Docs · Tools
Exploit Lookup
A fast bridge from a finding to its public exploit references. Search Exploit-DB by product and version to understand real-world risk and prioritize patching. It only looks things up — it never runs anything.
- Category
- Offensive (authorized) · read-only
- Powered by
searchsploit (Exploit-DB)- Edition
- Pro
- Where
- Desktop → Exploit Lookup tab
What it does
Exploit Lookup wraps searchsploit to query the offline Exploit-DB catalog. Type a product (and optionally a version) and it lists matching public proof-of-concept entries with their EDB IDs and paths — turning a vague vulnerability into a concrete “there is a known exploit for this” signal.
Reference, not a weapon. This tool does not run exploits. It surfaces references so you can assess severity and patch faster. Treat results as risk intelligence for defenders.
How to use it
1
Search a product
Enter the software name as it appears in your inventory or a scan finding.
text
Query: vsftpd 2.3.4
Query: apache 2.4
Query: log4j2
Scan the matches
Review the returned titles, EDB IDs, and types (remote, local, webapps, dos).
3
Prioritize remediation
If a public exploit exists for something you run, raise its patch priority and cross-check the
Patch Advisor tool.Modes & options
- By product — broad search across a software name.
- By product + version — narrow to exploits affecting your exact version.
- Read-only — output is a reference list; nothing is executed.
What you get
A list of matching Exploit-DB entries (title, EDB-ID, type, path). Use it to confirm a CVE is weaponized in the wild and to justify urgent patching to stakeholders.
Tips
- Pair with
Vulnerability ScannerandAsset Inventory: scan → identify versions → look up exploits. - A match is a prioritization signal, not proof of compromise — verify exposure before acting.
Authorized use only. Exploit Lookup is a read-only reference for defensive prioritization and authorized testing. Acting on exploit references against systems you do not own is illegal.