploits/php/webapps/46077.txt | 20 ++++
exploits/php/webapps/46079.txt | 24 +++++
exploits/php/webapps/46080.txt | 26 ++++++
exploits/php/webapps/46082.txt | 157 ++++++++++++++++++++++++++++++++
exploits/php/webapps/46083.txt | 54 +++++++++++
exploits/php/webapps/46084.txt | 34 +++++++
exploits/php/webapps/46085.txt | 177 ++++++++++++++++++++++++++++++++++++
exploits/python/remote/46075.rb | 144 +++++++++++++++++++++++++++++
exploits/windows/dos/46078.html | 51 +++++++++++
exploits/windows/dos/46087.py | 25 +++++
exploits/windows/dos/46088.py | 25 +++++
exploits/windows/dos/46089.py | 30 ++++++
exploits/windows/local/46093.txt | 71 +++++++++++++++
exploits/windows/webapps/46086.txt | 60 ++++++++++++
exploits/windows/webapps/46090.html | 58 ++++++++++++
exploits/windows/webapps/46091.html | 83 +++++++++++++++++
files_exploits.csv | 19 ++++
20 files changed, 1163 insertions(+)
create mode 100644 exploits/cgi/webapps/46081.txt
create mode 100755 exploits/hardware/webapps/46092.py
create mode 100644 exploits/php/webapps/46076.txt
create mode 100644 exploits/php/webapps/46077.txt
create mode 100644 exploits/php/webapps/46079.txt
create mode 100644 exploits/php/webapps/46080.txt
create mode 100644 exploits/php/webapps/46082.txt
create mode 100644 exploits/php/webapps/46083.txt
create mode 100644 exploits/php/webapps/46084.txt
create mode 100644 exploits/php/webapps/46085.txt
create mode 100755 exploits/python/remote/46075.rb
create mode 100644 exploits/windows/dos/46078.html
create mode 100755 exploits/windows/dos/46087.py
create mode 100755 exploits/windows/dos/46088.py
create mode 100755 exploits/windows/dos/46089.py
create mode 100644 exploits/windows/local/46093.txt
create mode 100644 exploits/windows/webapps/46086.txt
create mode 100644 exploits/windows/webapps/46090.html
create mode 100644 exploits/windows/webapps/46091.html

[*] Git update finished.
[i] Path: /opt/exploitdb/
[i] Updating via Git (Expect daily updates): exploitdb-papers ~ /opt/exploitdb-papers

[i] Git pull'ing
Username for 'https://github.com':
Password for 'https://github.com':
Username for 'https://github.com':
Password for 'https://github.com':
remote: Access to this repository has been disabled by GitHub staff. If you are the repository owner, you can contact support via https://github.com/contact for more information.
fatal: Authentication failed for 'https://github.com/offensive-security/exploitdb-papers.git/'

[-] Git conflict

Could you add more information in the "searchsploit" script output?
I think that have the "Publication date" and the " Verified flag" would be useful.
Thanks...

Unable to execute searchsploit from user or root without changing the permissions on the file. Update reverts the file to rw-r--r--

Hi everyone !

I was wondering how to use the exploit 39340 (in "local" folder, for the android platform).
As the code is a C++ program, I do not really understand how to launch it on the emulator or device : do I have to build an application with NDK ? Otherwise : where must I launch it, please ?

If I understood well, the code to launch each step is :

$ ./poc <number of the step (1, 2 or 3)>

(with some reboots between the different steps, and keeping the line disabling autorotate if I do not want an overwritten /system partition)
Is it correct or am I wrong ?

Thank you in advance for your help !

On https://www.exploit-db.com/exploits/45432/ we can see the reference is clearly CVE-2018-8355

however on your github page for the exploit (https://github.com/offensive-security/exploit-database/blob/master/exploits/windows/dos/45432.js) there's no indication what CVE this is because the author didn't include it in the PoC. It would be really helpful to have the CVE and other metadata added into the github exploit code as a header for easier processing.

"3 new exploits" is not a useful commit message. It'd be much more useful to follow if the commit messages included accurate descriptions of the new files.

sudo searchsploit -u
[i] Updating via Git (Expect daily updates).

fatal: 'upstream' does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: 'upstream' does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

[*] Git update finished.
[i] Path: /opt/exploit-database/platforms/

Hi,

I (member of Webmin team) would like to report a bogus exploit for Webmin located at
/exploitdb/exploits/cgi/remote/46201.rb and exploit-db.com/exploits/46201.

We already contacted initial author Özkan Mustafa Akkuş, explaining that his "exploit" is a fake, because it can only be perpetrated if run under root account (su capable user).

It doesn't make it an exploit, as "successfully exploiting" as root makes no sense.

Discussion on Twitter with the author can be found on this link.

running Ubuntu 16.04
sudo searchsploit --update

Here is the output:

[i] Updating via Git (Expect daily updates).

fatal: 'upstream' does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: 'upstream' does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Hi, fellows!
May I suggest adding Vulners as additional source for searchsploit?
Vulners is freeware security content database with open API.
It aggregates a lot of information and structure it to the JSON definitions.
It holds all major exploit databases inside: https://vulners.com/stats

Maybe I can help you with good search queries to make searchsploit even better?
Here is search api reference: https://vulners.com/docs
And here are examples of queries: https://vulners.com/help

any chance to have the CVEs assigned, when available?

Hello guys,

the following URL seems to be broken:

https://www.exploit-db.com/exploits/16800/

What is the license that is used for this specific repository/project? We could not find it while doing analysis of the project: https://linuxsecurity.expert/tools/searchsploit/

Maybe just on my installation?

Linux vm 4.14.0-kali1-amd64 #1 SMP Debian 4.14.2-1kali1 (2017-12-04) x86_64 GNU/Linux

dpkg -l | grep exploitdb

ii exploitdb 20180109-0kali1 all Searchable Exploit Database

Not finding an existing exploit-db entry (with -t flag):

searchsploit -t Virata

Exploit Title

Finding an existing exploit-db entry (w/o -t flag):

searchsploit Virata

Exploit Title

Virata EmWeb R6.0.1 - Remote Crash

The path is still being included in the search when the -t flag is used.
I think this should fix it.

root@kali:~# diff /usr/bin/searchsploit ./searchsploit 
669c669
<   SEARCH="${SEARCH} | awk -F '[,]' '${CASE_TAG_FGREP}(\$2) ~ /${AWK_SEARCH}/ {print}'"
---
>   SEARCH="${SEARCH} | awk -F '[,]' '${CASE_TAG_FGREP}(\$3) ~ /${AWK_SEARCH}/ {print}'"

When running searchsploit against nmap output the json output is not really useful / usable because it is mixed in with info messages below even with redirect to 2>/dev/null.

▶ searchsploit --nmap portscan.xml --json 2>/dev/null | egrep  '^\[i\]'  
[i] SearchSploit's XML mode (without verbose enabled).   To enable: searchsploit -v --xml...
[i] Reading: 'portscan.xml'

Would be nice if you could pipe the output to jq or redirect to json file etc.

exploit-database/platforms/hardware/webapps/29131.rb

I am not sure if I am missing something. 29131.rb always returns : No such file or directory.

$ ruby -v
ruby 2.1.5p273 (2014-11-13) [x86_64-linux-gnu]

First search is with terminal set to larger font (size 11 lekton bold). Returns no items.
Second search: reduce the terminal zoom (ctrl+-), search on the same term, and results is populated.

https://snag.gy/6JN3mL.jpg

the Poc dosn't work on kernel 4.4 (32 bit )
it's return Protocol not available on the setsockopt(sock, SOL_IP, IPT_SO_SET_REPLACE, (void *) data, size); function .

We are facing an issue reported here: pentoo/pentoo-overlay#121

Basically, searchsploit is a symlink from /usr/bin/ to /usr/share/exploitdb/searchsploit in our setup.
The current code gitpath="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" does not resolve it and leads to the error.

Perhaps, you could use readlink/realpath or similar.
http://stackoverflow.com/questions/7665/how-to-resolve-symbolic-links-in-a-shell-script

I am a developer for The ArchAssault Project, we want to distribute your project but I do not see a license file on a license of any kind on the repository. I would think its opensource, but please let us know. Once we distribute it we will make sure to update it daily or provide a script for our users to update their local copy daily.

Site: archassault.org
twitter: @Archassault
wiki: wiki.archassault.org

Thanks
Arch3y

Hello,
After trying to load the module by placing it -> "/root/.msf4/modules/exploit/remote/40740.rb"
metasploit complains to me saying the following:

[-] WARNING! The following modules could not be loaded!
[-] /root/.msf4/modules/exploits/linux/remote/40740.rb: Errno::ENOENT No such file or directory @ rb_sysopen - /root/.msf4/modules/exploits/linux/remote/40740.rb

Upon searching vigorously I was unable to find a solution, although i feel it has to do with these calls:

class MetasploitModule < Msf::Exploit::Remote
Rank = NormalRanking

include Msf::Exploit::Remote::HttpClient

As the locations do not exist. Am I doing this wrong? or should I have these files as well? I could not locate the above locally or on Exploit-db or within this Git. Any help would be greatly appreciated.

Also, I checked the logs and Framework.log says the same exact information stated above, no further info to point me to the exact location or reason for the error.

Thanks,

Also, I forgot to mention, Im on a fresh install of Kali (All updated by Dist-Upgrade) and I also made sure exploitdb was updated as well as searchsploit. please let me know if any further info is needed.

After further i was able to get ruby to show me the following:

ruby -v .msf4/modules/exploit/40740.rb
ruby 2.3.1p112 (2016-04-26) [x86_64-linux-gnu]
/usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in require': cannot load such file -- msf/sanity (LoadError) from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in require'
from /usr/share/metasploit-framework/lib/msf/core.rb:14:in <top (required)>' from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in require'
from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in require' from .msf4/modules/exploit/40740.rb:17:in

I have sanity installed and jruby... also did a gem update. not sure what I am missing.

Also, I defined the require path to its absolute path as my environment is not the same as the scrip makers.. I am open to suggestions as far as setting environment variables as well... Just let me know what you need.

Thanks again.
Bait.

Hello,

This issue started appearing a while back. Removed and reinstalled it however the same issue occurs.

For example:

root@kali:/media/sf_Hack/tantest# searchsploit --nmap 192.168.0.102/TCP-open.xml 
[i] SearchSploit's XML mode (without verbose enabled)
[i] Reading: '192.168.0.102/TCP-open.xml'

[i] /usr/bin/searchsploit -t vsftpd 2 3 4
[i] /usr/bin/searchsploit -t openssh 4 7p1 debian 8ubuntu1
[i] /usr/bin/searchsploit -t linux telnetd
...

/usr/bin/searchsploit -t vsftpd 2 3 4 should return a single result:

root@kali:/media/sf_Hack/tantest# /usr/bin/searchsploit -t vsftpd 2 3 4
-------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------
 Exploit Title                                                                                                                                                |  Path
                                                                                                                                                              | (/usr/share/exploitdb/platforms)
-------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------
vsftpd 2.3.4 - Backdoor Command Execution (Metasploit)"                                                                                                       | /unix/remote/17491.rb
-------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------

I fixed it according to the following diff:

root@kali:/media/sf_Hack/tantest# diff /usr/bin/searchsploit ../recon/searchsploit
241c241
<       elif [[ "${lines}" -gt 6 ]]; then
---
>       elif [[ "${lines}" -gt 5 ]]; then
265c265
<     elif [[ "${lines}" -gt 6 ]]; then
---
>     elif [[ "${lines}" -gt 5 ]]; then
647,649c648,651
< ## Show content
< echo "${OUTPUT}"
< 
---
> ## Show content if there is any present
> if [ "${OUTPUT}" ]; then
>   echo "${OUTPUT}"
> fi

2017-06-13 is tagged as latest, is this the current release or should 2017-07-07 be used?

Homebrew/homebrew-core#15374

Can we this include the google dorks as well, or will that be a separate repository?

Hello, this is a similar exploit like this on SandboxEscaper but I try this with some external software. In this case, the software is Firefox. I wrote a little program which must be running on the victim Windows 10 machine like an administrator, when the program is running she replaced the original startup.exe, with other exploit program.exe.
When the user is running the Firefox program he actually runs the other exploit program.
Link: https://www.youtube.com/watch?v=utLuLC06_tc
I'm not sharing the code but if this is necessary I will do.
BR V.Varbanovski @nu11secur1ty

The use of the -p/--path parameter does not appear to be working for me. It won't print the full path, but always result in Could not find exploit EDB-ID #.

root@kali:/tmp# searchsploit tight
--------------------------------------------------------------------------------------------------- ----------------------------------
 Exploit Title                                                                                     |  Path
                                                                                                   | (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------------------------- ----------------------------------
UltraVNC/TightVNC - Multiple VNC Clients Multiple Integer Overflow (PoC)                           | ./windows/dos/7990.py
TightVNC - Authentication Failure Integer Overflow (PoC)                                           | ./windows/dos/8024.py
TightAuction 3.0 - Config.INC Information Disclosure                                               | ./php/webapps/21893.php
--------------------------------------------------------------------------------------------------- ----------------------------------
root@kali:/tmp# searchsploit --path tight
Could not find exploit EDB-ID #
root@kali:/tmp# searchsploit -p tight
Could not find exploit EDB-ID #
``

Add multi parameter vulnerable
https://github.com/Cheban1996/multi_exploit

Currently the essential files.csv file for this repo is missing. We can't tell which exploit is which with out it.

I created a c# version of the code for users who's main platform is windows.

https://github.com/raul5660/exploit-database-c-sharp