← All tools

Container-Backed Pentest Toolkit

Exploit-DB Search

Search the offline Exploit-DB for known exploits matching a product, version, or CVE.

kali_searchsploit

Overview

Local exploit-DB query. Useful when you need to know whether a fingerprinted service has known public exploits.

How it works

Built from KaliToolbox.searchsploit(). avoidWhen: vague queries return many false positives — pass version when known.

Example

When a user asks:

Are there known exploits for Apache 2.4.49?

the agent calls the tool:

kali_searchsploit(query="apache 2.4.49")

and gets back: Exploit Title Path -------------------------------------------------- ---- Apache 2.4.49 - Path Traversal & RCE (Authenticate multiple/remote/50383.py Apache 2.4.49 - Path Traversal RCE (CVE-2021-41773 multiple/remote/50406.sh

Configuration

Set these before calling the tool. Values marked required must be present or the tool call will fail.

swarmai.skill.container.runtime required

Shared ContainerSkillRuntime.

Use it in a workflow

Wire this tool into a SwarmAI crew. Use the YAML DSL for declarative workflows, or the Java builder API when you want full programmatic control.

YAML DSL

# Reactive enrichment after fingerprinting:
# 1. kali_whatweb identifies Apache 2.4.49
# 2. agent calls kali_searchsploit(query='apache 2.4.49')
# 3. agent surfaces CVE-2021-41773 in the report

Java

import ai.intelliswarm.swarmai.skill.runtime.KaliToolbox;
import ai.intelliswarm.swarmai.skill.runtime.ContainerSkillRuntime;

var searchsploit = new KaliToolbox(new ContainerSkillRuntime()).searchsploit();
String matches = (String) searchsploit.execute(java.util.Map.of("query", "apache 2.4.49"));

What it's good for

Real scenarios where agents put this tool to work.

Map fingerprinted versions to public exploits during a security audit
CVE → exploit lookup for a vulnerability triage workflow
Pre-pen-test reconnaissance: surface the most relevant published exploits per host

Source

Implementation lives at swarmai-core/src/main/java/ai/intelliswarm/swarmai/skill/runtime/KaliToolbox.java in the swarm-ai repository.

Open kali_searchsploit on GitHub →