来源:【exploit-db】
Table of Contents
- What is SearchSploit?
- How to Install SearchSploit
- Keeping SearchSploit Up-to-Date
- Using SearchSploit
Last Updated: 15-June-2017 (Offline PDF version)
What is SearchSploit?
Included in our Exploit Database repository on GitHub is “searchsploit”, a command line search tool for Exploit-DB that also allows you to take a copy of Exploit Database with you, everywhere you go. SearchSploit gives you the power to perform detailed off-line searches through your locally checked-out copy of the repository. This capability is particularly useful for security assessments on segregated or air-gapped networks without Internet access.
Many exploits contain links to binary files that are not included in the standard repository but can be found in our Exploit Database Binary Exploits repository instead. If you anticipate you will be without Internet access on an assessment, ensure you check out both repositories for the most complete set of data.
Note, The name of this utility is SearchSploit and as its name indicates, it will search for all exploits and shellcode. It will not include any results for Papers and Google Hacking Database.
我们GitHub上的漏洞数据库仓库中包含有“searchsploit”,一个Exploit-DB的命令行搜索工具,利用这个工具你可以在任何地方把漏洞利用数据库拷贝下来。searchsploit能让你通过本地检出的仓库副本进行详细的离线搜索。这种能力在没有网络接口的隔离或者气隙网络(用不联网)环境下的安全评估非常有用。 许多漏洞包含了二进制文件的链接,这些文件在标准仓库中没有,但是在我们的漏洞数据库二进制漏洞仓库中可以找到。如果你预料到你将会在没有网络接口的环境下做评估,请确保检查两个数据仓库,以获得最完整的数据。 注意,这个实用工具的名字是SearchSploit ,就像它名字暗示的(顾名思义),它将搜索所有的漏洞和利用代码。它不包含任何论文或者Google Hacking Database的结果。