# Install exploitdb with Homebrew, MacPorts, Nix, pacman

Database of public exploits and corresponding vulnerable software. Version 2026-07-08 via Homebrew; verified 2026-07-08.

## Install

```sh
sudo av install brew:exploitdb
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install exploitdb
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install exploitdb
```

  Evidence: MacPorts ports tree: security/exploitdb/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#exploitdb
```

  Evidence: nixpkgs package indexes: pkgs/by-name/ex/exploitdb/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- pacman (92%):

```sh
sudo pacman -S exploitdb
```

  Evidence: Arch Linux sync databases: exploitdb from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

## Package facts

- **Package key:** brew:exploitdb
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/exploitdb>
- **Version:** 2026-07-08
- **Source summary:** Database of public exploits and corresponding vulnerable software
- **Homepage:** <https://www.exploit-db.com/>
- **Repository:** <https://gitlab.com/exploit-database/exploitdb>
- **Upstream docs:** <https://gitlab.com/exploit-database/exploitdb>
- **License:** GPL-2.0-or-later
- **Source archive:** <https://gitlab.com/exploit-database/exploitdb.git>
- **Last updated:** 2026-07-08T03:29:09Z
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- searchsploit (cli)
- searchsploit (alias)

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 2026-07-08
- Package-manager updated: 2026-07-08
- Local data: ok
- Upstream repository: https://www.exploit-db.com/
- info: Release/tag comparison is only available for GitHub repositories.
## Project history and usage

Exploit-DB is OffSec's public archive of exploit code, shellcode, papers, and proof-of-concept material for vulnerable software. It is built for penetration testers and vulnerability researchers who need searchable, actionable examples rather than advisory prose.

The Homebrew package is mostly useful because it installs the database and SearchSploit, the command-line tool for querying a local checkout. That makes Exploit-DB one of the rare security datasets that package managers ship as a practical offline research corpus.

### Project history

The archive traces back to milw0rm, a public exploit archive started by str0ke in early 2004 after another exploit source moved behind a paid model. OffSec's history page presents milw0rm as a trusted community source because submitted exploits were verified before inclusion.

In July 2009, str0ke announced that milw0rm would close, then said it would continue temporarily because of community demand. OffSec took over the database in November 2009, launched the exploit-db.com domain that month, and continued the service as Exploit-DB.

The current GitLab repository is the official source tree for Exploit-DB exploits and shellcode, with companion repositories for binary exploits and papers. Its README says the repository is updated daily with recent submissions.

### Adoption history

Exploit-DB became a standard reference because it preserved working exploit and proof-of-concept material in a searchable form. OffSec describes it as a non-profit public-service project and a CVE-compliant archive intended for penetration testers and vulnerability researchers.

SearchSploit turned the web archive into a local Unix workflow. The official manual documents Kali Linux packaging, Git installation, and Homebrew installation, and notes that the standard Kali GNOME build includes the exploitdb package by default.

### How it is used

SearchSploit searches a local copy of Exploit-DB by one or more terms, with options for title-only searches, exact matching, CVE lookup, JSON output, Nmap XML correlation, path lookup, and mirroring selected exploits into a working directory.

The manual emphasizes offline use: a tester can take a local checkout into segregated or air-gapped networks, update it later, and optionally add binary-exploit and papers repositories for more complete local data.

### Why package nerds care

Exploit-DB is a package-manager oddity: it is both a command-line program and a frequently updated vulnerability corpus. Installing it with Homebrew or apt gives users a filesystem tree of exploits plus a shell-oriented search interface.

For Unix users, the interesting part is not just the executable but the layout and update behavior: SearchSploit reads CSV indexes, points at exploit/shellcode/paper paths through .searchsploit_rc, and can be kept current through package updates or git.

### Timeline

- 2004: str0ke starts a public exploit archive that becomes milw0rm.
- 2009-07-08: str0ke announces the site will close.
- 2009-11-04: OffSec is publicly reported as the group taking over the database.
- 2009-11-16: The OffSec handover goes live.
- 2009-11-17: exploit-db.com is set up.
- 2010: milw0rm closes for good after no longer accepting updates.
- 2016: SearchSploit users with older Kali packages are directed to update through the traditional package manager before using newer update behavior.

### Related projects

- SearchSploit is the bundled command-line search tool for the local Exploit-DB repository.
- The Google Hacking Database is maintained by OffSec as an extension of Exploit-DB.
- exploitdb-bin-sploits and exploitdb-papers are companion repositories for binary exploit files and papers.

### Sources

- <https://www.exploit-db.com/history>
- <https://www.exploit-db.com/>
- <https://gitlab.com/exploit-database/exploitdb>
- <https://www.exploit-db.com/searchsploit>


## Security Notes

escape, surveillance, or offensive capability signal.

- **Geiger risk:** red / medium
- escape, surveillance, or offensive capability signal


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: <exploitdb checkout>/.searchsploit_rc
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** exploitdb
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - exploitdb: normalized package name match | nixpkgs package indexes: pkgs/by-name/ex/exploitdb/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- pacman - exploitdb - 20260602-1: normalized package name match | Arch Linux sync databases: exploitdb from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | Offensive Security’s Exploit Database Archive | https://www.exploit-db.com/
- MacPorts - exploitdb: normalized package name match | MacPorts ports tree: security/exploitdb/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1


## Related links

- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Database and data packages](https://www.automicvault.com/pkg/database-data-tools/) - Matched database, SQL, migration, or data-store metadata.
- [govulncheck](https://www.automicvault.com/pkg/brew/govulncheck/) - Shares av.db curated category or tags: cli, security, vulnerability-database.
- [hydra](https://www.automicvault.com/pkg/brew/hydra/) - Shares av.db curated category or tags: cli, penetration-testing, security.
- [pocsuite3](https://www.automicvault.com/pkg/brew/pocsuite3/) - Shares av.db curated category or tags: cli, penetration-testing, security.
- [sqlmap](https://www.automicvault.com/pkg/brew/sqlmap/) - Shares av.db curated category or tags: cli, penetration-testing, security.
- [theharvester](https://www.automicvault.com/pkg/brew/theharvester/) - Shares av.db curated category or tags: cli, penetration-testing, security.
- [aide](https://www.automicvault.com/pkg/brew/aide/) - Shares av.db curated category or tags: cli, security.
- [aircrack-ng](https://www.automicvault.com/pkg/brew/aircrack-ng/) - Shares av.db curated category or tags: cli, security.
- [amass](https://www.automicvault.com/pkg/brew/amass/) - Shares av.db curated category or tags: cli, security.
- [gnutls](https://www.automicvault.com/pkg/brew/gnutls/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, security.
- [radamsa](https://www.automicvault.com/pkg/brew/radamsa/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, security, testing.
- [bogofilter](https://www.automicvault.com/pkg/brew/bogofilter/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, security.

## Combined YAML source

View the package source record on GitHub. [combined/exploitdb.yml](https://github.com/automic-vault/db/blob/main/combined/exploitdb.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
