Exploit Database 2022 Update

Nov 10, 2022
The Offensive Security Team

The Offensive Security Team

Content Team

It’s been a minute since we last talked about Exploit Database, one of our community projects. Today we are excited to announce new updates!

Here are the highlights of this Exploit-DB update: 

 

Exploit-DB Full Dump

Previously, when we were distributing the database dump, the main “content” of each exploit and the “metadata” was reserved for “EDB Partners.” 

However, as of today, this is changing. We are giving everything away!

The extra values included are:

    • Aliases – Other names of identifying the item
    • Application URL – A link to the mirror of the setup file
    • CVE – A method of identifying vulnerabilities
    • Date Added – When was it added to EDB (rather than when the code was created)
    • Date Updated – When was it last updated on EDB
    • Screenshot URL – A link to our screenshot as proof
    • Source URL – Where the code came from (aka upstream)
    • Tags – Grouping items together
    • Verified – Has the EDB team confirmed the exploit works?

CVEs

This update includes the highly requested “Common Vulnerabilities and Exposures (CVE)” values for exploits. A “CVE” is a way of identifying vulnerabilities and has become the “industry standard” – for better or worse, but that’s a conversation for another day.

We have also updated SearchSploit to allow for searching for CVEs:

 

 

Google Hacking Database (GHDB) Full Dump

​We are now also sharing the GHDB database with you! Currently, it is in a different format (XML rather than CSV & TXT), but like EDB, it should be a complete dump.

We have yet to generate a tool like SearchSploit to handle GHDB, so we are calling the community to develop the official tool! The tool can either be another stand-alone or extend SearchSploit functionally. If if you are up for the challenge, then please open up a merge request.

New Home

Previously, we were on GitHub. However, Exploit-DB is now completely moved to GitLab. Kali Linux did it a while ago, and we’re following suit.

Future Plans

For 2023, we are hoping to introduce more new features. We often see people opening up pull/merge requests to either update or add code. However, we are dumping our database. Thus it is one direction only. We are working on a system to become bi-directional, allowing for edits to happen via Git.

Furthermore, we’re looking at refreshing Google Hacking Database to be more of a “dork database,” so the naming allows for more excellent coverage of other services.

Until the next update – happy sploit’ing!