SkillAgentSearch skills...

ExploitFinder

๐Ÿ” Advanced Exploit Finder v2.0.0 - Professional vulnerability discovery and exploit research platform with real-time CVE integration, secure API management, and PDF reporting. Features ExploitDB integration, Nmap XML parsing, Vulners API, and enterprise-grade security tools for penetration testers and security researchers.

GenerateConvertImprove

Install / Use

/learn @Dhype7/ExploitFinder
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

๐Ÿ” Advanced Exploit Finder v2.0.0

Professional vulnerability discovery and exploit research platform with real-time CVE integration and secure API management

Created by: Abdullah Ibrahem (Dhype7)
GitHub: @Dhype7
Project: ExploitFinder

Python 3.8+ License: MIT Security Research Root Required Author

๐ŸŽฏ Overview

Advanced Exploit Finder is a comprehensive vulnerability discovery and analysis platform that combines multiple security databases to help security professionals, penetration testers, and researchers identify potential exploits for discovered services and vulnerabilities. Built with security-first principles and enterprise-grade features.

โœจ Key Features

  • ๐Ÿ”Ž Real ExploitDB Integration - Direct searchsploit integration with advanced filtering
  • ๐Ÿ›ก๏ธ Live CVE Database - Real-time NIST NVD API integration with CVSS scoring
  • ๐Ÿ“Š Nmap XML Analysis - Parse scan results and automatically find relevant exploits
  • ๏ฟฝ Vulners API Enhanced - Professional exploit intelligence with encrypted API key storage
  • ๐Ÿ“„ PDF Report Generation - Comprehensive vulnerability reports with professional formatting
  • ๏ฟฝ๐ŸŽฏ Advanced Filtering - Filter by platform, exploit type, severity, and more
  • ๐Ÿ“‹ Multiple Export Formats - JSON, HTML, PDF, and rich terminal tables
  • โšก Preset Filters - Quick access to common vulnerability patterns (critical, RCE, web, etc.)
  • ๏ฟฝ Secure API Management - AES-256 encrypted API key storage with PBKDF2 key derivation
  • ๐Ÿ”ง System Requirements Check - Built-in privilege and dependency validation
  • ๐ŸŽจ Rich CLI Interface - Beautiful terminal output with progress indicators

๐Ÿš€ Quick Start

โšก Global Installation (Recommended)

# Clone the repository
git clone https://github.com/Dhype7/ExploitFinder.git
cd ExploitFinder

# Global installation with sudo (required)
chmod +x install.sh
sudo ./install.sh

The enhanced install.sh script automatically:

  • โœ… Validates Python 3.8+ requirements
  • โœ… Checks system dependencies (nmap, searchsploit)
  • โœ… Creates isolated virtual environment
  • โœ… Installs all Python dependencies
  • โœ… Sets up global commands (exploit-finder and ef)
  • โœ… Creates system-wide executables in /usr/local/bin/
  • โœ… Works from any directory on your system

โœจ After Installation - Use Anywhere!

# Use from any directory - no need to navigate to project folder!
exploit-finder --help               # Main command
ef --help                          # Short alias

# Check system and verify installation
sudo exploit-finder system-check

๐Ÿ” Root Privileges Required

Important: For full functionality, Exploit Finder requires root privileges due to:

  • Network scanning - Nmap requires root for SYN scans and OS detection
  • Raw socket access - Advanced scanning techniques need elevated privileges
  • System file access - Reading certain system configurations
  • Port binding - Some network operations require privileged ports
# Check system requirements and privileges
sudo exploit-finder system-check

# Run with full privileges (recommended)
sudo exploit-finder search "apache" --max 10

# Short alias with sudo
sudo ef search "ssh" --platform linux

Note: Some features like basic ExploitDB searches work without root, but with limited functionality.

Basic Usage

# Check system requirements and privileges
sudo exploit-finder system-check

# Search for exploits (works from any directory!)
sudo exploit-finder search "apache" --max 10
exploit-finder search "ssh" --platform linux    # Some features work without sudo

# Search CVE database  
sudo exploit-finder cve-search --keyword "log4j" --severity critical

# Parse Nmap XML and find exploits
sudo exploit-finder nmap-xml scan_results.xml --format html --output report.html

# Use filter presets with short alias
sudo ef search "windows" --preset critical

# Generate PDF reports
sudo exploit-finder generate-pdf "ssh vulnerabilities" report.pdf

๐Ÿ“– Documentation

Core Commands

๐Ÿ”ง System Management

# Check system requirements and privileges
sudo exploit-finder system-check

# API key management
sudo exploit-finder api-setup vulners
sudo exploit-finder api-list
sudo exploit-finder api-guide vulners

๐Ÿ” Exploit Search

# Basic search
sudo exploit-finder search "ssh"

# Platform-specific search
sudo exploit-finder search "apache" --platform linux --type remote

# Metasploit modules only
sudo exploit-finder search "mysql" --metasploit

# Advanced filtering with short alias
sudo ef search "kernel" --platform linux --type local --cvss-min 7.0

๐Ÿ›ก๏ธ CVE Database Search

# Search by keyword
sudo exploit-finder cve-search --keyword "apache httpd" --max 10

# Search by specific CVE ID
sudo exploit-finder cve-search --id "CVE-2021-44228"

# Filter by severity
sudo ef cve-search --keyword "php" --severity high

# Recent vulnerabilities only
sudo exploit-finder cve-search --keyword "windows" --recent 30

๐Ÿ“Š Nmap XML Integration

# Parse XML and auto-search for exploits
sudo exploit-finder nmap-xml scan_results.xml

# Export to different formats
sudo exploit-finder nmap-xml scan.xml --format json --output results.json
sudo exploit-finder nmap-xml scan.xml --format html --output report.html

# Enhanced with CVE data
sudo ef nmap-xml scan.xml --with-cve --verbose

โšก Filter Presets

# View available presets
exploit-finder presets

# Use presets for quick filtering
sudo exploit-finder search "linux" --preset critical
sudo ef search "php" --preset web
sudo exploit-finder search "windows" --preset rce

๐Ÿ”ง API Management

# Check system requirements and privileges
sudo exploit-finder system-check

# API key management
sudo exploit-finder api-setup
sudo exploit-finder api-list
sudo exploit-finder api-guide

Advanced Features

๐ŸŽฏ Complex Filtering

# Multiple filters combination
exploit-finder search "buffer overflow" \
  --platform windows \
  --type remote \
  --cvss-min 8.0 \
  --verified \
  --max 15

# Title filtering with short alias
ef search "apache" \
  --title-contains "remote" \
  --title-excludes "denial"

๐Ÿ“ค Export Options

# JSON export for automation
exploit-finder search "ssh" --format json --output ssh_exploits.json

# HTML report generation
sudo exploit-finder search "web" --format html --output web_report.html

# Rich terminal tables (default)
ef search "linux" --verbose

๐Ÿงช Testing & Examples

Vulnerable Machine Testing

  1. Setup Metasploitable 2:

    # Download and import to VM
# Default login: msfadmin:msfadmin

  2. Complete scan and analysis:

    # Scan target
nmap -sS -sV -sC -O target_ip -oX scan.xml

# Analyze with exploit finder (works from any directory!)
sudo exploit-finder nmap-xml scan.xml --format html --output full_report.html

  3. Use provided testing scripts:

    # Demo all features
./demo_features.sh

# Complete test with target
./test_all_features.sh <target_ip>

Example Workflow

# 1. Scan target network
nmap -A -p- 192.168.1.0/24 -oX network_scan.xml

# 2. Parse results and find exploits (from any directory!)
sudo exploit-finder nmap-xml network_scan.xml --verbose

# 3. Research specific services
exploit-finder search "apache 2.4.6" --platform linux
sudo exploit-finder cve-search --product "apache httpd" --cvss-min 7.0

# 4. Generate comprehensive report
sudo exploit-finder nmap-xml network_scan.xml \
  --format html \
  --output security_assessment.html \
  --with-cve

# 5. Enhanced research with Vulners API
sudo exploit-finder api-setup vulners  # One-time setup
sudo ef vulners-search "apache" --max 20
sudo exploit-finder generate-pdf "SSH vulnerabilities" enhanced_report.pdf

๐Ÿ” Secure API Management

Exploit Finder v2.0.0 includes enterprise-grade encrypted API key management:

๐ŸŒ Vulners API Integration

# 1. Get FREE Vulners API key from https://vulners.com/
# 2. Secure setup with encryption
sudo exploit-finder api-setup vulners

# 3. Enhanced vulnerability intelligence
sudo exploit-finder vulners-search "log4j" --max 50 --include-cve
sudo ef vulners-search "apache httpd" --type exploit

# 4. Generate enhanced PDF reports
sudo exploit-finder generate-pdf "apache vulnerabilities" \
  --vulners --output enhanced_report.pdf

๐Ÿ”’ Security Features

  • AES-256 Encryption - Military-grade encryption for API keys
  • PBKDF2 Key Derivation - 100,000 iterations for maximum security
  • Local Storage Only - No cloud dependencies, complete privacy
  • Password Protection - Strong password required for key access
  • Secure Prompts - Passwords never logged or displayed
  • Key Preview - Only first 8 characters shown for verification

๐Ÿ“‹ API Management Commands

# Setup new API key (interactive wizard)
sudo exploit-finder api-setup vulners

# List stored API keys (preview only)
sudo exploit-finder api-list

# Delete stored API key
sudo exploit-finder api-delete vulners

# Show API setup guides
sudo exploit-finder api-guide vulners

๐Ÿ—๏ธ Project Structure

exploit-finder/
โ”œโ”€โ”€ install.sh                 # Complete installation script (requires sudo)
โ”œโ”€โ”€ README.md                  # This documentation
โ”œโ”€โ”€ API_MANAGEMENT_GUIDE.md    #

Dhype7

View profile

View on GitHub
GitHub Stars4
CategoryEducation
Updated6mo ago
Forks0
Dhype7/ExploitFinder

Languages

Python

Security Score

62/100

Audited on Sep 27, 2025

No findings