Exploit Intelligence Platform eip-search CLI

Built on the shoulders of searchsploit and the ExploitDB legacy. eip-search adds NVD, CISA KEV, VulnCheck KEV, InTheWild.io, EPSS, Metasploit, GitHub, and nomi-sec — giving you CVSS scores, EPSS exploitation probability, ransomware attribution, exploit quality rankings, Nuclei scanner dorks, and AI-powered trojan detection across hundreds of thousands of vulnerabilities and exploits.

Source Code PyPI

eip-search CLI Demo Videos

Watch the Exploit Intelligence Platform eip-search CLI in action across live vulnerability search, exploit triage, and research workflows.

Demo Gallery (5)

Installation

Install via APT (Kali/Debian/Ubuntu), pipx, or a virtual environment.

macOS
brew install python3
python3 -m venv ~/.venvs/eip
source ~/.venvs/eip/bin/activate
pip install eip-search

# or with pipx
brew install pipx
pipx install eip-search
Kali / Debian / Ubuntu
# APT repo (recommended)
curl -fsSL https://repo.exploit-intel.com/setup.sh | sudo bash
sudo apt install eip-search

# or pipx
sudo apt install -y pipx
pipx install eip-search

Kali 2024+ blocks global pip installs. Use the APT repo, pipx, or a virtual environment.

Windows
python -m venv %USERPROFILE%\.venvs\eip
%USERPROFILE%\.venvs\eip\Scripts\activate
pip install eip-search

# or with pipx
pip install pipx
pipx install eip-search
Arch / Manjaro
sudo pacman -S python python-pip python-pipx
pipx install eip-search
From Source (all platforms)
git clone https://github.com/exploitintel/eip-search.git
cd eip-search
python3 -m venv .venv
source .venv/bin/activate      # Linux/macOS
# .venv\Scripts\activate       # Windows
pip install -e .
Updating
# APT
sudo apt update && sudo apt upgrade eip-search

# pipx
pipx upgrade eip-search

# pip (in virtual environment)
pip install --upgrade eip-search

# Check your version
eip-search --version

Verify Installation

eip-search --version
eip-search stats

Commands

Command Description
eip-search "query" Quick search (auto-routes CVE IDs to detail view)
eip-search search "query" [filters] Search with full filter support
eip-search exploits "query" [filters] Browse/search exploits by source, language, vendor, or attack type
eip-search info CVE-ID Full intelligence brief for a vulnerability
eip-search generate CVE-ID Generate a PoC exploit using a local LLM (requires Ollama)
eip-search triage [filters] Risk-sorted view of what to worry about
eip-search nuclei CVE-ID Nuclei templates + Shodan/FOFA/Google dorks
eip-search view ID-or-CVE Syntax-highlighted exploit source code
eip-search download ID-or-CVE Download exploit code as ZIP
eip-search stats Platform-wide statistics
eip-search authors Top exploit authors ranked by exploit count
eip-search author NAME Author profile with their exploits
eip-search cwes CWE categories ranked by vulnerability count
eip-search cwe ID CWE detail (accepts 79 or CWE-79)
eip-search vendors Top vendors ranked by vulnerability count
eip-search products VENDOR Products for a vendor (discover CPE names for filtering)
eip-search analysis ID-or-CVE Full AI analysis for an exploit (classification, MITRE, trojan indicators)
eip-search lookup ALT-ID Resolve EDB/GHSA identifier to CVE
eip-search update-db Download/update the offline SQLite database

Offline Mode

All read-only commands work offline with a local SQLite database. Download once, search anywhere.

# Download the database (~200 MB compressed, ~900 MB on disk)
eip-search update-db

# Search locally
eip-search --offline search "apache httpd"
eip-search --offline info CVE-2024-3400
eip-search --offline analysis 61514

# Custom database path (implies --offline)
eip-search --db /path/to/eip.db search "log4j"

Offline Exploit Code

Sync the exploit archive to view and download exploit source code offline. The archive contains ~22K repos (~28 GB).

# Sync exploit archives via rsync
rsync -avz rsync://rsync.exploit-intel.com/exploits/ ~/eip-exploits/

# Add to ~/.eip-search.toml:
# [offline]
# exploits_dir = "~/eip-exploits"

# Now view and download work offline
eip-search --offline view CVE-2024-3400
eip-search --offline download 77423 -x

Search Filters

Filter Short Description
--severity -s critical, high, medium, low
--has-exploits -e Only CVEs with public exploit code
--kev -k Only CISA Known Exploited Vulnerabilities
--exploited -x Only CVEs exploited in the wild (CISA + VulnCheck + InTheWild)
--ransomware Only CVEs with confirmed ransomware campaign use
--has-nuclei Only CVEs with Nuclei scanner templates
--vendor -v Filter by vendor name
--product -p Filter by product name
--ecosystem npm, pip, maven, go, crates
--cwe CWE ID (e.g. 79 or CWE-79)
--year -y CVE publication year
--min-cvss Minimum CVSS score (0-10)
--min-epss Minimum EPSS score (0-1)
--date-from Start date (YYYY-MM-DD)
--date-to End date (YYYY-MM-DD)
--sort newest, oldest, cvss_desc, epss_desc, relevance
--json -j JSON output for scripting and piping

Exploit Filters

The exploits command has its own filter set for exploit-centric searching.

Filter Short Description
--source github, metasploit, exploitdb, nomisec, writeup
--language -l python, ruby, go, c, etc.
--classification LLM class: working_poc, scanner, trojan, stub, writeup
--attack-type RCE, SQLi, XSS, DoS, LPE, auth_bypass, info_leak
--complexity trivial, simple, moderate, complex
--reliability reliable, unreliable, untested
--author Filter by exploit author name
--min-stars Minimum GitHub stars
--has-code -c Only exploits with downloadable code
--cve Filter by CVE ID
--vendor -v Filter by vendor name
--product -p Filter by product name
--sort newest, stars_desc
--json -j JSON output for scripting and piping

Real Examples

All output below is from real commands against the live platform.

$ eip-search search "fortinet" --severity critical --has-exploits --kev -n 5
CVE              Sev        CVSS   EPSS    Exp  KEV  Title
CVE-2018-13379   CRITICAL   9.1   94.5%    58  KEV  Fortinet FortiProxy Path Traversal
CVE-2022-40684   CRITICAL   9.8   94.4%    64  KEV  Fortinet FortiProxy Auth Bypass
CVE-2023-48788   CRITICAL   9.8   94.2%     9  KEV  Fortinet FortiClient SQL Injection
CVE-2024-55591   CRITICAL   9.8   94.2%    17  KEV  Fortinet FortiProxy Auth Bypass
CVE-2022-42475   CRITICAL   9.8   94.0%    24  KEV  Fortinet FortiOS Buffer Overflow

Page 1/4 (19 total results)
$ eip-search CVE-2019-0708
CVE-2019-0708  CRITICAL  KEV
BlueKeep RDP Remote Windows Kernel Use After Free
CVSS: 9.8  EPSS: 94.5% (100th percentile)

Exploits (487):

  MODULES
    metasploit  ruby  cve_2019_0708_bluekeep_rce.rb
    Rank: manual  LLM: working_poc

  VERIFIED
    exploitdb   ruby  EDB-47416
    verified

  PROOF OF CONCEPT
    ★ 1187  Ekultek/BlueKeep              working_poc
    ★  914  robertdavidgraham/rdpscan      scanner
    ★  497  n1xbyte/CVE-2019-0708         working_poc
    ... and 113 more

  SUSPICIOUS
    ★    2  ttsite/CVE-2019-0708-
    ⚠ TROJAN — flagged by AI analysis
$ eip-search triage --vendor fortinet --severity critical
TRIAGE — vulnerabilities with exploits, sorted by exploitation risk
Filters: vendor=fortinet, severity=critical, EPSS>=0.5

CVE-2018-13379   CRITICAL   9.1   94.5%    58  KEV  Fortinet FortiProxy
CVE-2022-40684   CRITICAL   9.8   94.4%    64  KEV  Fortinet FortiProxy
CVE-2023-48788   CRITICAL   9.8   94.2%     9  KEV  Fortinet FortiClient
CVE-2024-55591   CRITICAL   9.8   94.2%    17  KEV  Fortinet FortiProxy
CVE-2022-42475   CRITICAL   9.8   94.0%    24  KEV  Fortinet FortiOS
$ eip-search nuclei CVE-2024-27198
CVE-2024-27198  Nuclei Templates

  CVE-2024-27198  ✓ verified  critical
  TeamCity < 2023.11.4 - Authentication Bypass
  Author: DhiyaneshDk
  Tags: cve, cve2024, teamcity, jetbrains, auth-bypass, kev

  Recon Queries:
    Shodan:  http.component:"TeamCity" || http.title:teamcity
    FOFA:    title=teamcity
    Google:  intitle:teamcity

  Run:  nuclei -t CVE-2024-27198 -u https://target.com
$ eip-search download 77423 --extract
Downloaded: nomisec-fullhunt_log4j-scan.zip
ZIP password: eip (password-protected to prevent AV quarantine)
Extracted:  nomisec-fullhunt_log4j-scan/
Files (10):
  - fullhunt-log4j-scan-07f7e32/Dockerfile
  - fullhunt-log4j-scan-07f7e32/log4j-scan.py
  - fullhunt-log4j-scan-07f7e32/requirements.txt
  ...

Export a machine-readable list of recent high-risk findings: critical CVEs with public exploits, EPSS >= 0.5, sorted by exploitation probability, limited to 2024-2025 publication dates.

$ eip-search search --severity critical --has-exploits --min-epss 0.5 --sort epss_desc --date-from 2024-01-01 --date-to 2025-12-31 --json
{
  "total": 335,
  "page": 1,
  "per_page": 20,
  "items": [
    {
      "id": "CVE-2024-27198",
      "severity_label": "critical",
      "cvss_v3_score": 9.8,
      "epss_score": 0.946,
      "exploit_count": 18,
      "is_kev": true
    }
  ]
}
$ eip-search exploits --source metasploit --attack-type RCE --reliability reliable -n 5
ID        CVE               Sev       Source       Lang     ★  Name
116091                       --       metasploit   ruby        emacs_extension.rb
69916    CVE-2023-20198    CRITICAL   metasploit   ruby        cisco_ios_xe_webui.rb
69997    CVE-2014-6041       --       metasploit   ruby        google_play_store_uxss.rb
70004    CVE-2024-21762    CRITICAL   metasploit   ruby        fortios_sslvpn_rce.rb
68660    CVE-2024-3400     CRITICAL   metasploit   ruby        panos_telemetry_cmd_exec.rb

Page 1/462 (2,308 total results)
$ eip-search author "Chocapikk" -n 5
Chocapikk
Exploits: 90  |  Active since: 2017-04-25

  ID      CVE                Sev      Source   Name
  65938   CVE-2026-21858   CRITICAL   nomisec  Chocapikk/CVE-2026-21858
  58681   CVE-2023-29357   CRITICAL   nomisec  Chocapikk/CVE-2023-29357
  60976   CVE-2024-25600   CRITICAL   nomisec  Chocapikk/CVE-2024-25600
  58150   CVE-2023-22515   CRITICAL   nomisec  Chocapikk/CVE-2023-22515
  62136   CVE-2024-45519   CRITICAL   nomisec  Chocapikk/CVE-2024-45519

  Page 1/18 (90 total exploits)

Reference Data

Browse authors, CWEs, vendors, and products, or resolve alternate identifiers to CVEs.

Authors & Vendors
# Top exploit authors
eip-search authors

# Author profile + their exploits
eip-search author Metasploit

# Top vendors by vuln count
eip-search vendors

# Discover product names for filtering
eip-search products apache
CWEs & Lookups
# CWE categories ranked by vuln count
eip-search cwes

# CWE detail (both formats work)
eip-search cwe 79
eip-search cwe CWE-89

# Resolve EDB or GHSA ID to CVE
eip-search lookup EDB-45961
eip-search lookup GHSA-jfh8-c2jp-5v3q

Exploit Ranking

When a CVE has dozens or hundreds of exploits, eip-search ranks them by quality so the best ones surface first.

Source Quality Why
Metasploit (excellent) Highest Peer-reviewed, maintained by Rapid7
ExploitDB (verified) High Human-verified by Offsec
GitHub / nomi-sec By stars Community signal via GitHub stars
Trojan / suspicious Flagged AI-detected — always shown last with warning