How to search exploits in metasploit?

Metasploit was created by H. D. Moore in 2003 as a portable network tool using Perl. By 2007, the Metasploit Framework had been completely rewritten in Ruby. How to search exploits in metasploit - blackMORE Ops - 2On October 21, 2009, the Metasploit Project announced that it had been acquired by Rapid7, a security company that provides unified vulnerability management solutions. Metasploit’s emerging position as the de facto exploit development framework led to the release of software vulnerability advisories often accompanied by a third party Metasploit exploit module that highlights the exploitability, risk and remediation of that particular bug. Metasploit 3.0 began to include fuzzing tools, used to discover software vulnerabilities, rather than just exploits for known bugs. This avenue can be seen with the integration of the lorcon wireless (802.11) toolset into Metasploit 3.0 in November 2006. Metasploit 4.0 was released in August 2011. In this guide we will look into the most important part of using Metasploit, how to search exploits within it! Yeah, like it or not, if you can’t search, then you got nada!


How many of you used searchsploit in Kali Linux? It’s a nice tool that updates and downloads exploits often. I use it quite extensively along with MetaSploit.

Use searchsploit to search specific exploits. You can use it like this:

root@kali:~# searchsploit wordpress denial
 Description                                 |  Path
WordPress <=4.0 Denial of Service Exploit    | /php/webapps/35413.php
Wordpress < 4.0.1 - Denial of Service        | /php/webapps/35414.txt

wordpress-40-denial-of-service-proof-of-concept-explained - blackMORE Ops - 2

Just in case you want to search something else, you -h and it shows the help menu. Now help yourself to find more vulnerabilities.

searchsploit Help Menu - Click to expand

root@kali:~# searchsploit -h
Usage  : searchsploit [OPTIONS] term1 [term2] ... [termN]
Example: searchsploit oracle windows local

 -c         - Perform case-sensitive searches; by default,
              searches will try to be greedy
 -v         - By setting verbose output, description lines
              are allowed to overflow their columns
 -h, --help - Show help screen

 - Use any number of search terms you would like (minimum: 1)
 - Search terms are not case sensitive, and order is irrelevant


wordpress-40-denial-of-service-proof-of-concept-explained - blackMORE Ops - 3

Pretty easy way to search exploits actually if you don’t want to learn metasploit search options. Do share if you think it helped.

Check Also

Install, setup, configure and run OpenVAS on Kali Linux - blackMORE Ops - 13

Install, setup, configure and run OpenVAS on Kali Linux

Vulnerability scanning is a crucial phase of a penetration test and having an updated vulnerability …

Correct way of installing VirtualBox Guest Additions in Kali Linux 2016.2/2017 (Kali Rolling)

How to install VirtualBox Guest Additions in Kali Linux (Kali Rolling / Kali Linux 2016.2 / Kali 2017)

Since Kali Linux 2016 came out (also known as Kali Rolling), it seems that Official …

One comment

  1. Thanks . That was very helpful .

Use, Twitter, Facebook, or Google+ accounts to comment (anonymous comments allowed). Leave your solution to help others.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Privacy Policy on Cookies Usage

Some services used in this site uses cookies to tailor user experience or to show ads.