Share
## https://sploitus.com/exploit?id=6ED809CB-E6EF-58F5-BD9D-9116013EF1CC
# Exploit Search

A unified vulnerability search tool that aggregates CVE data, exploits, and proof-of-concept code from multiple sources in a single search interface.

## Features

- **Search latest critical CVEs** from the last 7 days with CVSS scores
- **Search CVEs by keyword** across all sources
- **Search by vendor/product** to find vulnerabilities in specific software
- **Search for specific CVEs** with complete details
- **Aggregate exploits** from Exploit-DB with direct links
- **Find POC repositories** from GitHub with star counts and descriptions
- **Clean terminal output** with color-coded severity levels
- **JSON export** for integration with other tools
- **Intelligent caching** to reduce API calls
- **Rate limit handling** with automatic backoff

## Installation

### From Source

```bash
git clone https://github.com/yourusername/exploit-search.git
cd exploit-search
pip install -e .
```

### From PyPI (coming soon)

```bash
pip install exploit-search
```

## Quick Start

### Search for latest CVEs

```bash
exploit-search latest --days 7 --min-cvss 7.0
```

### Search by keyword

```bash
exploit-search search "apache" --min-cvss 7.0
```

### Search for specific CVE

```bash
exploit-search cve CVE-2021-44228
```

### Search by vendor/product

```bash
exploit-search vendor apache
exploit-search vendor apache log4j
```

### Search for exploits and POCs

```bash
exploit-search exploits "log4j"
exploit-search exploits "rce" --language Python
```

## Commands

### latest

Search for latest critical CVEs from the last N days.

```bash
exploit-search latest [OPTIONS]

Options:
  -d, --days INTEGER       Number of days to look back (default: 7)
  -c, --min-cvss FLOAT     Minimum CVSS score (default: 0.0)
  -f, --format [terminal|json]  Output format (default: terminal)
  --help                   Show help message
```

### search

Search for vulnerabilities by keyword.

```bash
exploit-search search KEYWORD [OPTIONS]

Options:
  -c, --min-cvss FLOAT     Minimum CVSS score (default: 0.0)
  -f, --format [terminal|json]  Output format (default: terminal)
  --help                   Show help message
```

### cve

Search for a specific CVE with complete details.

```bash
exploit-search cve CVE_ID [OPTIONS]

Options:
  -f, --format [terminal|json]  Output format (default: terminal)
  --help                   Show help message
```

### vendor

Search for vulnerabilities by vendor or vendor:product.

```bash
exploit-search vendor VENDOR [PRODUCT] [OPTIONS]

Options:
  -c, --min-cvss FLOAT     Minimum CVSS score (default: 0.0)
  -f, --format [terminal|json]  Output format (default: terminal)
  --help                   Show help message
```

### exploits

Search for exploits and POCs.

```bash
exploit-search exploits KEYWORD [OPTIONS]

Options:
  -l, --language TEXT      Programming language (Python, Go, Bash, etc.)
  -f, --format [terminal|json]  Output format (default: terminal)
  --help                   Show help message
```

### cache

Manage search cache.

```bash
exploit-search cache [OPTIONS]

Options:
  --clear                  Clear the cache
  --help                   Show help message
```

## Usage Examples

### Find critical Apache vulnerabilities with exploits

```bash
exploit-search search "apache" --min-cvss 9.0
```

### Search for Log4j vulnerabilities from the last 30 days

```bash
exploit-search latest --days 30 | grep -i "log4j"
```

### Get JSON output for automation

```bash
exploit-search search "rce" --format json | jq '.vulnerabilities[] | select(.metrics.cvss_v3_score >= 8.0)'
```

### Find Python-based POCs for a specific CVE

```bash
exploit-search exploits "CVE-2021-44228" --language Python
```

### Clear cache and search fresh

```bash
exploit-search cache --clear
exploit-search latest --days 7
```

## Data Sources

### NVD (National Vulnerability Database)

- Official CVE database from NIST
- CVSS scores and severity ratings
- Affected products and configurations
- References and descriptions

### Exploit-DB

- Working exploits and proof-of-concepts
- Shellcodes and payloads
- Platform-specific exploits
- Direct download links

### GitHub

- Open-source POC repositories
- Security tools and utilities
- Community-contributed exploits
- Star counts and activity metrics

## Configuration

### Environment Variables

```bash
# Set NVD API key for higher rate limits (optional)
export NVD_API_KEY="your-api-key"

# Set GitHub token for higher rate limits (optional)
export GITHUB_TOKEN="your-github-token"
```

### Cache Configuration

Cache is stored in `~/.exploit-search-cache/` by default.

- Cache duration: 1 hour (3600 seconds)
- Clear cache: `exploit-search cache --clear`

## Rate Limiting

The tool respects API rate limits from all sources:

- **NVD**: 5 requests per 30 seconds (unauthenticated)
- **Exploit-DB**: 10 requests per minute
- **GitHub**: 60 requests per hour (unauthenticated), 5000/hour (authenticated)

The tool includes automatic backoff and retry logic for rate-limited requests.

## Output Format

### Terminal Output

Color-coded output with:
- CVE ID and description
- CVSS score with severity level
- Publication date
- NVD link
- Affected products
- Known exploits with links
- POC repositories with stars and descriptions

### JSON Output

Complete vulnerability data in JSON format for integration with other tools.

```bash
exploit-search search "apache" --format json
```

## Error Handling

The tool gracefully handles:
- API timeouts and connection errors
- Rate limiting with automatic backoff
- Missing or invalid data
- Network failures

If one source fails, the tool continues with other sources.

## Performance

- **Caching**: Results are cached for 1 hour to reduce API calls
- **Parallel requests**: Concurrent API calls for faster results
- **Pagination**: Handles large result sets efficiently
- **Timeout management**: 30-second timeout per request

## Security

- No credentials stored locally
- API keys passed via environment variables
- HTTPS for all API communications
- No data persistence beyond cache

## Troubleshooting

### No results found

- Try different keywords
- Check internet connectivity
- Clear cache: `exploit-search cache --clear`
- Check API status of sources

### Rate limiting errors

- Wait a few minutes before retrying
- Set API keys for higher limits
- Reduce search frequency

### Slow results

- Results are cached, subsequent searches are faster
- Check internet speed
- Try more specific search terms

## Contributing

Contributions are welcome! Please feel free to submit pull requests or open issues.

## License

MIT License - See LICENSE file for details

## Disclaimer

This tool is for authorized security research and testing only. Unauthorized access to computer systems is illegal. Always obtain proper authorization before conducting security testing.

## Support

For issues, questions, or suggestions, please open an issue on GitHub.

## Changelog

### Version 1.0.0 (Initial Release)

- Initial release with support for NVD, Exploit-DB, and GitHub
- CLI interface with multiple search options
- Terminal and JSON output formats
- Intelligent caching and rate limiting
- Color-coded terminal output