Investigator Use
Exploit-DB is the world's largest publicly accessible archive of software exploits, maintained by Offensive Security — the organization behind Kali Linux. It serves as a searchable reference database of proof-of-concept exploit code, shellcode, and vulnerability papers, organized by platform, type, date, and CVE identifier.
What OSINT investigators and security analysts use Exploit-DB for: finding published exploits for specific CVEs to assess whether a vulnerability is actively exploitable, researching attack capabilities against known software versions discovered during reconnaissance, identifying Google Dork queries for finding vulnerable systems (maintained in the Google Hacking Database), and studying adversary techniques for threat modeling.
What Exploit-DB exposes: exploit code for thousands of CVEs across operating systems, applications, and network devices, shellcode samples by platform and architecture, papers and vulnerability write-ups from security researchers, and the Google Hacking Database (GHDB) — a collection of Google Dork queries that surface sensitive information, vulnerable systems, and exposed data through search engines.
The Google Hacking Database is one of Exploit-DB's most practically useful OSINT resources. It contains thousands of curated dork queries organized by category — including file exposure, misconfigured services, error messages, and login portals. Investigators can use GHDB queries to find exposed data, vulnerable installations, and sensitive documents through standard Google searches without specialized tools.
For threat intelligence: when a new vulnerability is announced, searching Exploit-DB reveals whether working exploit code has been published. The presence of public exploit code significantly raises the risk associated with an unpatched vulnerability, informing the urgency of remediation recommendations.
Responsible use: Exploit-DB is a legitimate security research resource, but the exploit code it contains can be misused. Its use should be confined to authorized security testing, vulnerability research, and defensive purposes. Most entries include disclosure timelines and vendor response information.
In a workflow: after identifying CVEs through infrastructure reconnaissance, search Exploit-DB to assess exploitability. Pair with Shodan searches to estimate how many internet-facing systems are running vulnerable versions. Use the GHDB to supplement standard OSINT collection with targeted Google Dork queries during web-based reconnaissance.
Before You Pivot
Record Context
Capture the target, search terms, and why this source is relevant before you leave the page.
Preserve Evidence
Archive volatile pages, save screenshots, and keep timestamps for anything that may change.
Corroborate
Treat one tool as a lead source. Confirm important findings with independent sources.
Related Tools
CVE
Cyber Threat OSINT
CVE provides standardized vulnerability identifiers and references used in security research, triage, and threat intelligence workflows.
CVE Details
Cyber Threat OSINT
CVE Details aggregates vulnerability records, CVSS scores, and affected software lists for security analysis and patch prioritization.
Default Passwords
Cyber Threat OSINT
Find default passwords and credentials for routers, printers, servers, and network devices for authorized security auditing.
Honey DB
Cyber Threat OSINT
HoneyDB aggregates honeypot sensor data to identify malicious IP addresses, attacker tactics, and emerging threat patterns.
Hybrid analysis
Cyber Threat OSINT
Hybrid Analysis provides free malware sandboxing with Falcon Sandbox technology to analyze suspicious files and URLs for threat intelligence.
IP lists
Cyber Threat OSINT
FireHOL IP Lists aggregates cybercrime, botnet, malware, proxy, and abuse IP blocklists for threat intelligence and network filtering.