diff --git a/README.md b/README.md index e20bd09ee..dd31f6c27 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ For more information, please see the **[SearchSploit manual](https://www.exploit ## Usage/Example ``` -root@kali:~# searchsploit -h +kali@kali:~$ searchsploit -h Usage: searchsploit [options] term1 [term2] ... [termN] ========== @@ -39,7 +39,7 @@ root@kali:~# searchsploit -h searchsploit afd windows local searchsploit -t oracle windows searchsploit -p 39446 - searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/" + searchsploit linux kernel 3.2 -s --exclude="(PoC)|/dos/" searchsploit linux reverse password For more examples, see the manual: https://www.exploit-db.com/searchsploit @@ -47,34 +47,49 @@ root@kali:~# searchsploit -h ========= Options ========= - -c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe). - -e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"]. - -h, --help Show this help screen. - -j, --json [Term] Show result in JSON format. - -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory. - -o, --overflow [Term] Exploit titles are allowed to overflow their columns. - -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible). - -t, --title [Term] Search JUST the exploit title (Default is title AND the file's path). - -u, --update Check for and install any exploitdb package updates (deb or git). - -w, --www [Term] Show URLs to Exploit-DB.com rather than the local path. - -x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER. - --colour Disable colour highlighting in search results. - --id Display the EDB-ID value rather than local path. - --nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml). - Use "-v" (verbose) to try even more combinations - --exclude="term" Remove values from results. By using "|" to separate, you can chain multiple values. - e.g. --exclude="term1|term2|term3". +## Search Terms + -c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe) + -e, --exact [Term] Perform an EXACT & order match on exploit title (Default is an AND match on each term) [Implies "-t"] + e.g. "WordPress 4.1" would not be detect "WordPress Core 4.1") + -s, --strict Perform a strict search, so input values must exist, disabling fuzzy search for version range + e.g. "1.1" would not be detected in "1.0 < 1.3") + -t, --title [Term] Search JUST the exploit title (Default is title AND the file's path) + --exclude="term" Remove values from results. By using "|" to separate, you can chain multiple values + e.g. --exclude="term1|term2|term3" + +## Output + -j, --json [Term] Show result in JSON format + -o, --overflow [Term] Exploit titles are allowed to overflow their columns + -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible) + -v, --verbose Display more information in output + -w, --www [Term] Show URLs to Exploit-DB.com rather than the local path + --id Display the EDB-ID value rather than local path + --colour Disable colour highlighting in search results + +## Non-Searching + -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory + -x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER + +## Non-Searching + -h, --help Show this help screen + -u, --update Check for and install any exploitdb package updates (brew, deb & git) + +## Automation + --nmap [file.xml] Checks all results in Nmap's XML output with service version + e.g.: nmap [host] -sV -oX file.xml ======= Notes ======= - * You can use any number of search terms. - * Search terms are not case-sensitive (by default), and ordering is irrelevant. - * Use '-c' if you wish to reduce results by case-sensitive searching. - * And/Or '-e' if you wish to filter results by using an exact match. - * Use '-t' to exclude the file's path to filter the search results. - * Remove false positives (especially when searching using numbers - i.e. versions). - * When updating or displaying help, search terms will be ignored. + * You can use any number of search terms + * By default, search terms are not case-sensitive, ordering is irrelevant, and will search between version ranges + * Use '-c' if you wish to reduce results by case-sensitive searching + * And/Or '-e' if you wish to filter results by using an exact match + * And/Or '-s' if you wish to look for an exact version match + * Use '-t' to exclude the file's path to filter the search results + * Remove false positives (especially when searching using numbers - i.e. versions) + * When using '--nmap', adding '-v' (verbose), it will search for even more combinations + * When updating or displaying help, search terms will be ignored root@kali:~# root@kali:~# searchsploit afd windows local @@ -117,13 +132,13 @@ You can find a **more in-depth guide in the [SearchSploit manual](https://www.ex Exploit-DB/SearchSploit is already packaged inside of Kali-Linux. A method of installation is: ``` -root@kali:~# apt -y install exploitdb +kali@kali:~$ sudo apt -y install exploitdb ``` _NOTE: Optional is to install the additional packages:_ ``` -root@kali:~# apt -y install exploitdb-bin-sploits exploitdb-papers +kali@kali:~$ sudo apt -y install exploitdb-bin-sploits exploitdb-papers ``` **Git**