Searching exploits - msfconsole
The first thing you want to do is to find exploits (to perform an attack) or auxiliaries (to see if the target is vulnerable).
Common usages πͺ΄
msf6> search xxx yyy # search by terms
msf6> search CVE-YEAR-ID # CVE
msf6> search exploit/xxx/yyy/ # module
msf6> search type:exploit [...] # ex: only exploits...
msf6> search cve:year [...] # only disclosed in year
Examples π₯
msf6> search apache tomcat
msf6> search exploit/linux/local/
msf6> search type:auxiliary cve:2022 wordpress
msf6> search eternalblue pool
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 exploit/windows/smb/ms17_010_eternalblue [...]
β οΈ The first column is called module search index, while the second is called module name on this website.