Exploit Database (EDB)

Overview

The Exploit Database (EDB or ExploitDB) is a free, publicly accessible archive of exploits, shellcode, proof-of-concept code, and security research papers, maintained as a non-profit community service by OffSec (formerly Offensive Security), the information security training company behind Kali Linux and the OSCP certification. It is the largest and most widely used public repository of its kind: a CVE-compliant reference spanning exploits for every major operating system and platform from 1988 to the present, searchable online at exploit-db.com and offline via the bundled command-line tool SearchSploit. The database is populated through direct community submissions, mailing list monitoring, and curated additions by the OffSec team, and is released in full as a publicly downloadable data dump on GitLab under the GNU General Public License v2. Unlike advisory databases — which describe vulnerabilities in abstract terms — the Exploit Database is a repository of working, ready-to-run exploit code and proof-of-concepts, making it distinctively useful to practitioners who need to verify vulnerabilities, test defences, or understand attack mechanics in detail.

History and Founding

The Exploit Database's lineage traces to the hacker group milw0rm, which split up in 1998. One of its leaders, known as str0ke, started a public exploit archive in early 2004 after the French security resource FrSIRT switched from a free to a paid model. Str0ke ran milw0rm as a rigorous, curated repository: every exploit was verified before being added, and the site rapidly became the trusted reference for the security research community. As its reputation grew, so did the volume of submissions and the maintenance burden on str0ke alone. In July 2009, str0ke announced he was shutting the site down — a statement that caused immediate alarm across the security community, given how many researchers, penetration testers, and defenders relied on it daily. In response to an outpouring of demand, he reversed course the next day, agreeing to continue temporarily while seeking someone to take over. OffSec, which had been operating since around 2006 under co-founder Mati Aharoni and had already developed BackTrack Linux and the OSCP penetration testing certification, was the group he chose. The handover was publicly confirmed on 4 November 2009. OffSec rebuilt and relaunched the archive as the Exploit Database, preserving the milw0rm data, adding its own exploits, and opening for new community submissions. The OSCP certification's hands-on, exploitation-focused philosophy made OffSec a natural steward — a company that both used exploit knowledge intensively in its training and had a principled commitment to sharing that knowledge freely with the community.

Collections and Content

Exploits. The core collection: working exploit code and proof-of-concepts (PoCs) for known vulnerabilities in software and hardware across all major platforms — Linux, Windows, macOS, Android, iOS, BSD variants, Solaris, network appliances, embedded systems, and more. Exploits are categorised by type (remote, local, web application, denial of service, hardware) and by platform, and are indexed by the assigned EDB-ID number. CVE cross-references, added in the 2022 update, allow practitioners to search by CVE identifier and to map between EDB entries and the wider CVE ecosystem. The collection spans entries from 1988 to the present day.

Google Hacking Database (GHDB). A curated index of search engine queries — called "dorks" — designed to locate sensitive information inadvertently exposed on the public internet. The concept was pioneered by security researcher Johnny Long starting around 2000, who catalogued these queries and popularised them through his book Google Hacking For Penetration Testers and a famous presentation at DEF CON 13. Long coined the term "Googledork" to describe not a Google flaw but a misconfiguration on the part of users or software, and the GHDB became the standard reference for this reconnaissance technique. After nearly a decade of community development, Long transferred the GHDB to OffSec in November 2010, and it has since been maintained as an integrated section of the Exploit Database. The GHDB now indexes queries not only for Google but also Bing, GitHub, and other online repositories and search engines. Categories include Files Containing Passwords, Sensitive Directories, Login Portals, Network or Vulnerability Data, Error Messages, and Advisories and Vulnerabilities, among others.

Shellcodes. A dedicated archive of raw shellcode — the low-level machine-code payloads that exploits typically deliver once they gain execution control on a target system. The collection spans architectures including x86, x86-64, ARM, ARM64, MIPS, SPARC, and others, across multiple operating systems. Shellcodes are categorised and searchable by architecture and purpose, and represent a foundational reference for anyone studying how exploits actually execute.

Papers. A collection of security research papers, advisories, and technical write-ups submitted by researchers. These complement the executable content of the database with explanations of vulnerability discovery methodology, exploit development techniques, and security analysis — making the Exploit Database a resource for education and research as well as operational use.

Tools and Access

SearchSploit. A command-line search utility included with the Exploit Database's GitLab repository and bundled as standard in Kali Linux. SearchSploit allows practitioners to search the entire Exploit Database locally — without an internet connection — by keyword, platform, exploit type, or CVE number. It is particularly valuable during penetration testing engagements where internet access may be restricted, and supports output in plain text, JSON, and path-only formats for integration with other tools. A notable feature is Nmap integration: SearchSploit can consume an Nmap XML output file and automatically check all identified services and versions against the local exploit database, flagging potential matches. SearchSploit is released under the GNU General Public License v2.

Database dumps. As of the 2022 update, OffSec releases the complete Exploit Database — including all exploit content, metadata, and CVE mappings — as a publicly downloadable dump via GitLab, with no content reserved for partners. The Google Hacking Database dump is also distributed in XML format. This open-data posture allows researchers, tool developers, and organisations to build local mirrors, integrate EDB data into their own tooling, or conduct bulk analysis of the exploit landscape.

Kali Linux integration. The Exploit Database and SearchSploit are installed by default in Kali Linux, OffSec's Debian-based penetration testing distribution with over 600 pre-installed security tools. This means the entire archive is immediately available to any Kali user, and is updated regularly through Kali's package management system.

Access and Usage

The Exploit Database is freely accessible at exploit-db.com. The full database, including exploit code, papers, and shellcodes, can be browsed and searched online, with filters for type, platform, date range, and CVE. The complete database dump and SearchSploit tool are available on GitLab at gitlab.com/exploit-database/exploitdb. Community members and researchers can submit exploits directly via the submission form on the website; all submissions are reviewed before being added. Exploit Database statistics — covering submission counts by year, type, and platform — are published at exploit-db.com/statistics. The project is a non-profit community service provided by OffSec; OffSec's commercial offerings (training, certifications, the OffSec Cyber Range, and penetration testing services) are separate from the Exploit Database but share the same organisational infrastructure.