Searching exploits - msfconsole

Go back

The first thing you want to do is to find exploits (to perform an attack) or auxiliaries (to see if the target is vulnerable).

Common usages 🪴

msf6> search xxx yyy # search by terms
msf6> search CVE-YEAR-ID # CVE
msf6> search exploit/xxx/yyy/ # module
msf6> search type:exploit [...] # ex: only exploits...
msf6> search cve:year [...] # only disclosed in year

Examples 🔥

msf6> search apache tomcat
msf6> search exploit/linux/local/
msf6> search type:auxiliary cve:2022 wordpress
msf6> search eternalblue pool
#  Name  Disclosure Date  Rank     Check  Description
-  ----  ---------------  ----     -----  -----------
0  exploit/windows/smb/ms17_010_eternalblue  [...]

⚠️ The first column is called module search index, while the second is called module name on this website.

Searching exploits - msfconsole ¶

Searching exploits - msfconsole