Skip to main content

Overview

Once you have identified a service and its version, the next step is to look for known public exploits. This page covers all major exploit databases and search tools.

Search Strategy

1

Start with a Web Search

Search Google or other search engines for:
<service_name> <version> exploit
<service_name> <version> CVE
<service_name> <version> RCE
Also try the Shodan exploit search at exploits.shodan.io.
2

Use Searchsploit (Offline Exploit-DB)

searchsploit allows you to search the Exploit-DB from the command line — useful when you have no internet access:
searchsploit "linux Kernel"              # Search by keyword
searchsploit apache mod_ssl              # Search specific service
searchsploit --nmap file.xml            # Search from nmap XML output
searchsploit -m 7618                     # Copy exploit to current directory
searchsploit -p 7618                     # Show full path
searchsploit -x 7618                     # Open exploit in editor
3

Search Metasploit Modules

msf> search platform:windows port:135 target:XP type:exploit
msf> search name:eternal type:exploit
msf> search cve:2021-44228
4

Check Aggregator Databases

If nothing is found in Exploit-DB, try specialized aggregators that index multiple sources.

Exploit Databases and Resources

Exploit-DB / Searchsploit

The primary public exploit database. Use searchsploit for offline CLI access or browse the web interface.

Sploitus

Aggregates exploits from Exploit-DB, GitHub, and other databases with a clean unified search interface.

Vulners

Comprehensive vulnerability database including CVEs, exploits, and security advisories across many sources.

PacketStorm

Long-running security resource with exploits, advisories, papers, and tools not always indexed elsewhere.

Shodan Exploits

Search CVEs and exploits integrated with Shodan’s internet scanning data.

Sploitify

GTFOBins-style curated list with filters by vulnerability type (LPE, RCE, etc.), service, and OS. Includes links to practice labs.

search-vulns

Searches NVD, Exploit-DB, PoC-in-GitHub, GitHub Security Advisory, and endoflife.date in one query.

Pompem

Python tool to search for exploits across multiple databases from the CLI.

Specific Use Cases

Finding Exploits from Nmap Scans

# Run nmap and save XML output
nmap -sV -oX scan.xml <target>

# Search searchsploit against the scan results
searchsploit --nmap scan.xml

Searching for CVEs by Service

# Direct CVE search in Metasploit
msf> search cve:2023-44487  # HTTP/2 Rapid Reset
msf> search cve:2021-34527  # PrintNightmare

# Searchsploit by version
searchsploit "Apache 2.4.49"
searchsploit "OpenSSH 7.2"

Verifying Exploit Reliability

When you find an exploit, consider:
  1. Date — When was it published? Is the service version affected?
  2. Type — Authenticated vs. unauthenticated, local vs. remote
  3. Reliability — Is it a PoC, a weaponized exploit, or a Metasploit module?
  4. Patch status — Has the target applied the relevant patches?
Always test exploits in a controlled lab environment before using them in a production penetration test. An unreliable exploit can cause service crashes or unexpected behavior that falls outside your engagement scope.

GitHub Exploit Repositories

Many exploits are published to GitHub before they appear in formal databases: 
# Search GitHub via Google dork
site:github.com "CVE-2024-XXXXX" exploit

# Or via GitHub search API
gh search repos "CVE-2024" --language python --sort stars
Platforms like search-vulns.com automatically index PoC-in-GitHub entries linked to CVE IDs, saving significant manual search time.

Build docs developers (and LLMs) love

Get started for freeTalk to us