Top Related Projects
The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb
Metasploit Framework
linux-kernel-exploits Linux平台提权漏洞集合
windows-kernel-exploits Windows平台提权漏洞集合
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Quick Overview
Getsploit is a command-line search tool for the Vulners.com database, allowing users to search for and download exploits directly from the terminal. It provides a simple interface to access a vast collection of security-related content, including exploits, vulnerabilities, and security articles.
Pros
- Easy-to-use command-line interface for quick exploit searches
- Integrates with the extensive Vulners.com database
- Supports downloading of exploit code directly from the terminal
- Offers flexible search options and filtering capabilities
Cons
- Requires an internet connection to function
- Limited to the content available in the Vulners.com database
- May require additional setup for some users (Python environment, API key)
- Could potentially be misused for malicious purposes if not handled responsibly
Code Examples
# Search for exploits related to Apache
getsploit.py Apache
# Search for a specific CVE
getsploit.py CVE-2017-0144
# Download a specific exploit by its ID
getsploit.py -m download -i 7611851
# Search with advanced filtering
getsploit.py -t exploit_id,bulletinFamily,title,cvss,published,type,sourceData Apache httpd
# Display full information about exploits
getsploit.py -f Apache Struts
# Use JSON output for integration with other tools
getsploit.py --json Apache Tomcat
Getting Started
-
Clone the repository:
git clone https://github.com/vulnersCom/getsploit.git -
Install the required dependencies:
pip install -r requirements.txt -
(Optional) Set up your Vulners API key:
export VULNERS_API_KEY=your_api_key_here -
Run getsploit:
python getsploit.py [search_term]
For more advanced usage and options, refer to the project's README file.
Competitor Comparisons
The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb
Pros of ExploitDB
- Larger and more comprehensive database of exploits
- Regularly updated with new exploits and vulnerabilities
- Includes additional tools like searchsploit for offline searching
Cons of ExploitDB
- Requires more storage space due to its larger database
- May include older or less relevant exploits
- Can be overwhelming for users looking for specific exploits
Code Comparison
Getsploit (Python):
def search_sploit(search_request):
url = "https://vulners.com/api/v3/search/lucene/"
headers = {"User-Agent": USER_AGENT}
data = {"query": search_request, "type": "exploitdb"}
response = requests.post(url, headers=headers, json=data)
return response.json()
ExploitDB (Shell):
searchsploit() {
if [ $# -eq 0 ]; then
echo "Usage: searchsploit [options] <search term>"
return 1
fi
/usr/share/exploitdb/searchsploit "$@"
}
The code comparison shows that Getsploit uses a Python function to search for exploits via an API, while ExploitDB utilizes a shell function to search locally using the searchsploit tool. This reflects the different approaches of the two projects, with Getsploit focusing on online searching and ExploitDB providing offline capabilities.
Metasploit Framework
Pros of Metasploit-framework
- Comprehensive exploitation framework with a vast array of modules and payloads
- Active community and regular updates
- Extensive documentation and support resources
Cons of Metasploit-framework
- Steeper learning curve for beginners
- Larger footprint and more complex setup process
- May be overkill for simple vulnerability scanning tasks
Code Comparison
Metasploit-framework (Ruby):
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS 192.168.1.100
set PAYLOAD windows/x64/meterpreter/reverse_tcp
exploit
Getsploit (Python):
from getsploit import search_exploits
results = search_exploits("ms17-010")
for exploit in results:
print(exploit.title, exploit.description)
Key Differences
- Metasploit-framework is a full-featured exploitation toolkit, while Getsploit focuses on exploit searching and information retrieval
- Metasploit-framework requires more setup and resources, whereas Getsploit is lightweight and easy to integrate into existing workflows
- Metasploit-framework offers hands-on exploitation capabilities, while Getsploit primarily serves as an information gathering tool
Both tools serve different purposes in the security ecosystem, with Metasploit-framework being more suitable for comprehensive penetration testing and Getsploit excelling at quick exploit discovery and research.
linux-kernel-exploits Linux平台提权漏洞集合
Pros of linux-kernel-exploits
- Focused specifically on Linux kernel exploits, providing a curated collection
- Includes detailed information and usage instructions for each exploit
- Regularly updated with new kernel vulnerabilities
Cons of linux-kernel-exploits
- Limited to Linux kernel exploits only, not covering other platforms or software
- Requires manual browsing and searching through the repository
- May lack some features for easy integration into security tools
Code Comparison
linux-kernel-exploits:
# Example usage of a Linux kernel exploit
./exploit
[*] Linux kernel exploit for CVE-20XX-XXXX
[*] Targeting kernel version 4.X.X
[+] Exploit successful, enjoy root privileges!
getsploit:
# Example usage of getsploit
from getsploit import Getsploit
gs = Getsploit()
results = gs.search("linux kernel")
for exploit in results:
print(exploit.title, exploit.description)
getsploit offers a more programmatic approach to searching and retrieving exploit information, while linux-kernel-exploits provides ready-to-use exploit code specifically for Linux kernels. The choice between them depends on the user's specific needs and workflow preferences.
windows-kernel-exploits Windows平台提权漏洞集合
Pros of windows-kernel-exploits
- Focused specifically on Windows kernel exploits, providing a curated collection
- Includes pre-compiled executables for easier testing and deployment
- Organizes exploits by Windows version, facilitating targeted research
Cons of windows-kernel-exploits
- Limited to Windows kernel exploits, lacking broader vulnerability coverage
- Less frequently updated compared to getsploit
- Doesn't provide a search functionality or API for programmatic access
Code comparison
windows-kernel-exploits (PowerShell script example):
$ErrorActionPreference = "Stop"
$OSVersion = (Get-WmiObject Win32_OperatingSystem).Version
$Architecture = (Get-WmiObject Win32_OperatingSystem).OSArchitecture
getsploit (Python script example):
import sys
import requests
from terminaltables import AsciiTable
API_URL = "https://vulners.com/api/v3/search/lucene/"
windows-kernel-exploits focuses on providing ready-to-use exploit code and binaries for Windows kernel vulnerabilities, while getsploit offers a broader search capability for various vulnerabilities across multiple platforms. The code examples reflect their different approaches, with windows-kernel-exploits using PowerShell for Windows-specific tasks and getsploit utilizing Python for API interactions and data presentation.
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
Pros of PoC-in-GitHub
- Comprehensive collection of PoC exploits organized by CVE
- Regular updates with new exploits and vulnerabilities
- Easy-to-navigate structure with links to original sources
Cons of PoC-in-GitHub
- Lacks a command-line interface for searching and retrieving exploits
- No built-in functionality for exploit verification or testing
- Requires manual browsing and downloading of exploit code
Code Comparison
Getsploit offers a Python-based command-line interface:
from getsploit import GSF
gsf = GSF()
results = gsf.search("CVE-2021-44228")
for exploit in results:
print(exploit.description)
PoC-in-GitHub doesn't provide a direct code interface, but users can clone the repository and access exploits manually:
git clone https://github.com/nomi-sec/PoC-in-GitHub.git
cd PoC-in-GitHub
ls -l CVE-2021-44228
Both repositories serve as valuable resources for security researchers and penetration testers, with Getsploit offering more programmatic access and PoC-in-GitHub providing a wider range of exploits in a well-organized structure.
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Pros of nuclei-templates
- Larger and more diverse collection of templates for various vulnerabilities and misconfigurations
- Regularly updated with community contributions, ensuring coverage of new threats
- Designed for use with Nuclei, a powerful and flexible scanning engine
Cons of nuclei-templates
- Requires familiarity with Nuclei's syntax and usage
- May include more false positives due to the broad range of templates
- Larger repository size, which can be overwhelming for beginners
Code Comparison
nuclei-templates:
id: example-vulnerability
info:
name: Example Vulnerability
severity: high
requests:
- method: GET
path: /vulnerable-endpoint
getsploit:
from getsploit import search_exploits
results = search_exploits("example vulnerability")
for exploit in results:
print(exploit.title, exploit.description)
Summary
nuclei-templates offers a comprehensive set of templates for vulnerability scanning, while getsploit focuses on searching and retrieving exploit information. nuclei-templates is more suited for active scanning and testing, whereas getsploit is primarily a tool for researching and retrieving exploit data. The choice between the two depends on the specific use case and the user's familiarity with the respective tools and ecosystems.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
getsploit
Description
Inspired by searchsploit, it combines two features: command line search and download tool. It allows you to search online for the exploits across all the most popular collections: Exploit-DB, Metasploit, Packetstorm and others. The most powerful feature is immediate exploit source download right in your working path.
Python version
Utility was tested on python2.7, python3.8+ with SQLite FTS4 support. If you have found any bugs, don't hesitate to create an issue
How to use
Install: pip install getsploit
Obtain Vulners API key
Please, register at Vulners website. Go to the personal menu by clicking on your name in the right top corner. Follow "API KEYS" tab. Generate API key with scope "api" and use it with the getsploit.
Search
# pip install getsploit
# getsploit wordpress 4.7.0
Total found exploits: 8
Web-search URL: https://vulners.com/search?query=bulletinFamily%3Aexploit%20AND%20wordpress%204.7.0
+----------------------+--------------------------------+----------------------------------------------------+
| ID | Exploit Title | URL |
+======================+================================+====================================================+
| PACKETSTORM:141039 | WordPress 4.7.0 / 4.7.1 Insert | https://vulners.com/packetstorm/PACKETSTORM:141039 |
| | PHP Code Injection | |
+----------------------+--------------------------------+----------------------------------------------------+
| EDB-ID:41308 | WordPress 4.7.0/4.7.1 Plugin | https://vulners.com/exploitdb/EDB-ID:41308 |
| | Insert PHP - PHP Code | |
| | Injection | |
+----------------------+--------------------------------+----------------------------------------------------+
| EDB-ID:41223 | WordPress 4.7.0/4.7.1 - | https://vulners.com/exploitdb/EDB-ID:41223 |
| | Unauthenticated Content | |
| | Injection (PoC) | |
+----------------------+--------------------------------+----------------------------------------------------+
| PACKETSTORM:140893 | WordPress 4.7.0 / 4.7.1 REST | https://vulners.com/packetstorm/PACKETSTORM:140893 |
| | API Privilege Escalation | |
+----------------------+--------------------------------+----------------------------------------------------+
| PACKETSTORM:140902 | WordPress 4.7.0 / 4.7.1 | https://vulners.com/packetstorm/PACKETSTORM:140902 |
| | Content Injection / Code | |
| | Execution | |
+----------------------+--------------------------------+----------------------------------------------------+
| PACKETSTORM:140901 | WordPress 4.7.0 / 4.7.1 | https://vulners.com/packetstorm/PACKETSTORM:140901 |
| | Content Injection Proof Of | |
| | Concept | |
+----------------------+--------------------------------+----------------------------------------------------+
| EDB-ID:41224 | WordPress 4.7.0/4.7.1 - | https://vulners.com/exploitdb/EDB-ID:41224 |
| | Unauthenticated Content | |
| | Injection Arbitrary Code | |
| | Execution | |
+----------------------+--------------------------------+----------------------------------------------------+
| SSV-92637 | WordPress REST API content | https://vulners.com/seebug/SSV-92637 |
| | injection | |
+----------------------+--------------------------------+----------------------------------------------------+
Save exploit files
# getsploit -m wordpress 4.7.0
Total found exploits: 8
Web-search URL: https://vulners.com/search?query=bulletinFamily%3Aexploit%20AND%20wordpress%204.7.0
+----------------------+--------------------------------+----------------------------------------------------+
| ID | Exploit Title | URL |
+======================+================================+====================================================+
| PACKETSTORM:141039 | WordPress 4.7.0 / 4.7.1 Insert | https://vulners.com/packetstorm/PACKETSTORM:141039 |
| | PHP Code Injection | |
+----------------------+--------------------------------+----------------------------------------------------+
| EDB-ID:41308 | WordPress 4.7.0/4.7.1 Plugin | https://vulners.com/exploitdb/EDB-ID:41308 |
| | Insert PHP - PHP Code | |
| | Injection | |
+----------------------+--------------------------------+----------------------------------------------------+
| EDB-ID:41223 | WordPress 4.7.0/4.7.1 - | https://vulners.com/exploitdb/EDB-ID:41223 |
| | Unauthenticated Content | |
| | Injection (PoC) | |
+----------------------+--------------------------------+----------------------------------------------------+
| PACKETSTORM:140893 | WordPress 4.7.0 / 4.7.1 REST | https://vulners.com/packetstorm/PACKETSTORM:140893 |
| | API Privilege Escalation | |
+----------------------+--------------------------------+----------------------------------------------------+
| PACKETSTORM:140902 | WordPress 4.7.0 / 4.7.1 | https://vulners.com/packetstorm/PACKETSTORM:140902 |
| | Content Injection / Code | |
| | Execution | |
+----------------------+--------------------------------+----------------------------------------------------+
| PACKETSTORM:140901 | WordPress 4.7.0 / 4.7.1 | https://vulners.com/packetstorm/PACKETSTORM:140901 |
| | Content Injection Proof Of | |
| | Concept | |
+----------------------+--------------------------------+----------------------------------------------------+
| EDB-ID:41224 | WordPress 4.7.0/4.7.1 - | https://vulners.com/exploitdb/EDB-ID:41224 |
| | Unauthenticated Content | |
| | Injection Arbitrary Code | |
| | Execution | |
+----------------------+--------------------------------+----------------------------------------------------+
| SSV-92637 | WordPress REST API content | https://vulners.com/seebug/SSV-92637 |
| | injection | |
+----------------------+--------------------------------+----------------------------------------------------+
# ls
LICENSE README.md getsploit.py wordpress-470
# cd wordpress-470
# ls
edb-id41223.txt edb-id41224.txt edb-id41308.txt packetstorm140893.txt packetstorm140901.txt packetstorm140902.txt packetstorm141039.txt ssv-92637.txt
Local database
If your Python supports sqlite3 lib(builtin) you can use --update and --local commands to download whole exploit database to your PC. After update you can perform local offline searches.
# getsploit --update
Downloading getsploit database archive. Please wait, it may take time. Usually around 5-10 minutes.
219642496/219642496 [100.00%]
Unpacking database.
Database download complete. Now you may search exploits using --local key './getsploit.py -l wordpress 4.7'
Top Related Projects
The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb
Metasploit Framework
linux-kernel-exploits Linux平台提权漏洞集合
windows-kernel-exploits Windows平台提权漏洞集合
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot