Share
## https://sploitus.com/exploit?id=5B50159E-79F5-5F3A-AE20-9297601F907C
# Exploit-DB Skill (Cross-Platform)

Small cross-platform helper around Exploit-DB data, focused on CVE lookup.

- Script: `searchsploit.py`
- Data source: `files_exploits.csv` from the official Exploit-DB repo
- Platforms: Windows, macOS, Linux

## What this gives you

- CVE lookup (`--cve`) against Exploit-DB's `codes` field
- Simple keyword search across exploit title/path
- Minimal JSON output for automation/LLM workflows
- Full metadata lookup by EDB-ID when needed
- URL output for quick browser pivots
- Built-in DB update (`--update`) via metadata-only CSV download

## Default database location

After `--update`, the expected default CSV is:

- `./exploitdb/files_exploits.csv` (inside this project folder)

That path is auto-detected, so most commands do not need `--db`.

## Requirements

- Python 3.10+

## 60-second setup

From this folder:

```powershell
# 1) Download metadata CSV only (creates ./exploitdb on first run)
python .\searchsploit.py --update

# 2) Point the script at the CSV for this shell session
$env:EXPLOITDB_PATH = ".\exploitdb\files_exploits.csv"

# 3) Test a CVE search
python .\searchsploit.py --cve CVE-2021-44228
```

macOS/Linux shell:

```bash
python3 ./searchsploit.py --update
export EXPLOITDB_PATH=./exploitdb/files_exploits.csv
python3 ./searchsploit.py --cve CVE-2021-44228
```

## Daily usage

```bash
# CVE lookup
python searchsploit.py --cve CVE-2021-44228

# CVE lookup + JSON
python searchsploit.py --cve CVE-2021-44228 --json

# Full metadata for one specific finding
python searchsploit.py --details 40279

# Show URLs instead of local paths
python searchsploit.py --cve CVE-2021-44228 --www

# Search by terms (AND match)
python searchsploit.py apache struts 2.0.0

# Title-only matching
python searchsploit.py --title wordpress 4.1

# Exclude noisy matches
python searchsploit.py linux kernel 3.2 --exclude "(PoC)|/dos/"
```

## Keep DB fresh

```bash
# Download/refresh files_exploits.csv only
python searchsploit.py --update

# Optional custom target directory
python searchsploit.py --update --clone-dir /path/to/exploitdb
```

## Flags you will forget later

- `--cve `: code lookup (`CVE-2021-44228`, `MS08-067`, `OSVDB-49243`)
- `--db `: explicit path to `files_exploits.csv`
- `--update`: download/refresh official `files_exploits.csv` only
- `--clone-dir `: directory where `files_exploits.csv` is stored
- `--json`: minimal LLM-friendly output
- `--json-full`: full JSON fields for search results
- `--www`: output `https://www.exploit-db.com/exploits/`
- `--id`: output EDB-ID in table view
- `--title`: search title only
- `--exclude `: exclude terms (split multiple with `|`)
- `--details `: full metadata for one finding

## Troubleshooting

- "Could not locate files_exploits.csv":
  - Run `python searchsploit.py --update`
  - Or pass `--db `
  - Or set `EXPLOITDB_PATH`

- `--update` fails:
  - Check network access to `gitlab.com`

- No results for a CVE:
  - Not all CVEs have Exploit-DB entries
  - Try JSON output and inspect `Codes`

## Notes

- This is intentionally scoped to core lookup/search behavior, not full parity with the original Bash `searchsploit` tool.
- `--update` downloads only `files_exploits.csv` and does not download exploit payload files.
- Data freshness depends on when you last ran `--update`.