A quick reference guide to using ExploitDB and the searchsploit CLI for it.

Database Sites

ExploitDB tends to me more useful for hackers since it contains actual exploits that can be used directly.

Search ExploitDB from Terminal

Let’s search for an exploit for Fuel CMS using the locally installed ExploitDB:

searchsploit fuel cms
output
----------------------------------------------------------------------------- ---------------------------------
 Exploit Title                                                               |  Path
----------------------------------------------------------------------------- ---------------------------------
fuel CMS 1.4.1 - Remote Code Execution (1)                                   | linux/webapps/47138.py
Fuel CMS 1.4.1 - Remote Code Execution (2)                                   | php/webapps/49487.rb
Fuel CMS 1.4.1 - Remote Code Execution (3)                                   | php/webapps/50477.py
Fuel CMS 1.4.13 - 'col' Blind SQL Injection (Authenticated)                  | php/webapps/50523.txt
Fuel CMS 1.4.7 - 'col' SQL Injection (Authenticated)                         | php/webapps/48741.txt
Fuel CMS 1.4.8 - 'fuel_replace_id' SQL Injection (Authenticated)             | php/webapps/48778.txt
Fuel CMS 1.5.0 - Cross-Site Request Forgery (CSRF)                           | php/webapps/50884.txt
----------------------------------------------------------------------------- ---------------------------------
Shellcodes: No Results

Display Exploit Information

To display the information of a specific exploit, use the -x flag:

searchsploit -x 49487
output
# Title: Fuel CMS 1.4.1 - Remote Code Execution (2)
# Exploit Author: Alexandre ZANNI
# Date: 2020-11-14
# Vendor Homepage: https://www.getfuelcms.com/
# Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1
# Version: <= 1.4.1
# Tested on: Ubuntu 16.04
# CVE : CVE-2018-16763
# References: https://www.exploit-db.com/exploits/47138