Automic VaultAutomic Vault

brew

Install exploitdb with Homebrew, MacPorts, Nix, pacman

Database of public exploits and corresponding vulnerable software. Version 2026-07-08 via Homebrew; verified 2026-07-08.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install exploitdb

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install exploitdb

MacPorts ports tree · security/exploitdb/Portfile · source: api.github.com

Linux

Nixverified · 92%
nix profile install nixpkgs#exploitdb

nixpkgs package indexes · pkgs/by-name/ex/exploitdb/package.nix · source: api.github.com

Arch Linux pacmanverified · 92%
sudo pacman -S exploitdb

Arch Linux sync databases · exploitdb · source: geo.mirror.pkgbuild.com

overview

Package summary

Database of public exploits and corresponding vulnerable software

Commands and aliases

  • searchsploit

history

Project history and usage

Exploit-DB is OffSec's public archive of exploit code, shellcode, papers, and proof-of-concept material for vulnerable software. It is built for penetration testers and vulnerability researchers who need searchable, actionable examples rather than advisory prose.

The Homebrew package is mostly useful because it installs the database and SearchSploit, the command-line tool for querying a local checkout. That makes Exploit-DB one of the rare security datasets that package managers ship as a practical offline research corpus.

Project history

The archive traces back to milw0rm, a public exploit archive started by str0ke in early 2004 after another exploit source moved behind a paid model. OffSec's history page presents milw0rm as a trusted community source because submitted exploits were verified before inclusion.

In July 2009, str0ke announced that milw0rm would close, then said it would continue temporarily because of community demand. OffSec took over the database in November 2009, launched the exploit-db.com domain that month, and continued the service as Exploit-DB.

The current GitLab repository is the official source tree for Exploit-DB exploits and shellcode, with companion repositories for binary exploits and papers. Its README says the repository is updated daily with recent submissions.

Adoption history

Exploit-DB became a standard reference because it preserved working exploit and proof-of-concept material in a searchable form. OffSec describes it as a non-profit public-service project and a CVE-compliant archive intended for penetration testers and vulnerability researchers.

SearchSploit turned the web archive into a local Unix workflow. The official manual documents Kali Linux packaging, Git installation, and Homebrew installation, and notes that the standard Kali GNOME build includes the exploitdb package by default.

How it is used

SearchSploit searches a local copy of Exploit-DB by one or more terms, with options for title-only searches, exact matching, CVE lookup, JSON output, Nmap XML correlation, path lookup, and mirroring selected exploits into a working directory.

The manual emphasizes offline use: a tester can take a local checkout into segregated or air-gapped networks, update it later, and optionally add binary-exploit and papers repositories for more complete local data.

Why package nerds care

Exploit-DB is a package-manager oddity: it is both a command-line program and a frequently updated vulnerability corpus. Installing it with Homebrew or apt gives users a filesystem tree of exploits plus a shell-oriented search interface.

For Unix users, the interesting part is not just the executable but the layout and update behavior: SearchSploit reads CSV indexes, points at exploit/shellcode/paper paths through .searchsploit_rc, and can be kept current through package updates or git.

Timeline

  • 2004: str0ke starts a public exploit archive that becomes milw0rm.
  • 2009-07-08: str0ke announces the site will close.
  • 2009-11-04: OffSec is publicly reported as the group taking over the database.
  • 2009-11-16: The OffSec handover goes live.
  • 2009-11-17: exploit-db.com is set up.
  • 2010: milw0rm closes for good after no longer accepting updates.
  • 2016: SearchSploit users with older Kali packages are directed to update through the traditional package manager before using newer update behavior.

Related projects

  • SearchSploit is the bundled command-line search tool for the local Exploit-DB repository.
  • The Google Hacking Database is maintained by OffSec as an extension of Exploit-DB.
  • exploitdb-bin-sploits and exploitdb-papers are companion repositories for binary exploit files and papers.

security posture

Risk level: red

escape, surveillance, or offensive capability signal.

Risk classifier

red risk · medium confidence · escape-surveillance-offensive

Why

  • escape, surveillance, or offensive capability signal

Signals

  • text:exploit

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
<exploitdb checkout>/.searchsploit_rc

executables

Installed executables

CommandKindExposureNote
searchsploitcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version2026-07-08
manager updated2026-07-08
local dataok
upstreamnot checked
latest detectednot detected

https://www.exploit-db.com/

install metadata

Package metadata

Package keybrew:exploitdb
Version2026-07-08
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/exploitdb
Homepagehttps://www.exploit-db.com/
Repositoryhttps://gitlab.com/exploit-database/exploitdb
Upstream docshttps://gitlab.com/exploit-database/exploitdb
LicenseGPL-2.0-or-later
Source archivehttps://gitlab.com/exploit-database/exploitdb.git
Last updated2026-07-08T03:29:09Z
Pulseupdated
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nameexploitdb
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

exploitdb

nix profile install nixpkgs#exploitdb
  • normalized package name match
  • Matched by: Exploitdb
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/ex/exploitdb/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
pacman95%

exploitdb 20260602-1

Offensive Security’s Exploit Database Archive

https://www.exploit-db.com/

sudo pacman -S exploitdb
  • License: GPL-2.0-or-later
  • Architecture: any
  • 2 optional deps
  • normalized package name match
  • Matched by: Exploitdb
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: exploitdb from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
MacPorts95%

exploitdb

sudo port install exploitdb
  • normalized package name match
  • Matched by: Exploitdb
MacPorts ports tree · api.github.com · MacPorts ports tree: security/exploitdb/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment