## https://sploitus.com/exploit?id=6ED809CB-E6EF-58F5-BD9D-9116013EF1CC
# Exploit Search
A unified vulnerability search tool that aggregates CVE data, exploits, and proof-of-concept code from multiple sources in a single search interface.
## Features
- **Search latest critical CVEs** from the last 7 days with CVSS scores
- **Search CVEs by keyword** across all sources
- **Search by vendor/product** to find vulnerabilities in specific software
- **Search for specific CVEs** with complete details
- **Aggregate exploits** from Exploit-DB with direct links
- **Find POC repositories** from GitHub with star counts and descriptions
- **Clean terminal output** with color-coded severity levels
- **JSON export** for integration with other tools
- **Intelligent caching** to reduce API calls
- **Rate limit handling** with automatic backoff
## Installation
### From Source
```bash
git clone https://github.com/yourusername/exploit-search.git
cd exploit-search
pip install -e .
```
### From PyPI (coming soon)
```bash
pip install exploit-search
```
## Quick Start
### Search for latest CVEs
```bash
exploit-search latest --days 7 --min-cvss 7.0
```
### Search by keyword
```bash
exploit-search search "apache" --min-cvss 7.0
```
### Search for specific CVE
```bash
exploit-search cve CVE-2021-44228
```
### Search by vendor/product
```bash
exploit-search vendor apache
exploit-search vendor apache log4j
```
### Search for exploits and POCs
```bash
exploit-search exploits "log4j"
exploit-search exploits "rce" --language Python
```
## Commands
### latest
Search for latest critical CVEs from the last N days.
```bash
exploit-search latest [OPTIONS]
Options:
-d, --days INTEGER Number of days to look back (default: 7)
-c, --min-cvss FLOAT Minimum CVSS score (default: 0.0)
-f, --format [terminal|json] Output format (default: terminal)
--help Show help message
```
### search
Search for vulnerabilities by keyword.
```bash
exploit-search search KEYWORD [OPTIONS]
Options:
-c, --min-cvss FLOAT Minimum CVSS score (default: 0.0)
-f, --format [terminal|json] Output format (default: terminal)
--help Show help message
```
### cve
Search for a specific CVE with complete details.
```bash
exploit-search cve CVE_ID [OPTIONS]
Options:
-f, --format [terminal|json] Output format (default: terminal)
--help Show help message
```
### vendor
Search for vulnerabilities by vendor or vendor:product.
```bash
exploit-search vendor VENDOR [PRODUCT] [OPTIONS]
Options:
-c, --min-cvss FLOAT Minimum CVSS score (default: 0.0)
-f, --format [terminal|json] Output format (default: terminal)
--help Show help message
```
### exploits
Search for exploits and POCs.
```bash
exploit-search exploits KEYWORD [OPTIONS]
Options:
-l, --language TEXT Programming language (Python, Go, Bash, etc.)
-f, --format [terminal|json] Output format (default: terminal)
--help Show help message
```
### cache
Manage search cache.
```bash
exploit-search cache [OPTIONS]
Options:
--clear Clear the cache
--help Show help message
```
## Usage Examples
### Find critical Apache vulnerabilities with exploits
```bash
exploit-search search "apache" --min-cvss 9.0
```
### Search for Log4j vulnerabilities from the last 30 days
```bash
exploit-search latest --days 30 | grep -i "log4j"
```
### Get JSON output for automation
```bash
exploit-search search "rce" --format json | jq '.vulnerabilities[] | select(.metrics.cvss_v3_score >= 8.0)'
```
### Find Python-based POCs for a specific CVE
```bash
exploit-search exploits "CVE-2021-44228" --language Python
```
### Clear cache and search fresh
```bash
exploit-search cache --clear
exploit-search latest --days 7
```
## Data Sources
### NVD (National Vulnerability Database)
- Official CVE database from NIST
- CVSS scores and severity ratings
- Affected products and configurations
- References and descriptions
### Exploit-DB
- Working exploits and proof-of-concepts
- Shellcodes and payloads
- Platform-specific exploits
- Direct download links
### GitHub
- Open-source POC repositories
- Security tools and utilities
- Community-contributed exploits
- Star counts and activity metrics
## Configuration
### Environment Variables
```bash
# Set NVD API key for higher rate limits (optional)
export NVD_API_KEY="your-api-key"
# Set GitHub token for higher rate limits (optional)
export GITHUB_TOKEN="your-github-token"
```
### Cache Configuration
Cache is stored in `~/.exploit-search-cache/` by default.
- Cache duration: 1 hour (3600 seconds)
- Clear cache: `exploit-search cache --clear`
## Rate Limiting
The tool respects API rate limits from all sources:
- **NVD**: 5 requests per 30 seconds (unauthenticated)
- **Exploit-DB**: 10 requests per minute
- **GitHub**: 60 requests per hour (unauthenticated), 5000/hour (authenticated)
The tool includes automatic backoff and retry logic for rate-limited requests.
## Output Format
### Terminal Output
Color-coded output with:
- CVE ID and description
- CVSS score with severity level
- Publication date
- NVD link
- Affected products
- Known exploits with links
- POC repositories with stars and descriptions
### JSON Output
Complete vulnerability data in JSON format for integration with other tools.
```bash
exploit-search search "apache" --format json
```
## Error Handling
The tool gracefully handles:
- API timeouts and connection errors
- Rate limiting with automatic backoff
- Missing or invalid data
- Network failures
If one source fails, the tool continues with other sources.
## Performance
- **Caching**: Results are cached for 1 hour to reduce API calls
- **Parallel requests**: Concurrent API calls for faster results
- **Pagination**: Handles large result sets efficiently
- **Timeout management**: 30-second timeout per request
## Security
- No credentials stored locally
- API keys passed via environment variables
- HTTPS for all API communications
- No data persistence beyond cache
## Troubleshooting
### No results found
- Try different keywords
- Check internet connectivity
- Clear cache: `exploit-search cache --clear`
- Check API status of sources
### Rate limiting errors
- Wait a few minutes before retrying
- Set API keys for higher limits
- Reduce search frequency
### Slow results
- Results are cached, subsequent searches are faster
- Check internet speed
- Try more specific search terms
## Contributing
Contributions are welcome! Please feel free to submit pull requests or open issues.
## License
MIT License - See LICENSE file for details
## Disclaimer
This tool is for authorized security research and testing only. Unauthorized access to computer systems is illegal. Always obtain proper authorization before conducting security testing.
## Support
For issues, questions, or suggestions, please open an issue on GitHub.
## Changelog
### Version 1.0.0 (Initial Release)
- Initial release with support for NVD, Exploit-DB, and GitHub
- CLI interface with multiple search options
- Terminal and JSON output formats
- Intelligent caching and rate limiting
- Color-coded terminal output